Join Log in
Score:0
JoeShmoe avatar Server

GCP - Segregating business lines by VPC or Shared VPC

se flag
JoeShmoe

We want to create a landing zone which can onboard different business lines each in its own folder with multiple project

We want to have a centralised shared services VPC for internet ingress/egress + mgt etc. But am trying to decide if

a) we should use shared VPC's per region with 2 x host projects( to cover prod + non prod + then service projects per business line (with the shared VPC peered to the centralised VPC) OR b)use separate standard VPC's per business line with each peered to the central VPC

I think it comes down to whether segregation between business lines using a shared VPC (i.e by project/subnet) is secure enough over complete VPC segregation? Anyone got any thoughts? Best practices etc? Are workloads in a separate subnet / project suitably isolated from each other (i.e the firewalls at the vm level not the vpc level?)

26
0 + 1
Michael Hampton avatar
cz flag
Michael Hampton
_Why_ do you want to segregate business lines? Once you understand this, it will become more clear what you should do.
3
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.