PaddySpeaks · Systems at the Whiteboard · Nº 28

The GCP Problem

Design a globally distributed data platform on Google Cloud Platform. Walk me through your choices for compute, storage, analytics, and messaging — and how you'd leverage GCP's unique advantages: the private global backbone, BigQuery's Dremel engine, Cloud Spanner's external consistency, and Pub/Sub's at-least-once delivery at planetary scale.

WORDS · PaddySpeaks Editorial FIELD · Cloud Infrastructure / GCP READING · ~30 min
☁️ Cloud trilogy: this page covers GCP · The AWS Problem → · The Azure Problem →

§ 00 — BEFORE GCPGoogle's internal infrastructure made public

GCP isn't a cloud that Google built — it's Google's own infrastructure that Google eventually opened to the world. Every major GCP service traces back to a paper, a system, or a problem that Google had to solve at planetary scale first.

PRE-GCP — GOOGLE INTERNAL PROBLEMS GCP PUBLIC 2000s Scale Problem Billions of searches 2004 MapReduce Paper Big data paradigm 2006 BigTable Paper Distributed NoSQL 2003 Borg (internal K8s) Containers pre-Docker 2008 GCP Launched App Engine first BigQuery 2012 GCP Edge Private fiber network AI/ML leadership K8s · TF · Beam OSS
YearGoogle InternalGCP Public EquivalentWhy It Matters
2003Borg — container schedulerGKE / Kubernetes (2014 open-sourced)Google ran containers a decade before Docker existed
2004MapReduce paperDataflow / Apache BeamInvented the batch + stream paradigm the industry followed
2006BigTable paperCloud BigtableDefined distributed wide-column NoSQL; HBase is its clone
2006Dremel — internal query engineBigQueryColumnar + massively parallel SQL at Google scale
2008GCP launched publiclyApp Engine (first GCP product)Compute Engine and BigQuery came later in 2012
OngoingPrivate global fiber (Jupiter/Andromeda)Premium Network TierGCP's physical moat — traffic never leaves Google's backbone

§ 01 — THE QUESTIONDesign a globally distributed data platform on GCP

Interview Prompt

"Design a globally distributed data platform on GCP. Walk me through your choices for compute, storage, analytics, and messaging — and how you'd use GCP's unique advantages (global network backbone, BigQuery, Spanner) over other clouds."

LEVEL · SENIOR / STAFFDURATION · 45–60 MINFORMAT · WHITEBOARD
DimensionWeak AnswerStrong Answer
BigQueryNames BigQuery as "a data warehouse"Explains Dremel + Colossus + Jupiter — storage/compute separation means infinite scale with zero tuning
NetworkTreats GCP network like AWS (regional VPCs)States GCP VPC is global — one VPC spans all regions; no VPC peering needed; premium tier stays on Google's backbone
Spanner"It's a distributed SQL database"External consistency via TrueTime; horizontally splits across nodes; the only RDBMS with 99.999% SLA globally
ComputeDefaults to VMsDecision tree: containers → GKE/Cloud Run, functions → Cloud Functions, batch → Dataflow/Batch; chooses based on workload
IAMMentions rolesOrg → Folders → Projects hierarchy; policy inheritance; Workload Identity Federation instead of service account keys

§ 02 — GLOBAL INFRASTRUCTUREThe Google backbone advantage

GCP's defining edge: traffic on the Premium Tier never leaves Google's private fiber — it enters at the nearest PoP and rides the backbone all the way to the destination region.

PUBLIC INTERNET us-central1 europe-west4 asia-east1 PoP PoP Premium — Google backbone Standard — public internet ANDROMEDA Virtual Networking Stack SR-IOV · Maglev · Jupiter fabric GCP: 40+ regions · 100+ PoPs · 1M+ km private fiber

§ 03 — COMPUTEDecision tree: what are you running?

GCP compute choice flows from workload shape — not vendor defaults. Start with the question, not the service.

