aster.cloud aster.cloud
  • /
  • Platforms
    • Public Cloud
    • On-Premise
    • Hybrid Cloud
    • Data
  • Architecture
    • Design
    • Solutions
    • Enterprise
  • Engineering
    • Automation
    • Software Engineering
    • Project Management
    • DevOps
  • Programming
    • Learning
  • Tools
  • About
  • /
  • Platforms
    • Public Cloud
    • On-Premise
    • Hybrid Cloud
    • Data
  • Architecture
    • Design
    • Solutions
    • Enterprise
  • Engineering
    • Automation
    • Software Engineering
    • Project Management
    • DevOps
  • Programming
    • Learning
  • Tools
  • About
aster.cloud aster.cloud
  • /
  • Platforms
    • Public Cloud
    • On-Premise
    • Hybrid Cloud
    • Data
  • Architecture
    • Design
    • Solutions
    • Enterprise
  • Engineering
    • Automation
    • Software Engineering
    • Project Management
    • DevOps
  • Programming
    • Learning
  • Tools
  • About
  • Architecture
  • Public Cloud

Internet-Facing Application Delivery: Networking Architecture

  • aster.cloud
  • May 4, 2023
  • 3 minute read

Exposing your applications to the internet is a common requirement for enterprises. In this article we would be looking at internet facing application delivery. This references information from the document Networking for internet-facing applications: Reference architecture which should be read for more detail.

Internet facing applications 

Any application meant to be used by people on the internet needs to be built for high availability, wide consumption and tight security. Services and web-apps need to be built so they can be protected as they scale.


Partner with aster.cloud
for your next big idea.
Let us know here.



From our partners:

CITI.IO :: Business. Institutions. Society. Global Political Economy.
CYBERPOGO.COM :: For the Arts, Sciences, and Technology.
DADAHACKS.COM :: Parenting For The Rest Of Us.
ZEDISTA.COM :: Entertainment. Sports. Culture. Escape.
TAKUMAKU.COM :: For The Hearth And Home.
ASTER.CLOUD :: From The Cloud And Beyond.
LIWAIWAI.COM :: Intelligence, Inside and Outside.
GLOBALCLOUDPLATFORMS.COM :: For The World's Computing Needs.
FIREGULAMAN.COM :: For The Fire In The Belly Of The Coder.
ASTERCASTER.COM :: Supra Astra. Beyond The Stars.
BARTDAY.COM :: Prosperity For Everyone.

Google Cloud has several services to help you add security controls to your external facing application.

  • The Edge – Cloud Armor provides WAF and DDoS protection, Load Balancers give you a single IP to expose your services.
  • In region – Network Virtual Appliances such as Next Generation Firewalls can be used to inspect traffic and Network Firewall policies can be used to control access to your resources.
  • Other services – Cloud IDS (Cloud Intrusion Detection System)  can detect threats in both East West and North South traffic flows.

Networking internet-facing applications

The document Networking for internet-facing applications: Reference architecture explores several patterns grouped as follows:

  • Lift and shift Architecture
  • Hybrid service architecture
  • Zero Trust Distributed Architecture

We will explore two architectures under the hybrid service architecture group.

# 1 – Hybrid connectivity configuration using external Cloud Load Balancing and network edge services

Securing service access at the edge and distributing traffic to multiple sources can be achieved on Google Cloud. Some components involved in this design are Load balancers, Cloud CDN, Cloud Armor, Identity aware proxy, Google-managed SSL certificates and Network Endpoint Groups.

The design below shows Google Cloud frontend services, Load balancer and multiple backend sources.

https://storage.googleapis.com/gweb-cloudblog-publish/images/1-network-services-for-hybrid.max-2200x2200.jpg

The design elements are as follows.

Edge services

  • Load balancer – Ingest traffic from external clients.
  • Cloud CDN – If there is static content and this feature is enabled, Cloud CDN caches content at a location closest to the user and serves it from there thereby reducing latency. 
  • Managed certs –  Helps you to manage your domains with Google-managed SSL certificates.
  • Cloud Armor – Provides protection against DDoS and OWASP top 10 protection.
  • Identity Aware-proxy – Allows access based on identity.
Read More  Google Cloud Data Heroes Series: Meet Francisco, The Ecuadorian American Founder Of Direcly, A Google Cloud Partner

Backend
The backend resources selected will depend on the URL map configuration. Let’s look at some backend types used here.

  • Managed Instance group – This could be used for Virtual machines resources within Google Cloud. 
  • Hybrid Network endpoint groups (NEG) – These could be set up for on-premise and other cloud connections. Traffic to hybrid NEGs are routed over Cloud VPN, or interconnect connections.

# 2 – IDS traffic inspection

Intrusion Detection Systems (IDS) provide inspection of network traffic and visibility into possible suspicious activity. Cloud IDS is a Google Cloud service which meets this requirement.

 The design below shows Cloud IDS providing traffic inspection of internet traffic.

https://storage.googleapis.com/gweb-cloudblog-publish/images/2-ids.max-2000x2000.jpg

The design elements are as follows.

Front End.

  • Load Balancers – The design shows the use of both a regional Network load balancer for non HTTP(S) traffic and a global HTTP(S) load balancer. Traffic is directed to the IP’s of the load balancers to be distributed to the relevant backend resources.
  • External IP – There is also a VMs with an external IP address with firewall rules that allow access.

