Welcome to DreamsPlus

Google Cloud

Professional Cloud Network Engineer Certification

"Prepare for Google Professional Cloud Network Engineer certification with DreamsPlus' exam prep workshop in Chennai and online.…

Professional Cloud Network Engineer Exam Prep Workshop

DreamsPlus offers a comprehensive Professional Cloud Network Engineer exam prep workshop in Chennai and online, designed to equip cloud engineers with hands-on experience and prepare them for the Google Professional Cloud Network Engineer certification. Our expert trainers ensure you gain the practical knowledge and skills needed to excel in the exam. Whether you’re pursuing a Cloud Network Engineer certification, seeking Cloud networking training, or aiming to become a Professional Cloud Network Engineer, this workshop provides the essential expertise to help you succeed.

Section 1: Designing and planning a Google Cloud network 

1.1 Designing an overall network architecture.

  • Designing for high availability, failover mechanisms, disaster recovery, and scalability.
  • Establishing the DNS structure (e.g., on-premises vs. Cloud DNS).
  • Implementing security measures and preventing data leaks.
  • Selecting an appropriate load balancer for your application.
  • Structuring hybrid connectivity (e.g., Private Google Access for hybrid models).
  • Planning Google Kubernetes Engine (GKE) networking, considering secondary ranges, IP address space scalability, and access to the GKE control plane.
  • Managing Identity and Access Management (IAM) roles, especially within a Shared VPC setup.
  • Applying micro-segmentation strategies for security (e.g., using metadata, tags, service accounts, secure tags).
  • Ensuring connectivity to managed services (e.g., private services access, Private Service Connect, Serverless VPC Access).
  • Understanding the differences between network tiers (e.g., Premium and Standard).
  • Designing with VPC Service Controls in mind.

1.2 Designing Virtual Private Cloud (VPC) networks.

  • Selecting the appropriate VPC type and number (e.g., standalone vs. Shared VPC, quantity of VPC environments).
  • Determining network connectivity based on requirements (e.g., VPC Network Peering, using Network Connectivity Center, Private Service Connect).
  • Developing an IP address management plan (e.g., subnets, IPv6, public IPs, Private NAT, non-RFC 1918, managed services).
  • Planning for a global or regional network architecture.
  • Creating a firewall strategy (e.g., VPC firewall rules, Cloud Next Generation Firewall, hierarchical rules).
  • Designing custom routes (static or policy-based) for integrating third-party devices (e.g., network virtual appliances).

1.3 Designing a resilient and performant hybrid and multi-cloud network.

  • Planning datacenter connectivity, considering bandwidth limitations (e.g., Dedicated Interconnect, Partner Interconnect, Cloud VPN).
  • Structuring multi-cloud connectivity (e.g., Cloud VPN, Cross-Cloud Interconnect).
  • Organizing branch office connectivity (e.g., IPSec VPN, SD-WAN appliances).
  • Deciding when to use Direct Peering or a Verified Peering Provider.
  • Developing high-availability and disaster recovery connectivity plans.
  • Choosing between regional or global dynamic routing mode.
  • Accessing multiple VPCs from on-premises locations (e.g., Shared VPC, multi-VPC peering, Network Connectivity Center topologies).
  • Establishing private access to Google Services and APIs from on-premises (e.g., Private Service Connect for Google APIs).
  • Accessing Google-managed services via VPC Network Peering (e.g., private services access, Service Networking).
  • Planning IP address space across on-premises and cloud environments, avoiding overlaps.
  • Designing the DNS peering and forwarding plan (e.g., DNS forwarding paths).

1.4 Designing an IP addressing plan for Google Kubernetes Engine (GKE).

  • Deciding between public or private cluster nodes and node pools.
  • Selecting public or private control plane endpoints.
  • Choosing between GKE Autopilot mode and Standard mode.
  • Planning subnet and alias IP configurations.
  • Choosing between RFC 1918, non-RFC 1918, or privately used public IP (PUPI) addresses.
  • Preparing for IPv6 implementation.