What are you running? Choose compute by workload shape Containers VMs Functions Batch/Data GKE Managed Kubernetes Autopilot · Standard Cloud Run Serverless containers Scale-to-zero · HTTP Compute Engine VM instances Preemptible · Spot Cloud Functions Event-driven Gen 1 / Gen 2 Dataflow Apache Beam Stream+Batch MACHINE SERIES (Compute Engine) N2 / N2D General purpose 2–128 vCPU · web, API balanced price/perf C2 / C3 Compute-optimized High freq · 3.8 GHz ML inference, gaming M2 / M3 Memory-optimized Up to 12 TB RAM SAP HANA, in-mem DB A2 / A3 + TPU GPU / Accelerator NVIDIA A100/H100 TPU v4 for JAX/TF PRICING: On-demand $$$$ Spot / Preempt $ Committed Use (1/3yr) $$ Sustained Use (auto) $$$ GCP unique: Sustained Use Discounts apply automatically — no reservation required for up to 30% off

§ 04 — STORAGEGCS tiers and the storage decision matrix

GCS storage classes are priced on retrieval frequency — not access speed. Archive retrieval takes milliseconds, not hours (unlike AWS Glacier).

GCS STORAGE CLASSES — by retrieval frequency Standard Hot data · no min duration $0.020/GB · free retrieval Serving, active datasets Nearline 30-day min storage $0.010/GB · $0.01/GB ret. Monthly backups, DR Coldline 90-day min storage $0.004/GB · $0.02/GB ret. Quarterly archives Archive 365-day min storage $0.0012/GB · $0.05/GB ret. Compliance, audit logs ← Storage $ ↑ (more expensive) Retrieval $ ↑ (more expensive) → All classes: millisecond retrieval latency · no Glacier-style restore delay · set via Object Lifecycle Management
ServiceTypeUse WhenKey Limit
Cloud Storage (GCS)Object storeBlobs, data lake, model artifacts, backups5TB per object; no practical capacity limit
Persistent DiskBlock storageVM OS disk, database volumes, stateful workloads64TB per disk; zonal (pd-ssd) or regional (pd-balanced)
FilestoreNFS / fileShared file system, GKE ReadWriteMany PVCsBasic 1TB min; Enterprise up to 100TB
Cloud SpannerGlobally distributed RDBMSRelational + global consistency (fintech, inventory)Unlimited nodes; $0.90/node/hr base; TrueTime consistency
Cloud BigtableWide-column NoSQLTime-series, IoT, AdTech at petabyte scale10ms p99 at millions of rows/sec; HBase-compatible
FirestoreDocument NoSQLMobile/web backends, real-time sync1MB per document; 1 write/sec per document (hot path)
Cloud SQLManaged RDBMSPostgreSQL / MySQL / SQL Server — regional, simpler apps64TB; single-region only; no external consistency
MemorystoreIn-memory cacheRedis / Memcached caching layerRedis 300GB per instance; Valkey GA 2024

§ 05 — BIGQUERYGCP's crown jewel

BigQuery's secret: compute and storage are completely separate. A 100TB query doesn't saturate storage nodes — Dremel fan-out across thousands of workers happens in parallel on Jupiter's fabric.