Cloud IDS.
For Cloud IDS to work the following is setup:

  • Service Networking, Cloud IDS APIs needs to be enabled.
  • Reservation of service IPs- A range of private IPs need to be allocated for services. 
  • A private connection to the service producer has to be enabled. This creates a VPC network peering from the network to be monitored to the service network.
  • A Cloud IDS endpoint has to be set up in the region where traffic is to be monitored. You will add a Cloud IDS service profile and packet mirroring policy to the end point.
  • Traffic logs will be generated and can be viewed in the Cloud IDS console or in Cloud Logging.
Read More  Cloud Data Loss Prevention Is Now Automatic!

You can get a hands-on introduction lab at the skillsboost site. Cloud IDS: Qwik Start.

Overall this design gives visibility into internet traffic and also internal traffic for (threat intrusion detection, malware, spyware, and command-and-control attacks) and can help meet certain compliance requirements for an organization.

More on architecture

Previous blogs on this topic 6 building blocks for cloud networking and two network patterns for secure intra-area access are very good to explore. Also, I recommend reading the following documents:

  • Documentation: Networking for secure intra-cloud access: Reference architectures
  • Documentation: Designing networks for migrating enterprise workloads: Architectural approaches
  • Documentation: Networking for hybrid and multi-cloud workloads: Reference architectures
  • Documentation: Hybrid connectivity network endpoint groups overview

By Ammett Williams, Developer Relation Engineer, Google
Originally published Google Cloud

Source: Cyberpogo


For enquiries, product placements, sponsorships, and collaborations, connect with us at [email protected]. We'd love to hear from you!

Our humans need coffee too! Your support is highly appreciated, thank you!

aster.cloud

Related Topics
  • Cloud IDS
  • Cloud Load Balancing
  • Google Cloud
  • Networking Architecture
You May Also Like
View Post
  • Computing
  • Public Cloud
  • Technology

United States Army Enterprise Cloud Management Agency Expands its Oracle Defense Cloud Services

  • April 15, 2025
DeepSeek R1 is now available on Azure AI Foundry and GitHub
View Post
  • Public Cloud
  • Technology

DeepSeek R1 is now available on Azure AI Foundry and GitHub

  • February 2, 2025
Cloud platforms among the clouds
View Post
  • Computing
  • Learning
  • Public Cloud

Best Cloud Platforms Offering Free Trials for Cloud Mastery

  • December 23, 2024
Vehicle Manufacturing
View Post
  • Hybrid Cloud
  • Public Cloud

Toyota shifts into overdrive: Developing an AI platform for enhanced manufacturing efficiency

  • December 10, 2024
IBM and AWS
View Post
  • Public Cloud

IBM and AWS Accelerate Partnership to Scale Responsible Generative AI

  • December 2, 2024
COP29 AI and Climate Change
View Post
  • Public Cloud
  • Technology

How Cloud And AI Are Bringing Scale To Corporate Climate Mitigation And Adaptation

  • November 18, 2024
Cloud Workstations
View Post
  • Public Cloud

FEDRAMP High Development in the Cloud: Code with Cloud Workstations

  • November 8, 2024
View Post
  • Public Cloud

PyTorch/XLA 2.5: vLLM support and an improved developer experience

  • October 31, 2024

Stay Connected!
LATEST
  • 1
    Pure Accelerate 2025: All the news and updates live from Las Vegas
    • June 18, 2025
  • 2
    ‘This was a very purposeful strategy’: Pure Storage unveils Enterprise Data Cloud in bid to unify data storage, management
    • June 18, 2025
  • What is cloud bursting?
    • June 18, 2025
  • 4
    There’s a ‘cloud reset’ underway, and VMware Cloud Foundation 9.0 is a chance for Broadcom to pounce on it
    • June 17, 2025
  • What is confidential computing?
    • June 17, 2025
  • Oracle adds xAI Grok models to OCI
    • June 17, 2025
  • Fine-tune your storage-as-a-service approach
    • June 16, 2025
  • 8
    Advanced audio dialog and generation with Gemini 2.5
    • June 15, 2025
  • 9
    A Father’s Day Gift for Every Pop and Papa
    • June 13, 2025
  • 10
    Global cloud spending might be booming, but AWS is trailing Microsoft and Google
    • June 13, 2025
about
Hello World!

We are aster.cloud. We’re created by programmers for programmers.

Our site aims to provide guides, programming tips, reviews, and interesting materials for tech people and those who want to learn in general.

We would like to hear from you.

If you have any feedback, enquiries, or sponsorship request, kindly reach out to us at:

[email protected]
Most Popular
  • Google Cloud, Cloudflare struck by widespread outages
    • June 12, 2025
  • What is PC as a service (PCaaS)?
    • June 12, 2025
  • 3
    Crayon targets mid-market gains with expanded Google Cloud partnership
    • June 10, 2025
  • By the numbers: Use AI to fill the IT skills gap
    • June 11, 2025
  • 5
    Apple services deliver powerful features and intelligent updates to users this autumn
    • June 11, 2025
  • /
  • Technology
  • Tools
  • About
  • Contact Us

Input your search keywords and press Enter.