In GCP share a VPN gateway with other projects

0 votes

As part of the process of shifting a rather complicated organization's on-premise structure to the cloud, I've begun designing the networks (VPC, subnetworks, and so on).

I read and completed the required courses to become an associate engineer through the supplier GCP. The classes I've taken, however, only give you the possibilities; they don't go into detail on the technical requirements of performing anything like this.

I was a senior backend developer before becoming a full-stack developer. Unfortunately, I don't have all of a sysadmin's highly interesting and useful information.

Here is our situation:

  • VMs located on-site in multiple racks and only accessible through a VPN
  • There are several GCP Cloud projects.
  • There should only be two of them connecting to the on-premise VPN, but there may be more.
  • Using VPC Peering, some projects can observe each other's resources (VMs, SQL, etc.).
  • Eventually, we'll stop using on-premise software unless we come across a legacy application that is seriously broken.

Now, I could simply set up a new VPN connection for each project by going to Hybrid Connectivity -> VPN, but I'd want to establish a project specifically for setting up the VPN gateway and letting other projects access those resources.

Is this a feasible arrangement? Is the design sound? As far as the VPN creation is concerned, it appears that I'll need to build a virtual machine (VM) that will expose an IP acting as a gateway; if that's the case, I was considering employing VPC peering to let other projects enter the on-premise VPN. I have no idea if I'm speaking nonsense. I'm currently a little confused because I'm still awaiting some information (IKE shared key, etc.) before making any attempts.

Nov 7 in GCP by Tejashwini
• 2,860 points
44 views

1 answer to this question.

0 votes
You must consider the following factors:

Cost: It will be expensive if you set up a VPN for each project and you need to quadruple your connectivity for HA. It's more affordable if you only have one gateway project.
Cheaper implies a compromise. VPNs have 3Gbps of bandwidth available (Cloud Interconnect also, but higher and more expensive). Take caution at this point if all of your projects utilize the same VPN as a result of mutualization.
I advise using VPC Peering, specifically 1 VPN project and others with VPC peering, if you want to mutualize, at least for DEV/UAT projects. Be cautious when choosing your IP range for peering. If this interests you, I wrote an article on it.
Shared VPC is also an option, which is fantastic! However, other products have less compatibility (the serverless VPC Connector for Cloud Function and App Engine, for instance, isn't yet compliant with shared VPC).
answered Nov 8 by Ashwini
• 2,760 points

Related Questions In GCP

0 votes
1 answer

Unable to connect through SSH with VS-Code in Mac to a remote GCP VM

It looks to be a specific error ...READ MORE

answered Mar 20 in GCP by Korak
• 5,820 points
498 views
0 votes
2 answers
0 votes
1 answer
0 votes
1 answer

Changing Machine Instance on GCP

There is no direct method to change ...READ MORE

answered Aug 1, 2018 in GCP by kurt_cobain
• 9,390 points
234 views
0 votes
1 answer
0 votes
1 answer

GCP Cloud Run Cannot Pull Image from Artifact Registry in Other Project

In Cloud Run, there are two different ...READ MORE

answered Nov 10 in GCP by Ashwini
• 2,760 points
88 views
0 votes
1 answer

sending and receiving emails with GCP

If you're still considering using Mailgun on ...READ MORE

answered Nov 8 in GCP by Ashwini
• 2,760 points
61 views
webinar REGISTER FOR FREE WEBINAR X
REGISTER NOW
webinar_success Thank you for registering Join Edureka Meetup community for 100+ Free Webinars each month JOIN MEETUP GROUP