Case Study

Implementing a High-Availability Global Network
on Google Cloud Platform

Opportunity

In today’s digital economy, companies require robust, scalable, and reliable infrastructure to meet the demands of their customers globally. Our client migrated to the Google Cloud Platform to improve their business agility and meet the needs of growing global operations. They sought to build a high-availability network that seamlessly integrates with their existing on-premises data centers and provides a resilient foundation for their development, testing, and production environments.

Objectives

The primary objectives for this project were to:

  1. Integrate with Existing Data Centers: Establish secure and efficient connectivity between the client’s on-premises data centers and their corporate headquarters to the Google Cloud Platform (GCP).
  2. High Availability for Production: Deploy production environments across two GCP regions to ensure high availability and fault tolerance.
  3. Development and Testing Efficiency: Set up development and test environments that mirror the production setup to ensure consistency and reliability in software development life cycles.
  4. Enhanced Security Posture: Implement robust security measures to protect against a wide array of cyber threats.

Solution

The solution entailed a comprehensive approach encompassing the setup of a global GCP network, connectivity strategies, and security implementations.

GCP Network Setup

We designed a global GCP network using the following components:

Virtual Private Cloud (VPC)

  • Production Shared VPC: Spanning two regions, this setup allows the client to manage their network resources centrally, reducing the overhead of network administration across multiple projects.
  • Test Shared VPC: A parallel environment to production, providing an isolated network for development and testing, enabling safe and efficient pre-deployment evaluations.

Connectivity

  • Interconnect From Data Centers: We leveraged GCP’s Interconnect service to establish low-latency, high-throughput connections between the client’s data centers and their GCP network.
  • Routes: Routes were configured and propagated to enable seamless communication between services deployed in data centers and GCP.
  • DNS: New zones were set up for GCP in the existing DNS solution. VPC configuration was modified to forward these zones to the DNS solution in the data center for resolution.
  • Managed Services: The client was planning on leveraging managed services like Apigee for API Management, Google Kubernetes Engine (GKE) for containers, Cloud SQL for databases, etc. These were hosted in VPC’s managed by Google. VPC peering was set up between the managed VPC and the client’s shared VPC to enable communication.
  • High Availability: For Production workloads, services would be deployed in multiple regions and zones. As per the Business Continuity plan and classification of the application, services would be in Active/Active or Active/Hot-standby mode. Global L7 Load Balancer was leveraged for traffic management across multiple regions.

Security

  • GCP Front End Security: Cloud Armor, and Cloud Firewall Rules were implemented to enhance security in the cloud, protecting against Distributed Denial of Service (DDoS) attacks and other cyber threats.

Implementation

GitOps: We used Terraform to create base modules for the foundational constructs like VPC, Subnets, Routes, Load Balancers, etc. We created wrapper modules for each environment from the base modules. Pipelines were created on Jenkins to connect to the GCP host project defined in the client organization and to provision the necessary resources. This was automated end to end, triggered by a Pull Request, and provisioned after necessary reviews and approvals.

Results

The implementation of this global network on GCP resulted in several key outcomes for the client:

  1. Resilience and Uptime: With a multi-regional setup, the client’s production environment now enjoys high availability, minimizing the risk of downtime.
  2. Enhanced Security: The comprehensive security measures implemented both on-premises and in the cloud have fortified the client’s infrastructure against cyber threats.
  3. Operational Efficiency: The shared VPCs for production and testing have streamlined network management, reducing operational complexity and costs.
  4. Seamless Integration: The seamless integration between on-premises and cloud environments has enabled a hybrid infrastructure, providing flexibility and scalability.
  5. Developer Productivity: With mirrored environments for development, testing, and production, developers can work more efficiently, leading to faster time-to-market for new features and products.
If you would like to learn more about this implementation or have similar needs, please reach out to us.

Get In Touch