BigQuery Architecture — Separation of Compute and Storage SQL Query / REST API Standard SQL · multi-statement · INFORMATION_SCHEMA Dremel — Query Engine Parallel distributed SQL · columnar execution · DAG of workers · fan-out to slots Borg (cluster mgmt) reads data routes traffic Colossus — Distributed Storage Columnar (Capacitor format) · compressed · replicated Storage billing separate from query compute · $0.02/GB/mo Jupiter — Network Fabric 1 Pbps bisection bandwidth · petabit switch Zero bottleneck between compute ↔ storage Why this matters in an interview Dremel fans out across 2000+ workers per query — no tuning, no indexes, no vacuuming, no cluster resizing. Slots (processing units) scale independently. You pay for bytes scanned, not compute time at rest.
ModelHow It WorksBest ForCost Model
On-demandPay per byte scanned ($5/TB). No reservation.Exploration, ad-hoc, small teamsUnbounded — one bad query = big bill
Slot Reservations (editions)Buy baseline + autoscale slots. Queries share the pool.Production pipelines, cost predictabilityPredictable + autoscale for spikes
Flat-rate (legacy)Buy N slots, unlimited scans within that poolVery large orgs with steady query load$$ predictable · being replaced by editions
PARTITIONED BY date CLUSTERED BY user_id, country Partition: 2026-06-24 · ~2GB scanned Partition: 2026-06-23 · skipped ✓ Partition: 2026-06-22 · skipped ✓ Partition pruning eliminates whole date shards Filter must include partition column → WHERE date = '2026-06-24' Cluster block: user_id AAA–DMZ Cluster block: user_id DMZ–MZZ · skipped Cluster block: user_id MZZ–ZZZ · skipped Clustering sorts within partition · no column constraint Automatic reclustering — no manual maintenance → WHERE user_id BETWEEN 'A' AND 'D' Use both: PARTITION BY date CLUSTER BY user_id → 99% scan reduction at scale

§ 06 — NETWORKINGGlobal VPC — the biggest differentiator from AWS

In AWS, a VPC is regional — you need VPC peering or Transit Gateway to connect regions. In GCP, a single VPC spans all regions globally. One VPC, one firewall ruleset, subnets in every region.

my-global-vpc · spans ALL regions · one firewall ruleset Subnet: us-central1 10.128.0.0/20 GKE cluster Cloud Run Private Google Access ✓ Subnet: europe-west4 10.132.0.0/20 Compute VMs Cloud SQL Same VPC — no peering needed Subnet: asia-east1 10.140.0.0/20 Spanner node Bigtable Private Google Access ✓ Shared VPC Host project owns VPC Service projects attach VPC Peering Connect diff VPCs Non-transitive · same region Cloud Interconnect Dedicated 10/100Gbps On-prem hybrid · SLA Cloud VPN IPSec tunnel · HA VPN On-prem · lower cost KEY DIFFERENTIATOR vs AWS: GCP VPC is global · AWS VPC is regional (need TGW or peering for cross-region) · GCP firewall is stateful, tag-based, not security-group-per-instance

§ 07 — SERVERLESS & MESSAGINGPub/Sub, Cloud Run, Dataflow

GCP's serverless stack is three distinct layers: Pub/Sub for durable messaging, Cloud Run for HTTP containers, Dataflow for stream/batch pipelines. Each is independently scalable.

Cloud Pub/Sub — at-least-once · global · serverless Publisher App / IoT / GCF gRPC or REST Topic projects/p/topics/t global · durable Sub A — PUSH HTTP endpoint · Cloud Run Sub B — PULL Consumer polls · Dataflow Cloud Run service Dataflow pipeline Dead Letter Topic maxDeliveryAttempts=5 nack loop Delivery: at-least-once · ordering: enable message ordering key · retention: 7 days · throughput: millions/sec Exactly-once delivery available (2022) · BigQuery subscription for direct BQ ingest without pipeline
DimensionCloud RunCloud Functions
UnitContainer image (any language, any deps)Source code function (Node, Python, Go, Java, Ruby, .NET)
Cold start~200ms–1s (larger image)~50–300ms (Gen 2 much faster)
Max runtime60 min (streaming) / unlimited (services)60 min (Gen 2) · 9 min (Gen 1)
ConcurrencyUp to 1000 req/instance1 req/instance (Gen 1) · 1000 (Gen 2)
Container supportYes — full OCI containerNo — managed runtime only
VPC connectivityVPC connector or direct VPC egressVPC connector (Gen 1) · direct (Gen 2)
PricingPer request + CPU/memory during requestPer invocation + CPU/memory (100ms billing)
Best forAPIs, microservices, long-running tasks, ML servingEvent triggers, lightweight glue, Pub/Sub consumers
Dataflow Pipeline — Apache Beam SDK (stream or batch) Source Pub/Sub · GCS PCollection ParDo Map / Filter element-wise GroupByKey Window + Trigger event-time windowing Sink / Output BigQuery · GCS · BT streaming insert / batch Watermarks handle late data · Exactly-once via Dataflow shuffle · Autoscale workers by backlog · Runner-managed parallelism Unified batch + stream: same pipeline runs on GCS (batch) or Pub/Sub (stream) — switch source, not code vs Flink: Dataflow is fully managed · no cluster to operate · runner-as-a-service

