Networking

When you can, keep things private.

Last updated 1 year ago

Networking

When you can, keep things private.

Networking design is critical to successful system design because it helps you optimize for performance and secure application communications with internal and external services. When you choose networking services, it's important to evaluate your application needs and evaluate how the applications will communicate with each other. For example, while some components require global services, other components might need to be geo-located in a specific region.

Developing your cloud networking design includes the following steps:

Design the workload VPC architecture. Start by identifying how many Google Cloud projects and VPC networks you require.
Add inter-VPC connectivity. Design how your workloads connect to other workloads in different VPC networks.
Design hybrid network connectivity. Design how your workload VPCs connect to on-premises and other cloud environments.

IT Networking in general is one of the most complex topics and one of the main reasons for bugs and headaches. Google Cloud makes it easy to navigate through complex networkign concepts but still it's of major importance to make network design an early part of designing your organizational setup in Google Cloud. Organizational-level design choices can't be easily reversed later in the process.

We usually tackle networking with an initial workshop where we cover the following topics:

VPC architecture required. If you are using only serverless products on Google Cloud, there is actually no need of VPCs. Otherwhise, we usually recommend a hub-spoke topology.
VPC networks, including their associated routes and firewall rules,
Traffic to and from instances

In terms of security around the networking in place, we recommend the following:

Disable default networks
Secure your perimeter with VPC service controls
Inspect and monitor your network traffic
Use a web application firewall

There are a multitude of other networking actions that can be taken but the focus at this stage is to set up well the foundations with best-practices.

PreviousSecurity NextFinOps

Last updated 1 year ago

Developing your cloud networking design includes the following steps:

Design the workload VPC architecture. Start by identifying how many Google Cloud projects and VPC networks you require.
Add inter-VPC connectivity. Design how your workloads connect to other workloads in different VPC networks.
Design hybrid network connectivity. Design how your workload VPCs connect to on-premises and other cloud environments.

We usually tackle networking with an initial workshop where we cover the following topics:

VPC architecture required. If you are using only serverless products on Google Cloud, there is actually no need of VPCs. Otherwhise, we usually recommend a hub-spoke topology.
VPC networks, including their associated routes and firewall rules,
Traffic to and from instances

In terms of security around the networking in place, we recommend the following:

Disable default networks
Secure your perimeter with VPC service controls
Inspect and monitor your network traffic
Use a web application firewall

There are a multitude of other networking actions that can be taken but the focus at this stage is to set up well the foundations with best-practices.