This post walks through Section 2 using diagrams and detailed analysis to reinforce concepts and help you pass the exam with confidence.
🌐 2.1: Configuring Network Topologies
The PCA exam expects you to architect hybrid and multi-cloud environments with secure, scalable, and high-performance network topologies. These diagrams break down critical GCP design patterns and components.
🔗 Hybrid Networking with On-Prem
Key concepts:
- Use Cloud Router to automate route exchange.
- Private Google Access enables access to GCP APIs from private IPs.
- VPC firewall rules control traffic at subnet and instance levels.
🌍 Multicloud Network Design
graph TD A[Other Cloud - Azure or AWS] --> B[Cloud VPN to GCP] A --> C[Partner Interconnect to GCP] B --> D[GCP VPC Network] C --> D D --> E[Peered GCP VPCs] D --> F[Private Services Access to Cloud SQL, etc.] D --> G[Private Google Access to Google APIs] D --> H[Shared VPC - Host Project] H --> I[Service Project 1] H --> J[Service Project 2]
- Use VPC Peering for project-to-project communication.
- Shared VPC centralizes network control.
- Private Services Access allows using GCP managed services without external IPs.
🧭 GCP VPC Design Patterns
graph TD
subgraph Shared_VPC_Design
A[Organization] --> B[Host Project - Shared VPC]
B --> C[Service Project 1]
B --> D[Service Project 2]
C --> E[Compute Engine and GKE Nodes]
D --> F[BigQuery and Cloud Run]
C -- Private Communication --> D
end
subgraph Hub_and_Spoke_Design
G[Hub VPC - Central Network] --> H[Spoke VPC 1]
G --> I[Spoke VPC 2]
end
Common network design choices:
- Shared VPC for security and cost control.
- Hub-and-Spoke for modular, scalable architecture.
- Consider VPC Service Controls and Cloud Armor for security and DDoS protection.
💾 2.2: Configuring Storage Systems
Choose storage services based on cost, latency, durability, access frequency, and lifecycle automation.
🗃️ Cloud Storage Classes by Access Frequency
| Storage Class | Availability | Durability | Minimum Duration | Retrieval Cost | Use Cases |
|---|---|---|---|---|---|
| Standard | 99.95% | 11 nines | None | Standard cost | Frequently accessed data |
| Nearline | 99.9% | 11 nines | 30 days | Higher | Backups, infrequent access |
| Coldline | Lower than Nearline | 11 nines | 90 days | Higher | Disaster recovery, long-term backup |
| Archive | Lowest | 11 nines | 365 days | Highest | Long-term archival storage |
🔄 Lifecycle Rules for Storage Objects
graph TD
A[Upload Object] --> B{Condition Met - Age > 30 days or prefix starts with logs}
B -- Yes --> C[Transition to Nearline]
B -- No --> D[Remain in Current Storage Class]
C --> E{Condition Met - Age > 90 days}
E -- Yes --> F[Transition to Coldline]
E -- No --> D
F --> G{Condition Met - Age > 365 days}
G -- Yes --> H[Transition to Archive or Delete]
G -- No --> D
subgraph Additional Lifecycle Actions
I[Upload with Metadata] --> J{If metadata equals archive}
J -- Yes --> K[Set Storage Class to Archive]
end
🧮 Choosing the Right Database in GCP
flowchart LR A[BigQuery] B[Cloud SQL] C[Firestore] A --> D[OLAP] B --> E[OLTP] C --> F[Document-based NoSQL] A --> G[Petabyte-scale, Schema-flexible] B --> H[Relational, Transactions] C --> I[Realtime Sync, Auto-scaling]
Also remember:
- Cloud Spanner = Relational + Global + Horizontal scaling.
- Bigtable = Wide-column + Time-series.
- Memorystore = Redis-compatible in-memory cache.
🖥️ 2.3: Configuring Compute Systems
Provision compute depending on your level of control, scalability, and workload type.
🚀 Compute Provisioning Overview
flowchart LR
A[Provisioning Options] --> B[Compute Engine Virtual Machines]
A --> C[Google Kubernetes Engine GKE]
A --> D[Cloud Run Serverless Containers]
A --> E[Google App Engine]
subgraph Compute Engine - User Managed
B --> F[Custom Machine Types]
B --> G[Preemptible or Spot VMs - Cost Efficient]
B --> H[Sole Tenant Nodes - Dedicated Hardware]
B --> I[Shielded VMs - Security Enhanced]
B --> J[Machine Families - General Compute Memory GPU]
end
subgraph GKE - Shared Responsibility
C --> L[Node Pools with Auto Upgrade Repair and Scale]
end
subgraph Cloud Run - Fully Managed
D --> M[Deploy with Container Image - Stateless]
end
subgraph App Engine - Fully Managed
E --> N[Web Applications with Automatic Scaling]
end
💰 Preemptible vs Standard VMs
graph TD
A[Compute Engine] --> B{Is Cost Sensitivity a Priority}
B -- Yes --> C[Use Preemptible VMs - Spot]
C --> D[Up to 80% Cost Savings]
C --> E[Max 24hr Runtime, Eviction Possible Anytime]
B -- No --> F[Use Standard VMs or Committed Use Discounts]
F --> G[Standard = Persistent, CUD = Long-Term Cost Savings]
H[Use MIGs for Autoscaling and High Availability]
⚙️ Infrastructure as Code and CI/CD
flowchart LR A[Infrastructure as Code] --> B[Terraform or OpenTofu] A --> C[Infrastructure Manager] B --> D[Multi-Cloud HCL Scripts] C --> E[GCP-Only YAML Templates] F[CI/CD] --> G[Cloud Build] F --> H[Jenkins, GitHub Actions, GitLab CI] G --> I[Deploy to GKE, GCE, Cloud Run] G --> J[Work with Cloud Deploy for Rollouts] J --> K[Canary & Blue/Green Deployments] L[Instance Templates] --> M[MIGs for Autoscaling] N[GKE] --> O[Helm, kubectl, YAML]