Section 2: Implementing Virtual Private Cloud (VPC) networks 

2.1 Configuring VPCs.

  • Setting up Google Cloud VPC resources (e.g., networks, subnets, firewall rules or policies, private services access subnets).
  • Setting up VPC Network Peering.
  • Creating a Shared VPC network and distributing subnets to other projects.
  • Configuring API access to Google services (e.g., Private Google Access, public interfaces).
  • Expanding subnet ranges in a VPC after initial setup.

2.2 Configuring VPC routing.

  • Setting up both static and dynamic routing.
  • Configuring dynamic routing at a global or regional level.
  • Using network tags and priorities to manage routing.
  • Using an internal load balancer as the next hop.
  • Configuring custom route import/export via VPC Network Peering.
  • Implementing Policy-based Routing.

2.3 Configuring Network Connectivity Center.

  • Managing VPC topology (e.g., star, hub-and-spoke, mesh topologies).
  • Implementing Private NAT.

2.4 Configuring and maintaining Google Kubernetes Engine clusters.

  • Creating VPC-native clusters with alias IPs.
  • Setting up clusters within a Shared VPC.
  • Configuring private clusters with private control plane endpoints.
  • Adding authorized networks for cluster control plane access.
  • Setting up Cloud Service Mesh.
  • Enabling GKE Dataplane V2.
  • Configuring source NAT (SNAT) and IP Masquerade policies.
  • Setting up GKE network policies.
  • Configuring Pod and service ranges, and adding extra Pod ranges for GKE clusters.

2.5 Configuring and managing Cloud Next Generation Firewall (NGFW) rules.

  • Setting up firewall rules and defining regional or global policies.
  • Associating target network tags, service accounts, and secure tags.
  • Transitioning from traditional firewall rules to firewall policies.
  • Defining firewall rule criteria (e.g., priority, network protocols, ingress, and egress rules).
  • Enabling Firewall Rules Logging.
  • Configuring hierarchical firewall policies.
  • Setting up the intrusion prevention service (IPS).
  • Implementing fully qualified domain name (FQDN) firewall objects.

Section 3: Configuring managed network services 

3.1 Configuring load balancing.

  • Setting up backend services (e.g., network endpoint groups (NEGs), managed instance groups).
  • Configuring backends and backend services with appropriate load balancing methods (e.g., RPS, CPU, custom), session persistence, and serving capacity.
  • Setting up URL maps.
  • Creating forwarding rules.
  • Defining firewall rules to permit traffic and health checks for backend services.
  • Setting up health checks for backend services and target instance groups.
  • Configuring protocol forwarding.
  • Scaling workloads using autoscaling or manual scaling methods.
  • Configuring load balancers for GKE (e.g., GKE Gateway controller, GKE Ingress controller, NEG).
  • Managing traffic on Application Load Balancers (e.g., traffic splitting, traffic mirroring, URL rewrites).

3.2 Configuring Google Cloud Armor policies.

  • Setting up security policies.
  • Implementing web application firewall (WAF) rules (e.g., SQL injection, cross-site scripting, remote file inclusion).
  • Attaching security policies to load balancer backends.
  • Setting up advanced network DDoS protection.
  • Configuring security policies at the edge and network edge.
  • Implementing Adaptive Protection.
  • Setting up rate limiting.
  • Managing bots.
  • Applying Google Threat Intelligence.

3.3 Configuring Cloud CDN.

  • Setting up Cloud CDN for supported origins (e.g., managed instance groups, Cloud Storage buckets, Cloud Run).
  • Configuring Cloud CDN for external backends (internet NEGs) and third-party object storage.
  • Invalidating cached content.
  • Setting up signed URLs.

