Architecting Hybrid Cloud Infrastructure with Anthos (T-AHYBRID-I)

Course Details

Online Training

Duration : 2 day

Who should attend

This class is primarily intended for the following participants:

    • Technical employees using GCP, including customer companies, partners and system integrators: deployment engineers, cloud architects, cloud administrators, system engineers, and SysOps/DevOps engineers.
    • Individuals using GCP to create, integrate, or modernize solutions using secure, scalable microservices architectures in hybrid environments.


  • Completed Google Cloud Fundamentals: Core Infrastructure (GCF-CI) or have equivalent experience, and
  • Completed Architecting with Google Kubernetes Engine (AGKE) or have equivalent experience

Course Objectives

This course teaches participants the following skills:

    • Deploy Istio service mesh control-plane and proxies using the Helm Kubernetes package manager or using the Istio on GKE add-on.
    • Centrally observe, discover, and monitor your microservices-based applications across clusters using Istio service mesh adapters, including Prometheus, Grafana, or Kiali, or Stackdriver.
    • Define and manage multi-cluster services, with ingress, using open-source Istio via shared and multi-control plane topologies.
    • Connect and manage on-premises clusters, and workloads using GKE On-Prem.
    • Enable consistent policy enforcement across multi-cluster environments using a configuration-as-code approach and your secure Git repository.

Course Content

Module 1: Anthos Overview


    • Introduce the Anthos platform

Topics Covered

    • Understand Hybrid environments connected using Anthos
    • Explain problems identified and addressed when using Anthos with modern solution patterns
    • Describe the components of the Anthos technology stack

Module 2: Managing Hybrid Clusters using Kubernetes Engine

Objective: Connect and manage Anthos GKE clusters for both Anthos on Google Cloud and on-premises clusters

Topics Covered

    • Understand the Anthos Compute Layer
    • Introduce the Anthos deployed on VMware cluster architecture
    • Explain the Anthos deployed on VMware components
    • Review initial networking considerations
    • Lab: Managing Hybrid Clusters using Kubernetes Engine

Module 3: Introduction to Service Mesh

Objective: Understand and deploy the Istio service mesh architecture

Topics Covered

    • Understand monolith to microservices evolution/transition and the benefits of service mesh
    • Discover how Istio is designed to resolve the challenges of microservices complexity using key control-plane components: Pilot, Mixer, and Citadel
    • Explain request routing whether service to service, or inbound when using Istio service mesh and the Envoy proxy
    • Lab A: Installing Open Source Istio on Kubernetes Engine
    • Lab B: Installing the Istio on GKE Add-On with Kubernetes Engine

Module 4: Observing Services using Service Mesh Adapters

Objectives: Use Istio adapters for telemetry collection, metrics, dashboards, debugging, tracing, and visualization

Topics Covered

    • Understand how the Mixer control-plane component enables telemetry collection, in on-premises and GCP environments, with the Istio adapter architecture
    • Observe telemetry with dashboards using Prometheus and Grafana
    • Trace application timing through services with Jaeger
    • Observe service topologies, relationships, and live traffic using Kiali
    • Lab: Observing Services using Prometheus, Grafana, Jaeger, and Kiali

Module 5: Managing Traffic Routing with Service Mesh

Objectives: Configure the Istio abstract model to enable fine-grained traffic management to multiple services, with multiple subsets/versions

Topics Covered

    • Understand the Istio control-plane Pilot component
    • Review traffic management use cases including ingress and service to service flows
    • Configure and observe multiple methods of traffic management
    • including version-specific routing, and shifting traffic gradually from one version of a microservice to another.
    • Lab: Manage Traffic Routing with Istio and Envoy

Module 6: Securing your Services with Service Mesh

Objectives: Describe authentication, and authorization using Istio, and Citadel whether using one cluster or many

Topics Covered

    • Incrementally adopt Istio security across services using mTLS
    • Configure inbound authentication from outside the service mesh
    • Lab: Manage Policies and Security with Istio and Citadel

Module 7: Managing Policies using Anthos Config Management

Objectives: Configure Anthos Config Management with your Git repository to ensure consistent policy enforcement across your clusters

Topics Covered

    • Explain configuration challenges introduced when using multi-cluster topologies
    • Install Anthos Config Management, and connect your Git repository
    • Verify manual configuration changes (drift) are reversed, ensuring consistent policy
    • Update configuration using the Git repository and verify changes are applied
    • Lab: Managing Policies in Kubernetes Engine using Anthos Config Management

Module 8: Configuring Anthos GKE and Service Mesh for Multi-Cluster Operation

Objectives: Understand and configure multi-cluster architectures with Istio service mesh

Topics Covered

    • Deploy shared control-plane, and multi control-plane architectures for multi-cluster deployments
    • Understand and configure DNS when locating external services
    • Understand and configure Citadel and certificates when enabling multi-cluster applications
    • Lab: Configuring GKE for Multi-Cluster Operation with Istio
    • Lab: Configuring GKE for Shared Control Plane Multi-Cluster Operation

About on-premises environments

Note: This course gives learners skills for architecting, managing, and observing multi-service applications that are deployed using multiple cluster environments. The labs for this course use a simulated on-premises environment in Google Cloud Platform. The course does not contain hands-on labs related to the configuration of Anthos deployed on VMware. Future learning offerings will teach skills related to deploying Anthos in specific infrastructure environments.