As part of the process of shifting a rather complicated organization's on-premise structure to the cloud, I've begun designing the networks (VPC, subnetworks, and so on).
I read and completed the required courses to become an associate engineer through the supplier GCP. The classes I've taken, however, only give you the possibilities; they don't go into detail on the technical requirements of performing anything like this.
I was a senior backend developer before becoming a full-stack developer. Unfortunately, I don't have all of a sysadmin's highly interesting and useful information.
Here is our situation:
- VMs located on-site in multiple racks and only accessible through a VPN
- There are several GCP Cloud projects.
- There should only be two of them connecting to the on-premise VPN, but there may be more.
- Using VPC Peering, some projects can observe each other's resources (VMs, SQL, etc.).
- Eventually, we'll stop using on-premise software unless we come across a legacy application that is seriously broken.
Now, I could simply set up a new VPN connection for each project by going to Hybrid Connectivity -> VPN, but I'd want to establish a project specifically for setting up the VPN gateway and letting other projects access those resources.
Is this a feasible arrangement? Is the design sound? As far as the VPN creation is concerned, it appears that I'll need to build a virtual machine (VM) that will expose an IP acting as a gateway; if that's the case, I was considering employing VPC peering to let other projects enter the on-premise VPN. I have no idea if I'm speaking nonsense. I'm currently a little confused because I'm still awaiting some information (IKE shared key, etc.) before making any attempts.