GCP – 6 Building blocks for cloud networking – Networking Architecture
Cloud offers opportunities to businesses to help them achieve their strategic objectives. One of the foundational components of the cloud is networking. This article explores the building blocks of networking on Google Cloud.
The purpose of architecture
Moving to the cloud can be a complex endeavor and onboarding and designing your architecture is an important first step. Architecting a design that meets your needs is all about considering areas such as security, high availability, scalability, flexibility, ease of use and sector specific requirements. With a specific focus on cloud networking architecture, there are several building blocks that will be discussed below.
The concepts
In the document Designing networks for migrating enterprise workloads: Architectural approaches, we identify six fundamentals building blocks of cloud networking. The blocks are as follows:
Network Connectivity
Network Security
Service Networking
Service Security
Content Delivery
Observability
Figure 1. Building blocks cloud networking connectivity and security
For each of these building blocks, Google Cloud has several services which can be incorporated in your design to help achieve your requirements. Let’s take a look at each of these.
Network Connectivity
Customers need to be able to access systems, apps and services when they need to. Having reliable and available networking is a critical element of the service. Different SLO/SLA may exist for your services and would affect the high availability design option, however, at a basic level reliable connectivity is a necessity.
In order to achieve this connectivity there are several products including Cloud VPC, Cloud Interconnects, Network Connectivity Center and VCP Network Peering.
For more information check out the Network Connectivity section of the Designing Networks For Migrating Enterprise Workloads: Architectural Approaches document.
Network Security
Part of building trust in an organization is making sure the network is secured thereby making network security a requirement.
To help achieve your security goals there are several features and services including, VPC firewall rules, packet mirroring, network virtual appliances, Cloud IDS, Cloud NAT, Firewall insights, network logging services.
Google Cloud also has default security controls in place like encryption of data in transit and at rest. Based on your organization’s risk appetite, regulatory requirements and compliance needs, you can use these and other services to create your layered defense in depth setup.
For more information check out the Network Security section of theDesigning Networks For Migrating Enterprise Workloads: Architectural Approaches document.
Service Networking
The ability of your services to be found is a key element since your services often need to communicate with other services.
In order to facilitate service networking there exist services like Cloud DNS, Cloud Load Balancing, Service Directory, Private Service Connect and more.
For more information check out the Service Networking section of the Designing Networks For Migrating Enterprise Workloads: Architectural Approaches document.
Service Security
Controlling access to services and resources adds an additional layer of security in your environments. This access can be enforced by using higher level logic, such as user identity and packet patterns.
You can achieve these capabilities with services including Cloud Armor, Identity Aware proxy and VPC service controls.
For more information check out the Service Security section of the Designing Networks For Migrating Enterprise Workloads: Architectural Approaches document.
Content Delivery
Getting access to your application or content is very important to customers. Regardless if it’s one customer or millions, providing reliable low latency access is always a good thing.
Google Cloud has services that help you in this area like Cloud CDN and Media CDN. These services can help reduce latency by caching content and serving customer requests from a point closest to their connection.
Observability
Knowing what is happening in the network is very important especially when trying to troubleshoot an issue. Network Intelligence Centre gives you a single pane of glass to view the network and currently has 5 specific modules to meet your various needs:
More on architecture
To help you on your design journey, the Cloud Architecture Centre provides you with documentation, guides and more.
To learn more about networking architecture, check out the following documents:
Documentation: Networking for secure intra-cloud access: Reference architectures
Documentation: Networking for internet-facing application delivery: Reference architectures
Documentation: Networking for hybrid and multi-cloud workloads: Reference architectures
Read More for the details.