Architecting Hybrid Cloud Infrastructure with Anthos

2 days (14 hours)

Course overview

This two-day instructor-led course prepares students to modernize, manage, and observe their applications using Kubernetes whether the application is deployed on-premises or on Google Cloud Platform (GCP). Through presentations, and hands-on labs, participants explore and deploy using Kubernetes Engine (GKE), GKE Connect, Istio service mesh and Anthos Config Management capabilities that enable operators to work with modern applications even when split among multiple clusters hosted by multiple providers, or on-premises.

Learning outcomes

This course teaches participants the following skills:

  • Connect and manage Anthos GKE clusters from GCP Console whether clusters are part of Anthos on Google Cloud or Anthos deployed on VMware.
  • Understand how service mesh proxies are installed, configured and managed.
  • Configure centralized logging, monitoring, tracing, and service visualizations wherever the Anthos GKE clusters are hosted.
  • Understand and configure fine-grained traffic management.
  • Use service mesh security features for service-service authentication, user authentication, and policy-based service authorization.
  • Install a multi-service application spanning multiple clusters in a hybrid environment.
  • Understand how services communicate across clusters.
  • Migrate services between clusters.
  • Install Anthos Config Management, use it to enforce policies, and explain how it can be used across multiple clusters.

Prerequisites

To get the most out of this course, participants should have:

completed the Architecting with Google Kubernetes Engine course and its prerequisites, or have equivalent experience.

Target audience

This course is intended for the following participants:

Technical employees using GCP, including customer companies, partners and system integrators: deployment engineers, cloud architects, cloud administrators, system engineers , and SysOps/DevOps engineers. Individuals using GCP to create, integrate, or modernize solutions using secure, scalable microservices architectures in hybrid environments.

Course Outline

The course includes presentations and hands-on labs.

Module 1: Anthos Overview

Describe challenges of hybrid cloud Discuss modern solutions Describe the Anthos Technology Stack

Module 2: Managing Hybrid Clusters using Kubernetes Engine

Understand Anthos GKE hybrid environments, with Admin and User clusters Register and authenticate remote Anthos GKE clusters in GKE Hub View and manage registered clusters, in cloud and on-premises, using GKE Hub View workloads in all clusters from GKE Hub Lab: Managing Hybrid Clusters using Kubernetes Engine

Module 3: Introduction to Service Mesh

Understand service mesh, and problems it solves Understand Istio architecture and components Explain Istio on GKE add on and it’s lifecycle, vs OSS Istio Understand request network traffic flow in a service mesh Create a GKE cluster, with a service mesh Configure a multi-service application with service mesh Enable external access using an ingress gateway Explain the multi-service example applications: Hipster Shop, and Bookinfo Lab: Installing Open Source Istio on Kubernetes Engine Lab: Installing the Istio on GKE Add-On with Kubernetes Engine

Module 4: Observing Services using Service Mesh Adapters

Understand service mesh flexible adapter model Understand service mesh telemetry processing Explain Stackdriver configurations for logging and monitoring Compare telemetry defaults for cloud and on-premises environments Configure and view custom metrics using service mesh View cluster and service metrics with pre-configured dashboards Trace microservice calls with timing data using service mesh adapters Visualize and discover service attributes with service mesh Lab: Telemetry and Observability with Istio

Module 5: Managing Traffic Routing with Service Mesh

Understand the service mesh abstract model for traffic management Understand service mesh service discovery and load balancing Review and compare traffic management use cases and configurations Understand ingress configuration using service mesh Visualize traffic routing with live generated requests Configure a service mesh gateway to allow access to services from outside the mesh Apply virtual services and destination rules for version-specific routing Route traffic based on application-layer configuration Shift traffic from one service version to another, with fine-grained control, like a canary deployment Lab: Managing Traffic Routing with Istio and Envoy

Module 6: Managing Policies and Security with Service Mesh

Understand authentication and authorization in service mesh Explain mTLS flow for service to service communication Adopt mutual TLS authentication across the service mesh incrementally Enable end-user authentication for the frontend service Use service mesh access control policies to secure access to the frontend service Lab: Managing Policies and Security with Service Mesh

Module 7: Managing Policies using Anthos Config Management

Understand the challenge of managing resources across multiple clusters Understand how a Git repository is as a configuration source of truth Explain the Anthos Config Management components, and object lifecycle Install and configure Anthos Config Management, operators, tools, and related Git repository Verify cluster configuration compliance and drift management Update workload configuration using repo changes Lab: Managing Policies in Kubernetes Engine using Anthos Config

Module 8: Configuring Anthos GKE for Multi-Cluster Operation

Understand how multiple clusters work together using DNS, root CA, and service discovery Explain service mesh control-plane architectures for multi-cluster Configure a multi-service application using service mesh across multiple clusters with multiple control-planes Configure a multi-service application using service mesh across multiple clusters with a shared control-plane Configure service naming/discovery between clusters Review ServiceEntries for cross-cluster service discovery Migrate workload from a remote cluster to an Anthos GKE cluster Lab: Configuring GKE for Multi-Cluster Operation with Istio Lab: Configuring GKE for Shared Control Plane Multi-Cluster Operation

€1400 ex. VAT

Suggested courses

GCP200AGCE
Architecting with Google Compute Engine
This three-day instructor-led class introduces participants to the comprehensive and flexible infrastructure and platform services provided by Google Cloud, with a focus on Compute Engine. Through a combination of presentations, demos, and hands-on labs, participants explore and deploy solution elements, including infrastructure components such as networks, systems, and application services. This course also covers deploying practical solutions including securely interconnecting networks, customer-supplied encryption keys, security and access management, quotas and billing, and resource monitoring.
GCP200AGKE
Architecting with Google Kubernetes Engine
This three-day instructor-led class introduces participants to deploying and managing containerized applications on Google Kubernetes Engine (GKE) and the other services provided by Google Cloud Platform. Through a combination of presentations, demos, and hands-on labs, participants explore and deploy solution elements, including infrastructure components such as pods, containers, deployments, and services; as well as networks and application services. This course also covers deploying practical solutions including security and access management, resource management, and resource monitoring.
GCP100A
Google Cloud Platform Fundamentals: Core Infrastructure
This one-day instructor-led class provides an overview of Google Cloud Platform products and services. Through a combination of presentations, demos, and hands-on labs, participants learn the value of Google Cloud Platform and how to incorporate cloud-based solutions into business strategies.

Contact us

You can unsubscribe from our communications at any time.

In order to take into account your request, we must store and process your personal data. If you authorize us to store your personal data for this purpose, check the box below.

By clicking on « Send » below, you authorize SFEIR to store and process the personal data submitted above so that it can provide you with the requested content.