Google Cloud Certified Fellow:

Hybrid Multi-cloud Certification Assessment Guides

    The Google Cloud Certified Fellow program is for elite cloud architects and technical leaders who are experts in designing enterprise solutions. This certification program recognizes individuals with deep technical expertise who can translate business requirements into technical solutions using Anthos and Google Cloud.

    Review the Lab Assessment Guide for a complete list of topics that may be included in the prerequisite lab assessments.

    Review the Competency Guide for a complete list of qualities that will be assessed during the interview assessment.

Lab assessment guide

1. Designing for security and compliance

    1.1 Designing for security. Considerations include:

    • Identifying company-wide security policies
    • Recommending Identity and Access Management (IAM) and role-based access control (RBAC) roles for job functions
    • Building Anthos Config Management templates to structure a multi-tenant cluster with namespaces and access control rules
    • Creating an Anthos Config Management repository to sync this structure across clusters
    • Adding a Policy Controller audit policy for detecting containers requesting elevated privileges
    • Using cluster networking policies and Anthos Service Mesh to secure a network
    • Selecting secure protocols for network traffic to services
    • Architecting a secret management solution
    • Assessing security risks through penetration testing
    • Discussing Anthos connect/tether and what it does
    • Managing access to services from external: IP whitelists/blacklists
    • Describing solutions to limit data egress risks using k8s/service mesh and cloud /on-premises network firewalls
    • Explaining certificate management options on-premises and in the cloud
    • Securing a software supply chain
    • Managing identities in hybrid/multi-cloud environments

    1.2 Designing for compliance. Considerations include:

    • Creating security and/or governance documentation
    • Performing infrastructure audits
    • Defining how admin activity will be logged, retained, and reported
    • Mapping regulatory or internal compliance/policy into implementation/configurations to satisfy requirements
    • Reviewing employee data access records, access of data, and transfer of data
    • Using Open Policy Agent (OPA)/Config Validator/Forseti to enforce security policies across all environments

2. Provisioning a solution infrastructure

    2.1 Installing the Anthos platform. Considerations include:

    • Subscription awareness
    • Capacity planning for network, storage, and compute
    • Configuring network (interconnects, virtual private networks (VPN), IP address allocation)
    • Deploy and configure compute resources (admin workstation, cluster resources, GKE clusters)

    2.2 Configuring and deploying Anthos components. Considerations include:

    • Set up Anthos Config Management operator
    • Set up GKE Connect (only for on-premises)
    • Register clusters to the Google Cloud Console
    • Deploying Anthos Service Mesh on clusters
    • Installing services from Anthos Marketplace
    • Migrating workloads with Migrate for Anthos

3. Optimizing technical and business processes

    3.1 Analyzing and defining technical processes. Considerations include:

    • Software Development Life Cycle plan (SDLC)
    • Continuous build and deployment strategy
    • Using declarative version-controlled configurations
    • Service catalog and provisioning
    • Upgrades and solution improvements

    3.2 Optimize the value of hybrid cloud. Considerations include:

    • Identifying primary and secondary value drivers from cloud or hybrid workload deployments
    • Estimating the total cost of ownership for on-premises and cloud deployments
    • Reporting dashboard to charge-back infrastructure costs to business units
    • Cost optimization / resource optimization (capex / opex)

4. Ensuring solution and operations reliability

    4.1 Establishing service level indicators and objectives. Considerations include:

    • Observability across teams and applications
    • Process for defining reporting and alerting
    • Defining a toolset for collecting downtime data and determining success
    • Decomposing alerts by product area/team, priority

    4.2 Improving system reliability. Considerations include:

    • Identifying failures and their probability to prioritize reliability work items
    • Using a smaller non-production environment that replicates production and then performing disaster recovery
    • Deploying new application versions seamlessly

    4.3 Planning for failure and handling recovery. Considerations include:

    • Writing an incident response document/postmortem of a production outage
    • Implementing a disaster recovery strategy
    • Estimating recovery time in the event of zone and region failure
    • Planning for and running disaster recovery scenarios
    • Simulating failure scenarios using service mesh fault injection
    • Planning and implementing stress testing prior to launch

Competency Guide

COMPETENCY: LEADERSHIP
Quality Supporting evidence
Actively mentors others
Demonstrates strong teaming and collaboration across several groups
  • Builds relationships with influencers, other architects, and project stakeholders
  • Interviews candidate team members
  • Effectively mediates and manages conflict
  • Understands organizational structures, relationships, and influencers
    • Defines job roles and functions in a cloud center of excellence
  • Effectively builds organizational partnerships and networks
    • Organization/team processes for quota and capacity requests
  • Exhibits comfort with conflict and thrives in situations that require negotiation and compromise
  • Adeptly maneuvers through politically charged organizational situations
Provides thought leadership
  • Champions technologies, best practices, and standards
  • Asks thought-provoking questions that drive improved solutions
  • Promotes the documentation and reuse of ideas and best practices
Influences decision makers
  • Builds consensus on a technical decision
Possesses an awareness of the internal legal organization and ensures that legal guidelines are met
Guides a project through to completion and audit compliance with specifications and the overall intent of the architecture
Continually looks for opportunities to improve design and implementation
COMPETENCY: BUSINESS IMPACT
Quality Supporting evidence
Can explain the business strategy of their organization
Demonstrates an understanding of future trends and how they impact the current and future state of their company’s solutions

