Prestigious hospital/university in the Bay Area with several researchers and an on-premise infrastructure for its applications. The customer aimed to move the applications to the cloud for greater security, agility, access to managed services and increased automated operations management. Biarca successfully designed the solution to deploy all the client’s applications to the Google Cloud Platform (GCP), with the highest security and leveraging GCP’s Service Accounts, Big query, Dataproc, GCE and networking features. Finally, Biarca performed functional testing of GCP components to ensure that the solution was secured and robust. With this solution, the client obtained both CapEx savings due to GCP’s low system resource costs, and OpEx savings because of GCP’s automation of several resource management tasks.
The University had the following requirements for migrating its on-premise applications, such as health platform services, to the cloud:
- Re-architect existing stack, mapping to Google Cloud managed services where possible or to compute equivalents
- Create a detailed architecture design with the highest security
- Bring up the entire stack on Google
- Perform functional and performance tests
- Test functionalities and features
Customized Solution from Biarca
After careful study of the client’s application migration requirements, the Biarca team architected a solution involving the following components:
- Service Accounts
- GCE Instances
- Google VPC Networks
A service account is a special type of Google account that belongs to our application or a virtual machine (VM), instead of to an individual end user. Our application assumes the identity of the service account to call Google APIs, so that the users aren’t directly involved. Biarca created and configured a Master Service Account with the minimum necessary permissions granted to this service account.
Google Compute Engine delivers virtual machines running in Google’s innovative data centers and worldwide fiber network.
Biarca guaranteed that the GCE Instance was private and there was no public IP address assigned. By making the instance private, no one outside of GCP could access. Firewall rules have been also configured on the GCE instance to make sure that no unauthorized hosts/VMs can access this instance.
Different applications and workloads require different network connectivity solutions. Google supports multiple ways to connect your infrastructure to Google Cloud Platform.
For better security and network management control, Biarca created a new VPC network and subnet. This subnet is used to assign an unique IP address to the GCE instances. Proper firewall rules have also been configured on this subnet to make sure that no unauthorized access could be made to access the instances in this subnet.
Customer Value Proposition
The solution that Biarca designed for migrating the client’s existing infrastructure to Google Cloud Platform had the following benefits:
- Assigning only necessary roles to the service account guaranteed that only the intended Google APIs could be invoked by this service account.
- Private GCE instance guaranteed that no one outside of GCP can access this instance.
- By creating and configuring proper firewall rules guaranteed that only the authorized networks or service accounts can access the instances inside the subnet.
If you are looking for any additional information related to this case study, contact us.