aster.cloud aster.cloud
  • /
  • Platforms
    • Public Cloud
    • On-Premise
    • Hybrid Cloud
    • Data
  • Architecture
    • Design
    • Solutions
    • Enterprise
  • Engineering
    • Automation
    • Software Engineering
    • Project Management
    • DevOps
  • Programming
    • Learning
  • Tools
  • About
  • /
  • Platforms
    • Public Cloud
    • On-Premise
    • Hybrid Cloud
    • Data
  • Architecture
    • Design
    • Solutions
    • Enterprise
  • Engineering
    • Automation
    • Software Engineering
    • Project Management
    • DevOps
  • Programming
    • Learning
  • Tools
  • About
aster.cloud aster.cloud
  • /
  • Platforms
    • Public Cloud
    • On-Premise
    • Hybrid Cloud
    • Data
  • Architecture
    • Design
    • Solutions
    • Enterprise
  • Engineering
    • Automation
    • Software Engineering
    • Project Management
    • DevOps
  • Programming
    • Learning
  • Tools
  • About
  • Architecture
  • Public Cloud

Internet-Facing Application Delivery: Networking Architecture

  • aster.cloud
  • May 4, 2023
  • 3 minute read

Exposing your applications to the internet is a common requirement for enterprises. In this article we would be looking at internet facing application delivery. This references information from the document Networking for internet-facing applications: Reference architecture which should be read for more detail.

Internet facing applications 

Any application meant to be used by people on the internet needs to be built for high availability, wide consumption and tight security. Services and web-apps need to be built so they can be protected as they scale.


Partner with aster.cloud
for your next big idea.
Let us know here.



From our partners:

CITI.IO :: Business. Institutions. Society. Global Political Economy.
CYBERPOGO.COM :: For the Arts, Sciences, and Technology.
DADAHACKS.COM :: Parenting For The Rest Of Us.
ZEDISTA.COM :: Entertainment. Sports. Culture. Escape.
TAKUMAKU.COM :: For The Hearth And Home.
ASTER.CLOUD :: From The Cloud And Beyond.
LIWAIWAI.COM :: Intelligence, Inside and Outside.
GLOBALCLOUDPLATFORMS.COM :: For The World's Computing Needs.
FIREGULAMAN.COM :: For The Fire In The Belly Of The Coder.
ASTERCASTER.COM :: Supra Astra. Beyond The Stars.
BARTDAY.COM :: Prosperity For Everyone.

Google Cloud has several services to help you add security controls to your external facing application.

  • The Edge – Cloud Armor provides WAF and DDoS protection, Load Balancers give you a single IP to expose your services.
  • In region – Network Virtual Appliances such as Next Generation Firewalls can be used to inspect traffic and Network Firewall policies can be used to control access to your resources.
  • Other services – Cloud IDS (Cloud Intrusion Detection System)  can detect threats in both East West and North South traffic flows.

Networking internet-facing applications

The document Networking for internet-facing applications: Reference architecture explores several patterns grouped as follows:

  • Lift and shift Architecture
  • Hybrid service architecture
  • Zero Trust Distributed Architecture

We will explore two architectures under the hybrid service architecture group.

# 1 – Hybrid connectivity configuration using external Cloud Load Balancing and network edge services

Securing service access at the edge and distributing traffic to multiple sources can be achieved on Google Cloud. Some components involved in this design are Load balancers, Cloud CDN, Cloud Armor, Identity aware proxy, Google-managed SSL certificates and Network Endpoint Groups.

The design below shows Google Cloud frontend services, Load balancer and multiple backend sources.

https://storage.googleapis.com/gweb-cloudblog-publish/images/1-network-services-for-hybrid.max-2200x2200.jpg

The design elements are as follows.

Edge services

  • Load balancer – Ingest traffic from external clients.
  • Cloud CDN – If there is static content and this feature is enabled, Cloud CDN caches content at a location closest to the user and serves it from there thereby reducing latency. 
  • Managed certs –  Helps you to manage your domains with Google-managed SSL certificates.
  • Cloud Armor – Provides protection against DDoS and OWASP top 10 protection.
  • Identity Aware-proxy – Allows access based on identity.
Read More  BNB Chain And Google Cloud Form Strategic Collaboration To Accelerate The Growth of Web3 And Blockchain Startups

Backend
The backend resources selected will depend on the URL map configuration. Let’s look at some backend types used here.

  • Managed Instance group – This could be used for Virtual machines resources within Google Cloud. 
  • Hybrid Network endpoint groups (NEG) – These could be set up for on-premise and other cloud connections. Traffic to hybrid NEGs are routed over Cloud VPN, or interconnect connections.

# 2 – IDS traffic inspection

Intrusion Detection Systems (IDS) provide inspection of network traffic and visibility into possible suspicious activity. Cloud IDS is a Google Cloud service which meets this requirement.

 The design below shows Cloud IDS providing traffic inspection of internet traffic.

https://storage.googleapis.com/gweb-cloudblog-publish/images/2-ids.max-2000x2000.jpg

The design elements are as follows.

Front End.

  • Load Balancers – The design shows the use of both a regional Network load balancer for non HTTP(S) traffic and a global HTTP(S) load balancer. Traffic is directed to the IP’s of the load balancers to be distributed to the relevant backend resources.
  • External IP – There is also a VMs with an external IP address with firewall rules that allow access.

