Designing a GCP Security Infrastructure
The course is part of this learning path
This course walks you through the main security components of Google Cloud Platform and uses a case study to show you how these can be applied to a real-world example.
By the end of this course, you will understand how the following components can be used to secure your GCP environments:
- Service accounts
- Data protection and encryption
- Legislation and compliance
This course is intended for anyone who wants to learn more about Google Cloud Platform.
To get the most from this course, you should already have a basic understanding of Google Cloud Platform.
Suppose you've been hired to help a company called Great Inside, which offers interior design software as a service.
Great Inside makes its money by selling subscriptions to its web-based interior design application. It also has a free version that's supported by advertising. Their customers are primarily in North America, but they hope to expand in Europe and Asia at some point in the future.
The company has grown slowly for five years, but recently closed a venture capital round, brought in experienced executives, and is now growing more quickly. The company's existing infrastructure is not capable of scaling up quickly enough, so they would like to move to the cloud.
Great Inside started off with a Microsoft-centric infrastructure and then migrated to a LAMP stack. The only Microsoft infrastructure left is the payment processing system and an Active Directory server. They would like to retire their Microsoft servers in the future, other than Active Directory. But that isn't a priority right now, and the company would like to move both types of servers to the cloud. They've also started a pilot project using a NoSQL database.
Since they accept credit cards, they need to be PCI DSS compliant. Since their volume is increasing, they need to ensure that their payment processing environment meets a higher level of compliance. Note that Great Inside passes the validation and processing of credit card information to a certified payment processor.
They would like to improve their disaster recovery solution. At the moment, they're backing their data up to a cloud service, but it would take them a long time to recover from a disaster.
Their existing technical environment is all in a single data center.
They have three types of databases. MySQL for the interior design application, Microsoft SQL Server for payment processing, and a NoSQL database in the development environment.
They have two types of web and application servers. Apache and Tomcat are running on six servers, each with 2 dual-core CPUs, 24GB of RAM, and two mirrored 200GB disks. These servers are for their interior design application. IIS is running on four servers- two customer-facing and two internal, each with a dual-core CPU, 16GB of RAM and two mirrored 250GB disks. These servers are for payment processing.
They have a variety of infrastructure servers, including Active Directory and a file server for internal documents, etc.
Here are their business requirements. Scale easily to handle rapid growth, move as much of the development, test, and production infrastructure as possible to the cloud, and increase performance, reliability, and security while reducing management overhead.
And their technical requirements are: connect the data center's network with the cloud environment's network, encrypt all data, design high availability into all tiers, and create a disaster recovery solution that will reduce recovery time to a few hours, rather than a day.
I should mention up front that some aspects of this case study may not be completely realistic. It's simplified so we can go through it in a reasonable amount of time, but it has just enough complexity to allow us to cover the key topics.
Guy launched his first training website in 1995 and he's been helping people learn IT technologies ever since. He has been a sysadmin, instructor, sales engineer, IT manager, and entrepreneur. In his most recent venture, he founded and led a cloud-based training infrastructure company that provided virtual labs for some of the largest software vendors in the world. Guy’s passion is making complex technology easy to understand. His activities outside of work have included riding an elephant and skydiving (although not at the same time).