Kategorie: Landing Zone

In the last blog post, we shortly introduced the different components and discussed the key points including an architecture for centralized logging and collection of audit logs.

A Landing Zone serves as the foundation for the whole cloud journey and as such it allows to deploy workloads and operate it in an efficient, scalable and secure manner. For the sake of security, it is important to know what security relevant events happen within the cloud and provide means to centrally collect those events and help to analyze them. Of course, the Google Cloud provides built-in services that can with these tasks.

In the last blog posts, we mostly covered Google related Landing Zones, but never discussed by which tools and techniques landing zones should be built and maintained.

In this blog post, we will cover this topic and give some information about Infrastructure-as-Code (IaC), GitOps and so on.

In the last blog posts, we discussed various aspects of networking. Now it is time to shift our focus to DNS – another crucial part of a Landing Zone.
For the Google Cloud – Cloud DNS should be used. Google Cloud DNS is a scalable, reliable, and managed authoritative Domain Name System (DNS) service running on the same infrastructure as Google. It offers authoritative DNS serving, which means it provides responses to DNS queries from end-users based on the DNS records you configure.

This blog series delves into Google Cloud Landing Zones, a crucial framework for establishing a secure, scalable, and efficient cloud environment. Google Cloud Landing Zones provide a structured approach to setting up cloud infrastructure, ensuring best practices in security, compliance, and operational excellence.

In our network posts of this series, we first introduced hybrid connectivity between on-premises and the Google Cloud and then further explained a typical network topology.
In the last blog post, we have discussed aspects of network design within a Google Cloud Landing Zone and introduced concepts like Private Google Access, Private Google Access for on-premises hosts, Private Service Access or Private Service Connect.

In the last blog post, we have shown how to establish connectivity between the on-premises network and the Google Cloud Landing Zone. Now it is time to talk about some network concepts. Networking is at the core of a Landing Zone, hence that’s there is plenty to discuss. We will split that topic into two different blog posts.

One of the most important things to consider when creating a Landing Zone is how connectivity can be implemented. It is easy to figure out that various options are possible and as cloud technologies including networking are evolving, a Landing Zone that was created in the past might need to be modernized since new technologies and services exist now.

A Landing Zone serves as the foundation and enables customers to effectively deploy workloads and operate their cloud environment at scale. But while enabling is important, it is also crucial to define standards and define guardrails what the different teams can do or cannot do. At this point, organizational policies come into play and that’s reason enough to discuss them in our Google Cloud Landing Zone series.

In the last blog post, we talked a lot about resource hierarchies. Resource hierarchies help to group projects into a folder structure and help with issues like governance, automation, access control, billing and cost management and other things.