§ 08 — IAMGCP's resource hierarchy and identity model

GCP IAM is a hierarchy — policies set at a parent propagate down. You cannot remove a permission granted at a higher level from a lower level.

Organization example.com · G Suite / Cloud Identity domain Folder: Engineering Folder: Finance Policy inherits ↓ Folder: Engineering grantee: eng-lead@ Folder: Finance grantee: cfo@ (no folder) Project: prod-api project-id: prod-api-12345 Project: data-infra BigQuery · Dataflow Project: ml-research TPU · Vertex AI Basic Roles Owner · Editor · Viewer Coarse-grained · avoid in prod Predefined Roles roles/bigquery.dataViewer Fine-grained · managed by Google Custom Roles Curated permission sets Least privilege · audit required
ConceptWhat It IsInterview Signal
Workload IdentityKubernetes service accounts → GCP IAM roles. No JSON key files.Eliminates long-lived credentials; K8s pod gets a short-lived token
Workload Identity FederationExternal identities (AWS, Azure, GitHub OIDC) → GCP roles. No service account key.Cross-cloud auth without secret management
Service Account ImpersonationA principal act-as a service account for bounded scopeAuditable, revocable; beats key distribution
IAM ConditionsBind roles with attribute-based conditions (time, resource name, IP)Just-in-time access, time-boxed prod access
VPC Service ControlsPerimeter around GCP APIs — even authorized users can't exfiltrate data outside perimeterDLP for GCP; required for regulated data (PCI, HIPAA)
Organization PolicyOrg-wide constraints (e.g., restrict resource locations, disable service account key creation)Guardrails enforced at org level — survives project deletion

