top of page

Google Professional Cloud Networking  Engineers

Il Corso "Google Cloud Networking Engineers" progettato da First Consulting è un Focus sulla componente e sui servizi GCP relativi al "Networking" ed alla sua evoluzione applicativa ed infrastrutturale nel Cloud. il corso è erogato tramite iterazioni progressive "Step By Step" tramite un lab operativo per consolidare la knowledge dei principali "Pattern" e delle Best pratice adottabili.


min 10 gg piano formativo personalizzabile 


Attestato di Partecipazione First Consulting 


Path GCP



Google Net Services
Google Security 
GCP Infrastructure 


Section 1: Designing, planning, and prototyping a Google Cloud network

 Designing an overall network architecture. Considerations include

  • High availability, failover, and disaster recovery strategies

  • DNS strategy (e.g., on-premises, Cloud DNS)

  • Security and data exfiltration requirements

  • Load balancing

  • Applying quotas per project and per VPC

  • Hybrid connectivity (e.g., Google private access for hybrid connectivity)

  • Container networking

  • IAM roles

  • SaaS, PaaS, and IaaS services

  • Microsegmentation for security purposes (e.g., using metadata, tags, service accounts)


Designing Virtual Private Cloud (VPC) instances. Considerations include:

  • IP address management and bring your own IP (BYOIP)

  • Standalone vs. Shared VPC

  • Multiple vs. single

  • Regional vs. multi-regional

  • VPC Network Peering

  • Firewalls (e.g., service account-based, tag-based)

  • Custom routes

  • Using managed services (e.g., Cloud SQL, Memorystore)

  • Third-party device insertion (NGFW) into VPC using multi-NIC and internal load balancer as a next hop or equal-cost multi-path (ECMP) routes


Designing a hybrid and multi-cloud network. Considerations include:

  • Dedicated Interconnect vs. Partner Interconnect

  • Multi-cloud connectivity

  • Direct Peering

  • IPsec VPN

  • Failover and disaster recovery strategy

  • Regional vs. global VPC routing mode

  • Accessing multiple VPCs from on-premises locations (e.g., Shared VPC, multi-VPC peering topologies)

  • Bandwidth and constraints provided by hybrid connectivity solutions

  • Accessing Google Services/APIs privately from on-premises locations

  • IP address management across on-premises locations and cloud

  • DNS peering and forwarding


 Designing an IP addressing plan for Google Kubernetes Engine. Considerations include:

  • Public and private cluster nodes 

  • Control plane public vs. private endpoints

  • Subnets and alias IPs

  • RFC 1918, non-RFC 1918, and privately used public IP (PUPI) address options


Section 2: Implementing Virtual Private Cloud (VPC) instances

 Configuring VPCs. Considerations include:

  • Google Cloud VPC resources (e.g., networks, subnets, firewall rules)

  • VPC Network Peering

  • Creating a Shared VPC network and sharing subnets with other projects

  • Configuring API access to Google services (e.g., Private Google Access, public interfaces)

  • Expanding VPC subnet ranges after creation


Configuring routing. Considerations include:

  • Static vs. dynamic routing

  • Global vs. regional dynamic routing

  • Routing policies using tags and priority

  • Internal load balancer as a next hop

  • Custom route import/export over VPC Network Peering


Configuring and maintaining Google Kubernetes Engine clusters. Considerations include:

  • VPC-native clusters using alias IPs

  • Clusters with Shared VPC

  • Creating Kubernetes Network Policies

  • Private clusters and private control plane endpoints

  • Adding authorized networks for cluster control plane endpoints

Configuring and managing firewall rules. Considerations include:

  • Target network tags and service accounts

  • Rule priority

  • Network protocols

  • Ingress and egress rules

  • Firewall rule logging

  • Firewall Insights

  • Hierarchical firewalls


Implementing VPC Service Controls. Considerations include:

  • Creating and configuring access levels and service perimeters

  • VPC accessible services 

  • Perimeter bridges

  • Audit logging

  • Dry run mode

Section 3: Configuring network services

Configuring load balancing. Considerations include:

  • Backend services and network endpoint groups (NEGs)

  • Firewall rules to allow traffic and health checks to backend services

  • Health checks for backend services and target instance groups

  • Configuring backends and backend services with balancing method (e.g., RPS, CPU, Custom), session affinity, and capacity scaling/scaler

  • TCP and SSL proxy load balancers

  • Load balancers (e.g., External TCP/UDP Network Load Balancing, Internal TCP/UDP Load Balancing, External HTTP(S) Load Balancing, Internal HTTP(S) Load Balancing)

  • Protocol forwarding

  • Accommodating workload increases using autoscaling vs. manual scaling


 Configuring Google Cloud Armor policies. Considerations include:

  • Security policies

  • Web application firewall (WAF) rules (e.g., SQL injection, cross-site scripting, remote file inclusion)

  • Attaching security policies to load balancer backends

 Configuring Cloud CDN. Considerations include:

  • Enabling and disabling Cloud CDN

  • Cache keys

  • Invalidating cached objects

  • Signed URLs

  • Custom origins

 Configuring and maintaining Cloud DNS. Considerations include:

  • Managing zones and records

  • Migrating to Cloud DNS

  • DNS Security Extensions (DNSSEC)

  • Forwarding and DNS server policies

  • Integrating on-premises DNS with Google Cloud

  • Split-horizon DNS

  • DNS peering

  • Private DNS logging

Configuring Cloud NAT. Considerations include:

  • Addressing

  • Port allocations

  • Customizing timeouts

  • Logging and monitoring

  • Restrictions per organization policy constraints

Configuring network packet inspection. Considerations include: 

  • Packet Mirroring in single and multi-VPC topologies

  • Capturing relevant traffic using Packet Mirroring source and traffic filters

  • Routing and inspecting inter-VPC traffic using multi-NIC VMs (e.g., next-generation firewall appliances)

  • Configuring an internal load balancer as a next hop for highly available multi-NIC VM routing


Section 4: Implementing hybrid interconnectivity

Configuring Cloud Interconnect. Considerations include:

  • Dedicated Interconnect connections and VLAN attachments

  • Partner Interconnect connections and VLAN attachments

Configuring a site-to-site IPsec VPN. Considerations include:

  • High availability VPN (dynamic routing)

  • Classic VPN (e.g., route-based routing, policy-based routing)

Configuring Cloud Router. Considerations include:

  • Border Gateway Protocol (BGP) attributes (e.g., ASN, route priority/MED, link-local addresses) 

  • Custom route advertisements via BGP

  • Deploying reliable and redundant Cloud Routers

Section 5: Managing, monitoring, and optimizing network operations

Logging and monitoring with Google Cloud’s operations suite. Considerations include:

  • Reviewing logs for networking components (e.g., VPN, Cloud Router, VPC Service Controls)

  • Monitoring networking components (e.g., VPN, Cloud Interconnect connections and interconnect attachments, Cloud Router, load balancers, Google Cloud Armor, Cloud NAT)

Managing and maintaining security. Considerations include:

  • Firewalls (e.g., cloud-based, private)

  • Diagnosing and resolving IAM issues (e.g., Shared VPC, security/network admin)

Maintaining and troubleshooting connectivity issues. Considerations include:

  • Draining and redirecting traffic flows with HTTP(S) Load Balancing

  • Monitoring ingress and egress traffic using VPC Flow Logs

  • Monitoring firewall logs and Firewall Insights

  • Managing and troubleshooting VPNs

  • Troubleshooting Cloud Router BGP peering issues


Monitoring, maintaining, and troubleshooting latency and traffic flow. Considerations include:

  • Testing network throughput and latency

  • Diagnosing routing issues

Using Network Intelligence Center to visualize topology, test connectivity, and monitor performance




Email Segreteria 

Email Commerciale

bottom of page