A company is deploying a multi-tier web application on Google Cloud. The web tier must be accessible from the internet, while the application tier should only be accessible from the web tier. The database tier must not have any public IP addresses. Which VPC design should be used?
Trap 1: Use a Shared VPC with separate subnets in different projects for…
Shared VPC is for multi-project environments, not for tier isolation within one organization.
Trap 2: Use a single VPC and connect the database tier via Cloud VPN to…
Cloud VPN does not address isolation between tiers within a VPC.
Trap 3: Use a single VPC with separate subnets for each tier and configure…
Single VPC does not provide network isolation at the VPC level; firewall rules alone can be misconfigured.
- A
Use a Shared VPC with separate subnets in different projects for each tier.
Why wrong: Shared VPC is for multi-project environments, not for tier isolation within one organization.
- B
Use three separate VPCs for each tier and connect them using VPC peering.
Separate VPCs provide full isolation; peering allows controlled communication.
- C
Use a single VPC and connect the database tier via Cloud VPN to on-premises.
Why wrong: Cloud VPN does not address isolation between tiers within a VPC.
- D
Use a single VPC with separate subnets for each tier and configure firewall rules to restrict traffic.
Why wrong: Single VPC does not provide network isolation at the VPC level; firewall rules alone can be misconfigured.