Why does GCP foundation setup walkthrough recommend "Non-Production" and "Development" environments?

ServerFaulted

2/13/24, 10:36 AM

The hierarchy suggested during the "Set up your foundation" step 5. "Hierarchy & access" found within GCP as a banner is the following:

Production
Non-Production
Development

But what is the purpose of Non-Production (possibly: QA, Staging, Sandbox) - and why not include Development environment within Non-Production?

GCP Networking Diagram

1 + 0

google-cloud-platform

google-cloud-vpn

Score:0

Server

John Mahowald

2/13/24, 4:56 PM

Developers should not touch test or stage environments under the non-production category. Introducing new software has risks of introducing functional or security problems.

As test should be like production, so too should dev be like test. Isolating infrastructure encourages that as new services are being added, they are figured out in dev first. And it helps IT administrators when the compute and network infrastructure follows the same design in each environment. Networks are cheap to set up in the VPC cloud concept.

Bend these rules to suit your organization. A developer may put on their analyst hat to troubleshoot an issue in test. However, they should respect any change control processes, and limit significant changes to the agreed on update procedures.

For those wishing to follow along, the referenced diagram comes from the GCP console's cloud-setup wizard. As the overview mentions, "This guide is intended for large organizations." Which makes sense for a design that sets up a handful of administrator groups, and assumes several projects.

+ 3

ServerFaulted

2/14/24, 9:09 AM

The arguments outlined in your second paragraph regarding isolation and "be like" (not very precise engineering terms) I all agree with, perhaps even stronger as a ideally close carbon-copy through GitOps. But why not in this scenario create 4 (dev, test, staging, prod) environments instead of lumping x into the same nonprod category? It would seem that this makes it more difficult to mimic production within staging..

John Mahowald

2/15/24, 2:27 PM

I say category, but I'm unclear on how many separate environments that represents, having zero context for the applications and the organization. Duplicate VPCs and create more isolated nets if you wish, and change the design. The goal of this exercise is to diagram an infrastructure that makes sense, running necessary applications, and keeping them in a secure and mass produced box.

ServerFaulted

2/15/24, 3:01 PM

That makes sense. Could be as you allude to; that the diagram with "nonprod" represents any X (staging, test), such that you add additional as needed and not a category with them all lumped together. Needless to say - the diagram is unnecessarily confusing.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Why does GCP foundation setup walkthrough recommend "Non-Production" and "Development" environments?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.