Considers the following:

  • Cloud and technology improvements
  • Business-needs evolution
  • Evangelism and advocacy
  • Planning for growth of the organization and end users
  • Legislative compliance relevant to geography/vertical
Ability to build a business case for an multi-cloud/hybrid-cloud effort and strategy that demonstrates a clear understanding of ROI and project risks
  • Able to identify quantifiable value drivers that are attributable to a multi- or hybrid-cloud project
  • Able to quantify—in terms of money—the benefits that may result from a project
  • Conducts high-level comparisons of costs vs benefits of a project (actual NPV or ROI calculations are not necessary)
Balances the needs of users, management, operations, support, finance, and technology with the strategic needs of the business, including business benefits and vendor pricing implications
  • Makes appropriate trade-offs depending on project priorities (e.g., cost may limit scope, timeline, or approach)
  • Identifies the need to prioritize project phases to focus on lower-risk and higher-return phases (“quick wins” or “low hanging fruit”) to drive project momentum
  • Identifies the need to balance internal and external resource constraints (personnel and budget) against business goals
  • Identifies the need to prioritize project phases that address strategic imperatives and regulatory requirements
COMPETENCY: TECHNICAL ACUMEN
Quality Supporting evidence
Designs solutions that meet business goals, including cost effectiveness and feasibility
  • Gathers and analyzes business requirements
  • Proves/demonstrates the feasibility of a design (POC, pilots, prototypes, etc.)
  • Uses consistent tooling and processes to limit complexity
  • Designs cost-effective solutions that reduce capex or general IT spend
  • Ensures/improves transparency regarding costs and resource consumption
  • Understands the impact of internal policies. For example, service level agreements (SLAs)
  • Creates the design artifacts that are required to deliver and maintain the solution
Designs hybrid and multi-cloud solutions that meet operational requirements, such as scalability, maintainability, security, reliability, extensibility, flexibility, availability, manageability
  • Gathers and analyzes technical requirements
  • Uses capacity planning techniques to ensure scalable designs
  • Improves quality and availability of service
  • Heeds laws and regulations about data sovereignty
  • Ensures business continuity
  • Plans for disaster recovery
  • Employs effective management and monitoring techniques across multiple environments, using methodologies and/or frameworks to provide predictability to IT and ensure repeatable success
  • Builds out capabilities, such as advanced analytics services, that might be difficult to implement in existing environments
  • Uses modern techniques for continuous integration and continuous deployment (CI/CD)
  • Avoids or reduces vendor lock-in
  • Adapts for constraints such as:
    • Dependencies between applications
    • Reliance on hardware or operating systems that might not be available in the public cloud
    • Performance and latency requirements for communication between systems
    • Workload licensing restrictions for hosted software
    • Bandwidth, latency, availability, and security requirements for traffic in and out of all environments
    • Hybrid cloud networking, including service-to-service networking (VPC, peering, firewalls, container networking, VPN, Cloud Interconnect)
  • Chooses appropriate storage types (e.g., object, file, RDBMS, NoSQL, NewSQL)
  • Chooses compute resources (e.g., preemptible, custom machine type, specialized workload)
  • Ensures consistent authentication, authorization, auditing, and policies across computing environments
  • Recommends the use of managed services in preference to reimplementing services from the ground up, unless there is a compelling reason to reimplement
Implements appropriate migration strategies
  • Chooses a migration methodology appropriate for service and requirements
  • Identifies environmental requirements that impact subsets of services to be migrated
Demonstrates breadth of architectural knowledge and can identify the pros and cons of different technological approaches
  • Employs patterns that rely on a distributed deployment of applications in order to run an application in the computing environment that suits it best
  • Enables hybrid-cloud solutions with Anthos that address common use cases such as:
    • Business continuity and disaster recovery
    • Bursting to cloud during peak consumption times
    • Modernization of legacy applications to reduce cost and enable innovation
Contributes to technical project management
  • Influences decision-makers regarding benefits and a customized approach
  • Estimates timelines/level of effort for each work item
  • Breaks high-level goals down into smaller, more manageable chunks to iterate on and prioritize
  • Mitigates unexpected challenges with short-term/long-term risks
  • Uses automated tests to verify work items
  • Defines success criteria and evaluates solution against them
  • Builds testing and go-live plans