Your organization has a 3-tier web application deployed in the same network on Google Cloud Platform.
Each tier (web, API, and database) scales independently of the others.
Network traffic should flow through the web to the API tier and then on to the database tier.
Traffic should not flow between the web and the database tier.
How should you configure the network?
Click on the arrows to vote for the correct answer
A. B. C. D.D.
Google Cloud Platform(GCP) enforces firewall rules through rules and tags.
GCP rules and tags can be defined once and used across all regions.
https://cloud.google.com/docs/compare/openstack/ https://aws.amazon.com/it/blogs/aws/building-three-tier-architectures-with-security-groups/To configure the network for the 3-tier web application, you need to ensure that the web, API, and database tiers are properly isolated while allowing traffic to flow between the tiers as required.
Option A: Add each tier to a different subnetwork
This option involves creating a separate subnet for each tier and placing the instances belonging to that tier within the subnet. Each subnet can have its own firewall rules, and traffic can be allowed or denied between subnets using network ACLs (Access Control Lists). This approach ensures that traffic between the web and the database tiers is blocked by default, but it may require more complex routing rules to allow traffic to flow between the tiers.
Option B: Set up software-based firewalls on individual VMs
This option involves configuring firewalls on each VM to allow or deny traffic as required. Each VM can have its own firewall rules, which can be used to block traffic between the web and database tiers. However, this approach can be complex to manage, and it may not be scalable for larger deployments.
Option C: Add tags to each tier and set up routes to allow the desired traffic flow
This option involves tagging each instance belonging to a particular tier and setting up routes to allow traffic to flow between the tiers as required. For example, you could tag all web instances with a "web" tag and all API instances with an "api" tag. You could then set up a route to allow traffic to flow from the web tier to the API tier based on the "web" tag, and another route to allow traffic to flow from the API tier to the database tier based on the "api" tag. This approach is scalable and flexible, but it may require more complex configuration.
Option D: Add tags to each tier and set up firewall rules to allow the desired traffic flow
This option involves tagging each instance belonging to a particular tier and setting up firewall rules to allow traffic to flow between the tiers as required. For example, you could tag all web instances with a "web" tag and all API instances with an "api" tag. You could then set up a firewall rule to allow traffic from the web tier to the API tier based on the "web" tag, and another firewall rule to allow traffic from the API tier to the database tier based on the "api" tag. This approach is similar to option C, but it uses firewall rules instead of routes to control traffic flow.
In conclusion, option C or D would be the most appropriate configuration for the network, as they provide the required traffic flow while ensuring that the web and database tiers remain isolated. Option A may also work, but it may require more complex routing rules to allow traffic to flow between the tiers. Option B is not recommended, as it may be complex to manage and not scalable for larger deployments.