Cloud IDS.
For Cloud IDS to work the following is setup:

  • Service Networking, Cloud IDS APIs needs to be enabled.
  • Reservation of service IPs- A range of private IPs need to be allocated for services. 
  • A private connection to the service producer has to be enabled. This creates a VPC network peering from the network to be monitored to the service network.
  • A Cloud IDS endpoint has to be set up in the region where traffic is to be monitored. You will add a Cloud IDS service profile and packet mirroring policy to the end point.
  • Traffic logs will be generated and can be viewed in the Cloud IDS console or in Cloud Logging.
Read More  How Spam Detection Taught Us Better Tech Support

You can get a hands-on introduction lab at the skillsboost site. Cloud IDS: Qwik Start.

Overall this design gives visibility into internet traffic and also internal traffic for (threat intrusion detection, malware, spyware, and command-and-control attacks) and can help meet certain compliance requirements for an organization.

More on architecture

Previous blogs on this topic 6 building blocks for cloud networking and two network patterns for secure intra-area access are very good to explore. Also, I recommend reading the following documents:

  • Documentation: Networking for secure intra-cloud access: Reference architectures
  • Documentation: Designing networks for migrating enterprise workloads: Architectural approaches
  • Documentation: Networking for hybrid and multi-cloud workloads: Reference architectures
  • Documentation: Hybrid connectivity network endpoint groups overview

By Ammett Williams, Developer Relation Engineer, Google
Originally published Google Cloud

Source: Cyberpogo


For enquiries, product placements, sponsorships, and collaborations, connect with us at [email protected]. We'd love to hear from you!

Our humans need coffee too! Your support is highly appreciated, thank you!

aster.cloud

Related Topics
  • Cloud IDS
  • Cloud Load Balancing
  • Google Cloud
  • Networking Architecture
You May Also Like
View Post
  • Computing
  • Public Cloud
  • Technology

United States Army Enterprise Cloud Management Agency Expands its Oracle Defense Cloud Services

  • April 15, 2025
DeepSeek R1 is now available on Azure AI Foundry and GitHub
View Post
  • Public Cloud
  • Technology

DeepSeek R1 is now available on Azure AI Foundry and GitHub

  • February 2, 2025
Cloud platforms among the clouds
View Post
  • Computing
  • Learning
  • Public Cloud

Best Cloud Platforms Offering Free Trials for Cloud Mastery

  • December 23, 2024
Vehicle Manufacturing
View Post
  • Hybrid Cloud
  • Public Cloud

Toyota shifts into overdrive: Developing an AI platform for enhanced manufacturing efficiency

  • December 10, 2024
IBM and AWS
View Post
  • Public Cloud

IBM and AWS Accelerate Partnership to Scale Responsible Generative AI

  • December 2, 2024
COP29 AI and Climate Change
View Post
  • Public Cloud
  • Technology

How Cloud And AI Are Bringing Scale To Corporate Climate Mitigation And Adaptation

  • November 18, 2024
Cloud Workstations
View Post
  • Public Cloud

FEDRAMP High Development in the Cloud: Code with Cloud Workstations

  • November 8, 2024
View Post
  • Public Cloud

PyTorch/XLA 2.5: vLLM support and an improved developer experience

  • October 31, 2024

Stay Connected!
LATEST
  • 1
    Just make it scale: An Aurora DSQL story
    • May 29, 2025
  • 2
    Reliance on US tech providers is making IT leaders skittish
    • May 28, 2025
  • Examine the 4 types of edge computing, with examples
    • May 28, 2025
  • AI and private cloud: 2 lessons from Dell Tech World 2025
    • May 28, 2025
  • 5
    TD Synnex named as UK distributor for Cohesity
    • May 28, 2025
  • Weigh these 6 enterprise advantages of storage as a service
    • May 28, 2025
  • 7
    Broadcom’s ‘harsh’ VMware contracts are costing customers up to 1,500% more
    • May 28, 2025
  • 8
    Pulsant targets partner diversity with new IaaS solution
    • May 23, 2025
  • 9
    Growing AI workloads are causing hybrid cloud headaches
    • May 23, 2025
  • Gemma 3n 10
    Announcing Gemma 3n preview: powerful, efficient, mobile-first AI
    • May 22, 2025
about
Hello World!

We are aster.cloud. We’re created by programmers for programmers.

Our site aims to provide guides, programming tips, reviews, and interesting materials for tech people and those who want to learn in general.

We would like to hear from you.

If you have any feedback, enquiries, or sponsorship request, kindly reach out to us at:

[email protected]
Most Popular
  • Understand how Windows Server 2025 PAYG licensing works
    • May 20, 2025
  • By the numbers: How upskilling fills the IT skills gap
    • May 21, 2025
  • 3
    Cloud adoption isn’t all it’s cut out to be as enterprises report growing dissatisfaction
    • May 15, 2025
  • 4
    Hybrid cloud is complicated – Red Hat’s new AI assistant wants to solve that
    • May 20, 2025
  • 5
    Google is getting serious on cloud sovereignty
    • May 22, 2025
  • /
  • Technology
  • Tools
  • About
  • Contact Us

Input your search keywords and press Enter.