§ 09 — Q&A12 interview questions

1. When would you choose GCP over AWS?
Choose GCP when BigQuery analytics is central (no AWS equivalent at the same scale-to-zero price model), when global network latency matters (premium tier keeps traffic on Google's backbone), or when your ML workload benefits from TPUs and Vertex AI. Also when your org is Google Workspace-native — IAM integration is seamless.
2. What makes BigQuery's architecture unique?
Dremel separates compute (workers) from storage (Colossus) completely — Jupiter's petabit network fabric means no I/O bottleneck. You can query 100TB without provisioning anything: Dremel fans out to thousands of slots on demand, and you pay only for bytes scanned. No indexes, no vacuuming, no cluster sizing.
3. GCP VPC vs AWS VPC — key difference?
GCP VPC is global: one VPC spans all regions; subnets are regional but belong to the same global network. AWS VPC is regional — cross-region requires Transit Gateway or VPC peering. GCP firewall is tag-based (not per-instance security groups), stateful, and applied globally to the VPC.
4. What is Cloud Spanner and when do you use it?
Cloud Spanner is a globally distributed, externally consistent RDBMS — the only one with a 99.999% SLA across regions. Use it when you need relational semantics (SQL, foreign keys, transactions) AND horizontal scale AND global consistency. Example: global financial ledger, inventory system that must never show negative stock globally.
5. Pub/Sub vs Kafka — when to choose each?
Choose Pub/Sub when you want zero infrastructure management, global delivery, and auto-scaling at any throughput — it's the right default on GCP. Choose Kafka (via Confluent or self-managed) when you need ordering guarantees per partition with consumer group offsets, log compaction, or Kafka Streams — or when migrating an existing Kafka architecture.
6. What is Anthos?
Anthos is GCP's multi-cloud/on-prem management platform. It runs GKE clusters on AWS, Azure, or bare metal, using Config Sync (GitOps), Policy Controller (OPA), and Service Mesh (Istio) to provide consistent operations across environments. Use it when you need a single control plane for workloads that span clouds.
7. How does Cloud Run differ from Cloud Functions?
Cloud Run deploys any OCI container — you control the runtime, dependencies, and can handle multiple concurrent requests per instance (up to 1000). Cloud Functions deploys source code into a managed runtime — simpler, but less control. Cloud Run Gen 2 and Cloud Functions Gen 2 share the same underlying infrastructure (Cloud Run); Functions is now a packaging layer on top.
8. What is a TPU and when would you use one?
A Tensor Processing Unit is Google's custom ASIC designed specifically for matrix multiply at neural-network scales. Use TPUs when training or fine-tuning large models in JAX or TensorFlow — they offer 10–100× better throughput/$ vs GPUs for large batch matrix ops. Not useful for inference at small batch size or for non-TF/JAX frameworks.
9. How do you design a BigQuery schema for cost optimization?
Partition by event date (eliminates full-table scans), cluster by the highest-cardinality filter column (usually user_id or entity_id), select only needed columns (BQ is columnar — never SELECT *), and use materialized views for repeated aggregations. Reserve slots for production workloads to cap costs; use on-demand for exploration.
10. What is VPC Service Controls?
VPC Service Controls creates a security perimeter around GCP API access — even a user with IAM permissions cannot exfiltrate data if their request originates outside the perimeter (wrong VPC, wrong IP range, wrong device). Essential for PCI, HIPAA, and FedRAMP workloads where data residency and exfiltration prevention are hard requirements.
11. How does GCP's premium network tier work?
When a packet enters GCP's network, it's routed onto Google's private fiber at the nearest PoP and carried entirely on Google's backbone to the destination region — never touching the public internet. Standard tier exits to the public internet immediately. Premium tier reduces latency (especially cross-continental) and avoids internet routing instabilities, but costs ~25% more per egress GB.
12. What is Workload Identity Federation?
Workload Identity Federation lets external identities — AWS IAM roles, Azure managed identities, GitHub Actions OIDC tokens — exchange their native credential for a short-lived GCP access token via an OIDC/SAML trust. Zero service account keys needed. This is the right pattern for CI/CD pipelines, cross-cloud integrations, and any workload that can't use Workload Identity (the K8s-specific variant).

§ 10 — COMMON MISTAKESWhat interviewers actually hear

These are the three misconceptions that immediately signal a candidate hasn't worked deeply with GCP — each one has a specific correction that demonstrates real understanding.