3.4 Configuring and maintaining Cloud DNS.

  • Managing Cloud DNS zones and records.
  • Migrating existing DNS setups to Cloud DNS.
  • Enabling DNS Security Extensions (DNSSEC).
  • Configuring DNS forwarding and DNS server policies.
  • Integrating on-premises DNS with Google Cloud.
  • Implementing split-horizon DNS.
  • Setting up DNS peering.
  • Configuring Cloud DNS and external-DNS operator for GKE.

3.5 Configuring and securing internet egress traffic.

  • Assigning NAT IP addresses (e.g., automatic, manual).
  • Configuring port allocations (e.g., static, dynamic).
  • Adjusting timeout settings.
  • Setting organization policy constraints for Cloud NAT.
  • Setting up Private NAT.
  • Configuring Secure Web Proxy.

3.6 Configuring network packet inspection.

  • Routing and inspecting inter-VPC traffic using multi-NIC VMs (e.g., next-generation firewall appliances).
  • Setting up an internal load balancer as a next hop for highly available multi-NIC VM routing.
  • Enabling Layer 7 packet inspection in Cloud NGFW.

Section 4: Implementing hybrid network interconnectivity 

4.1 Configuring Cloud Interconnect.

  • Setting up Dedicated Interconnect connections and configuring VLAN attachments.
  • Establishing Partner Interconnect connections and configuring VLAN attachments.
  • Creating Cross-Cloud Interconnect connections and setting up VLAN attachments.
  • Setting up and enabling MACsec encryption.
  • Configuring HA VPN over Cloud Interconnect.

4.2 Configuring a site-to-site IPSec VPN.

  • Setting up HA VPN.
  • Configuring Classic VPN (e.g., route-based, policy-based).

4.3 Configuring Cloud Router.

  • Implementing Border Gateway Protocol (BGP) attributes (e.g., ASN, route priority/MED, link-local addresses, authentication).
  • Configuring Bidirectional Forwarding Detection (BFD).
  • Creating custom advertised routes and custom learned routes.

4.4 Configuring Network Connectivity Center.

  • Setting up hybrid spokes (e.g., VPN, Cloud Interconnect).
  • Establishing site-to-site data transfers.
  • Creating Router appliances (RAs).

Section 5: Managing, monitoring, and troubleshooting network operations 

5.1 Logging and monitoring with Google Cloud Observability.

  • Enabling and reviewing logs for networking components (e.g., Cloud VPN, Cloud Router, VPC Service Controls, Cloud NGFW, Firewall Insights, VPC Flow Logs, Cloud DNS, Cloud NAT).
  • Monitoring the performance metrics of networking components (e.g., Cloud VPN, Cloud Interconnect and VLAN attachments, Cloud Router, load balancers, Google Cloud Armor, Cloud NAT).

5.2 Maintaining and troubleshooting connectivity issues.

  • Managing traffic flow redirection with Application Load Balancers.
  • Adjusting and resolving issues with Cloud NGFW rules or policies.
  • Overseeing and troubleshooting VPN connections.
  • Diagnosing problems with Cloud Router BGP peering.
  • Troubleshooting using VPC Flow Logs, firewall logs, and Packet Mirroring.

5.3 Using Network Intelligence Center to monitor and troubleshoot common networking issues.

  • Using Network Topology to visualize network throughput and traffic patterns.
  • Utilizing Connectivity Tests to identify route and firewall misconfigurations.
  • Leveraging the Performance Dashboard to detect packet loss and latency issues (e.g., Google-wide, project-specific).
  • Employing Firewall Insights to track rule hit counts and detect shadowed rules.
  • Using Network Analyzer to pinpoint network failures, suboptimal settings, and utilization issues.

What Will You Learn?

  • 2-day intensive exam prep workshop
  • Expert trainers with real-world experience
  • Comprehensive course material
  • Interactive sessions and group discussions
  • Practice exams and assessments

Course Curriculum

Course Highlights

  • Review cloud networking fundamentals
  • Focus on exam objectives and question types
  • Practice with real-world scenarios and case studies
  • Get tips and strategies for passing the exam