GCP Fundamentals and Cloud Architecture

GCP Global Infrastructure

Google Cloud Platform's infrastructure is built on a global network of data centers. The fundamental physical components are regions and zones. A region is a specific geographical location where you can deploy resources, such as us-central1 or europe-west4. Each region contains multiple zones, which are isolated locations within a region. Resources like virtual machines can be deployed within a zone for fault isolation. GCP also operates a global network of edge points of presence to deliver content and services with low latency.

GCP Resource Hierarchy

Google Cloud provides a hierarchical structure for organizing and managing resources and policies. At the highest level is the Organization node, which represents a company. Below the organization are Folders, which can be used to group projects or other folders to mirror organizational structures. The fundamental unit for creating and managing GCP services is the Project. Projects contain the resources and enable billing and access control. This hierarchy allows for centralized policy management and decentralized project administration.

Core Services

GCP offers a broad portfolio of services across key categories. In compute, primary services include Compute Engine (VMs), Google Kubernetes Engine (GKE), and Cloud Functions for serverless code execution. For storage, options range from object storage with Cloud Storage to block storage with Persistent Disks and managed databases. Networking services like Virtual Private Cloud (VPC), Cloud Load Balancing, and Cloud CDN enable secure and performant architectures. Data analytics is served by BigQuery for data warehousing, Dataflow for stream/batch processing, and Pub/Sub for messaging.

Shared Responsibility Model

Security in the cloud is a shared responsibility between Google and the customer. Google Cloud is responsible for securing the underlying infrastructure, including hardware, software, networking, and physical security of its data centers. The customer is responsible for securing their data, configuring identity and access management (IAM) policies, and managing security for their operating systems, applications, and network configurations within their projects.

Common Pitfalls

A common mistake is misunderstanding the scope of IAM policies, leading to over-permissive access. Projects are not automatically isolated; network configuration in a shared VPC must be carefully managed. Another pitfall is neglecting to consider data egress costs, which can significantly impact the budget. For certification preparation, a frequent error is memorizing service names without understanding their core use cases and how they integrate.

Summary

• GCP's global infrastructure is organized into regions and zones, providing fault isolation and low-latency access via edge locations.
• The resource hierarchy of Organization, Folders, and Projects enables structured resource management and policy enforcement.
• Core services span compute, storage, networking, and data analytics, such as Compute Engine, Cloud Storage, VPC, and BigQuery.
• The shared responsibility model delineates security obligations between Google (infrastructure) and the customer (data and configuration).
• Comparing GCP to other providers requires understanding its strengths in data analytics, Kubernetes management, and global network.