❌ "BigQuery is just a database" BigQuery is a serverless data warehouse built on Dremel — Google's internal distributed query engine. It separates compute (Dremel workers, called slots) from storage (Colossus, in columnar Capacitor format) completely. This means it auto-scales to thousands of parallel workers per query with zero provisioning. It bills per bytes scanned, not per storage size or compute time at rest. Running SELECT * on a 1TB table costs approximately $5 per query — no index, no tuning, just raw scan cost. Understanding this billing model is what separates a BigQuery user from a BigQuery architect. ✓ Correct framing: "BigQuery is serverless OLAP built on Dremel. Compute and storage are separated — you pay for bytes scanned, not cluster size. The right optimization is partitioning + clustering to reduce scan volume, not provisioning bigger instances."
❌ "GCP networking = AWS networking" GCP's VPC is fundamentally different from AWS. In AWS, a VPC is regional — you need VPC Peering, Transit Gateway, or PrivateLink to connect resources across regions, each with cost and routing complexity. In GCP, a VPC is truly global: one VPC spans all regions simultaneously. Subnets are regional, but they belong to the same network namespace. A VM in us-central1 and a VM in asia-east1 can talk on private RFC-1918 IPs through the same VPC with no peering setup. GCP firewalls are tag-based and applied globally to the VPC rather than being instance-attached security groups. ✓ Correct framing: "GCP VPC is global, not regional. One VPC, multiple regional subnets, one firewall ruleset. This changes multi-region architecture fundamentally — no Transit Gateway, no peering mesh, no route table per region."
❌ "Cloud Run is just Lambda" Cloud Run and AWS Lambda differ at the fundamental unit of deployment. Lambda deploys source code functions within language-specific managed runtimes (Node.js, Python, Java, etc.) — you don't control the OS, dependencies, or runtime beyond what Lambda exposes. Cloud Run deploys full OCI containers — any language, any framework, any binary dependency. Cloud Run also supports up to 1000 concurrent requests per container instance (vs Lambda's one-request-per-instance model in Gen 1). On cold starts: Cloud Run does have startup latency for new container instances, but Google maintains a pool of pre-warmed instances for scale-to-zero services, making the practical cold start experience significantly better than raw numbers suggest. Cloud Run is also not function-scoped — it supports long-running HTTP services, WebSockets, and gRPC streaming. ✓ Correct framing: "Cloud Run runs containers (any language, any dependency, full HTTP service). Lambda runs functions inside a managed runtime. Cloud Run concurrency model (1000 req/instance) means far fewer cold starts than Lambda's 1:1 model."

§ 11 — WHY NOT?Honest trade-offs — when to choose GCP and when not to

A strong candidate knows when GCP wins and when it doesn't. Defaulting to GCP for everything signals lack of real-world experience as much as defaulting to AWS does.

Choose GCP When

✓ BigQuery for analytics at petabyte scale No provisioning, pay-per-scan, auto-scales to thousands of slots. Nothing in AWS or Azure matches this at zero operational cost.
✓ Vertex AI / AI Platform for ML workloads TPUs for JAX/TensorFlow training, integrated Gemini APIs, and managed Feature Store. Google's AI infrastructure is its strongest differentiator.
✓ Global low-latency network (Premium Tier) Traffic stays on Google's private fiber from ingress PoP to destination. Essential for real-time global products.
✓ Open-source alignment K8s, Istio, Knative, Apache Beam — GCP invented or leads these projects. Deep integration without lock-in concern.

Consider Alternatives When

✗ AWS for broadest service catalog and enterprise market share AWS has 200+ services vs GCP's ~100. For enterprise SaaS integrations (SAP, Oracle, Salesforce), AWS marketplace and ISV ecosystem is larger.
✗ Azure for Microsoft / Active Directory heavy enterprises If the org runs Office 365, Teams, and Active Directory, Azure AD integration is seamless in ways GCP cannot match out of the box.
✗ Smaller community means fewer answers GCP has a smaller Stack Overflow presence, fewer regional user groups, and less third-party tutorial coverage than AWS. This slows onboarding teams.
✗ Google's product discontinuation history Stadia, Google+, Hangouts, Inbox, Cloud IoT Core — enterprises noticed. Risk appetite for GCP services that aren't core compute/storage/BQ is real.

§ 12 — ONE-MINUTE ANSWERWhen the interviewer says "just quickly — what makes GCP different?"

This is the answer you should be able to give in under 90 seconds — specific, technical, and honest about trade-offs.

Question
"What makes GCP different from AWS?"
Answer
"GCP's differentiation comes from two sources: Google's internal infrastructure made public, and ML/AI leadership. BigQuery came from Google's internal Dremel query engine. Kubernetes came from Google's internal Borg scheduler. The global VPC architecture reflects how Google itself operates — a single network spanning all regions rather than isolated regional silos. For data and AI workloads, GCP frequently wins on price-performance because you're using the same infrastructure Google uses for Search, YouTube, and Maps. The tradeoff: smaller ecosystem than AWS, fewer enterprise integrations, and Google's history of sunsetting products creates enterprise hesitancy."

