Creating a Production Environment for an Application with Compute Engine and Cloud SQL

Best Practices for Creating a Secure Production Environment

Prev Question Next Question

Question

You have successfully created a development environment in a project for an application.

This application uses Compute Engine and Cloud SQL.

Now you need to create a production environment for this application.

The security team has forbidden the existence of network routes between these 2 environments and has asked you to follow Google-recommended practices.

What should you do?

Answers

A. Create a new project, enable the Compute Engine and Cloud SQL APIs in that project, and replicate the setup you have created in the development environment.

B. Create a new production subnet in the existing VPC and a new production Cloud SQL instance in your existing project, and deploy your application using those resources.

C. Create a new project, modify your existing VPC to be a Shared VPC, share that VPC with your new project, and replicate the setup you have in the development environment in that new project in the Shared VP.

D. Ask the security team to grant you the Project Editor role in an existing production project used by another division of your company. Once they grant you that role, replicate the setup you have in the development environment in that project.

Show Answer

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

The best answer to this question is C. Create a new project, modify your existing VPC to be a Shared VPC, share that VPC with your new project, and replicate the setup you have in the development environment in that new project in the Shared VPC.

Explanation: When creating a production environment, it is important to follow Google-recommended practices and ensure that security requirements are met. In this scenario, the security team has forbidden the existence of network routes between the development and production environments.

Option A, creating a new project and replicating the setup, may not be the best option as it does not follow the Google-recommended practices and does not address the security team's requirement of not having network routes between the two environments.

Option B, creating a new subnet in the existing VPC and a new Cloud SQL instance in the existing project, may not be feasible as the security team has forbidden network routes between the two environments. Also, using the same project for both development and production may not be a good practice.

Option D, asking the security team to grant the Project Editor role in an existing production project, may not be a feasible option as it does not follow the Google-recommended practices and it may not be possible to get access to an existing production project of another division of the company.

Option C, creating a new project and modifying the existing VPC to be a Shared VPC, is the best option. In this option, the existing VPC can be shared with the new project, and the setup from the development environment can be replicated in the new project in the Shared VPC. This option follows the Google-recommended practices and addresses the security team's requirement of not having network routes between the two environments.

In summary, option C is the best option as it follows the Google-recommended practices and addresses the security team's requirement of not having network routes between the two environments.

Prev Question Next Question