§ 13 — INTERVIEWER'S MINDWhat they're actually probing with each question

GCP interviewers are not testing service name recall. They are testing whether you understand the why behind each architectural choice. Here are the four most common probes and what depth looks like.

1. BigQuery Architecture
"Can you explain why BigQuery separates compute and storage? What is Dremel? Why does columnar format matter?"
Interviewers want to hear: Dremel is the distributed SQL execution engine that fans out to thousands of parallel workers (slots). Colossus is the distributed file system storing data in columnar Capacitor format. Jupiter is the petabit network fabric connecting them with essentially unlimited bisection bandwidth. Columnar format means a query on SELECT revenue reads only one column out of 200 — 99.5% of data never touched. You pay for bytes scanned, not compute time.
✓ Signal: anyone who mentions Dremel, Colossus, and slot reservations in the same answer has worked with BQ in production.
2. Global vs Regional
"When does GCP's global VPC help? When does it create compliance problems around data residency?"
Global VPC helps for: multi-region active-active services that need private routing without peering overhead, global Spanner deployments, and consistent firewall policy across regions. It creates compliance friction when regulations (GDPR, data sovereignty) require data to stay in a specific geography — because the VPC itself spans everywhere, you must enforce data residency at the subnet and service level, not the network level. VPC Service Controls adds an API-level perimeter, but the burden shifts to service-level config.
✓ Signal: knowing the data residency complication shows the candidate has dealt with regulated workloads.
3. IAM Hierarchy
"Organization → Folder → Project → Resource. Why is project-level isolation GCP's unit of billing and IAM?"
The project is GCP's fundamental isolation boundary: all resources belong to a project, all billing is per project, IAM policies set at the project level scope all resources within it. Folders group projects (e.g., by team or environment) and allow inherited IAM. Organization is the root — policies set here propagate everywhere. The key interview point: you cannot grant less permission than the parent grants. If a user has roles/editor at the folder level, you cannot revoke it at the project level — you must revoke at the folder or use a more restrictive folder structure.
✓ Signal: understanding policy inheritance (additive, not subtractive) is the key IAM trap question.
4. Pub/Sub vs Kafka
"When would you use managed Pub/Sub vs self-managed Kafka on GCP?"
Choose Pub/Sub when: you want zero infrastructure management, global delivery, at-least-once semantics are sufficient, and you're building GCP-native (Dataflow, Cloud Run, BigQuery subscription all integrate natively). Choose Kafka (via Confluent or GKE self-managed) when: you need strict per-partition ordering with consumer group offsets, log compaction for state materialization, Kafka Streams for stream processing close to the broker, or you're migrating a Kafka-based architecture and need exact compatibility. Pub/Sub now supports ordered delivery via ordering keys — but Kafka's offset-based consumer model gives more control for complex consumer group topologies.
✓ Signal: naming ordering keys and the BigQuery subscription shows hands-on Pub/Sub depth.

§ 14 — THE EVOLUTIONGCP's architectural arc: 2003 → 2023

Understanding GCP's evolution explains why its services are designed the way they are. Each milestone is Google solving a real problem at scale — and then opening that solution to the world.

2003 Google Borg Internal container scheduler — the direct ancestor of Kubernetes 2004 MapReduce Paper Google publishes the paradigm — Hadoop, Spark, and Beam follow 2006 BigTable Paper Distributed wide-column NoSQL — HBase and Cassandra are its descendants 2008 GCP Launches — App Engine Google opens its infrastructure. Platform-as-a-Service first. 2010 Google Spanner (internal) Globally consistent RDBMS using TrueTime atomic clocks 2012 BigQuery + Compute Engine GA Dremel becomes BigQuery. IaaS VMs arrive. GCP becomes a full cloud. 2014 Kubernetes Open-Sourced Borg's public descendant. GKE is the managed offering from day one. 2016 TPUs for ML Custom ASICs for TensorFlow — AlphaGo trained on TPU v1 2017 Cloud Spanner GA World's first externally consistent globally distributed RDBMS goes public 2019 Anthos — Hybrid Cloud Manage GKE clusters on AWS, Azure, and bare metal from one control plane 2023 Vertex AI / Gemini AI becomes GCP's primary differentiator — Gemini embedded across all services

§ 15 — WHAT'S NEXT?The frontier GCP is pushing into

GCP's next act isn't just more services — it's collapsing the boundary between the data layer and the AI layer. Every major service is being retrofitted to become AI-native infrastructure.

Solved Problem
BigQuery solved analytics at scale — serverless OLAP, petabytes, zero provisioning
Next Frontier
Real-time streaming analytics without a separate pipeline layer. BigQuery + Pub/Sub with BigQuery subscriptions ingests streaming data directly into tables — no Dataflow job, no custom consumer. The gap between "event happened" and "queryable in BigQuery" is collapsing to seconds.
Solved Problem
Vertex AI solved ML platform — managed training, feature store, model registry, serving
Next Frontier
Gemini integration across all GCP services — BigQuery ML now calls Gemini models directly from SQL. Cloud Run can call Vertex AI APIs with native auth. The pattern: AI is not a separate tier; it is a function you call from your existing infrastructure.
Current Frontier
The AI-native data stack
What This Looks Like
Vector search natively in Cloud Spanner (ANN index alongside relational rows). Embedding generation inside BigQuery via ML.GENERATE_EMBEDDING. Agent orchestration via Cloud Run calling Vertex AI APIs. Data pipelines are being replaced by AI agents that retrieve, transform, and reason over data in a single loop — the distinction between "data pipeline" and "AI model" is blurring.
The Question That's Coming
"How do you build products where AI is the data pipeline, not just the model?" The interviewer who asks this in 2026 is not asking about RAG or embeddings in isolation — they are asking whether you understand that retrieval, transformation, and generation are converging into a single runtime, and GCP's bet is that Vertex AI + BigQuery + Spanner is that runtime.

§ 16 — SUMMARYWeak vs Strong answer

TopicWeak AnswerStrong Answer
Opening frameLists GCP services by memoryNames GCP's 3 differentiators: BigQuery (serverless OLAP), global VPC (vs regional), private backbone (premium tier)
BigQuery"It's a managed data warehouse"Dremel + Colossus + Jupiter: compute/storage separation, fan-out to slots, partitioning + clustering for cost control, slot reservations for predictability
NetworkingDesigns regional VPCs like AWSOne global VPC, subnets per region, premium tier traffic never leaves Google's backbone, Shared VPC for multi-project
SpannerMentions it without knowing whyTrueTime external consistency, horizontal split, the only global SQL DB with 99.999% SLA — use when global RDBMS semantics are required
Messaging"Use Pub/Sub for messaging"Pub/Sub for fanout + durability, BigQuery subscription for direct ingest, ordering key for sequential events, dead letter topic for poison messages
IAMMentions roles and service accountsOrg → Folder → Project hierarchy, policy inheritance, Workload Identity (no keys), Workload Identity Federation (cross-cloud), VPC Service Controls (exfiltration prevention)
ComputeDefaults to GKE for everythingDecision tree: containers (GKE vs Cloud Run), VMs (machine series by workload type), functions (Cloud Functions Gen 2), TPUs for large-model training
CostDoesn't mention costBigQuery: bytes scanned + slot reservations. GCS: storage class by access frequency. Compute: Sustained Use Discounts auto-apply; Spot for batch. Preemptible 60–91% off on-demand.
☁️ Continue the cloud trilogy: The AWS Problem → · The Azure Problem → · ← Back to Design Index
← paddyspeaks.com