The Architecture Center provides content resources across a wide variety of networking subjects. This page provides information to help you get started and a list of all networking content in the Architecture Center.
Get started
Google Cloud provides a suite of networking services to help you run your enterprise in the cloud. This page can help you get started with both designing and building a new cloud network and with enhancing your existing network.
Design and build
There are two general approaches to create a network:
- Just get started by creating a simple, but recommended, landing zone deployment and build from there.
- Read all the materials up front, plan everything end-to-end, and then build your design.
If you just want to get started:
- The fastest way is to use Google Cloud Setup in the Google Cloud console. The user interface shows you how to set up your organization, users and groups, administration, billing, networking, monitoring and security so you can get started with Google Cloud. Even if you already have an organization set up, you can use Google Cloud Setup to create well-crafted networks.
- Alternatively, you can follow a manual process using the Landing zone design in Google Cloud document set. In that document set, Decide the network design for your Google Cloud landing zone provides several options for your network design.
If you want to read and plan first:
- The Google Cloud Architecture Framework provides design principles for Google Cloud deployments. In particular, networking-specific guidance is provided in Design your network infrastructure.
- For an end-to-end Google Cloud deployment based on security best practices, see the Security foundations blueprint. The entire deployment is available as a Terraform configuration, which you can use as is or modify to meet your needs.
- If you are migrating workloads from an existing installation, see Designing networks for migrating enterprise workloads: Architectural approaches.
Enhance
If you already have your Google Cloud network set up, but you want to enhance or modify your setup, the documents listed in the left navigation can help. The documents are organized in the following categories:
- Connect: Connect Google Cloud resources to resources in other clouds, in your on-premises data centers, and in other parts of your Google Cloud deployment.
- Scale: Use load balancing, content delivery networks, and DNS to deliver your applications to your customers at any scale.
- Secure: Protect your applications and network traffic.
- Observe: Monitor and inspect your network configuration and traffic.
Networking resources in the Architecture Center
You can filter the following list of networking resources by typing a product name or a phrase that's in the resource title or description.
Best practices and reference architectures for VPC design This guide introduces best practices and typical enterprise architectures for the design of virtual private clouds (VPCs) with Google Cloud. Products used: Cloud DNS, Cloud Interconnect, Cloud NAT, Cloud Router, Cloud VPN, Virtual Private Cloud |
Building internet connectivity for private VMs Describes options for connecting to and from the internet using Compute Engine resources that have private IP addresses. Products used: Cloud Load Balancing, Cloud NAT, Compute Engine, Identity-Aware Proxy |
Centralized network appliances on Google Cloud This document is intended for network administrators, solutions architects, and operations professionals who run centralized network appliances on Google Cloud. Knowledge of Compute Engine and Virtual Private Cloud (VPC) networking in Google Cloud is... Products used: Cloud Load Balancing, Compute Engine |
Decide the network design for your Google Cloud landing zone This document describes four common network designs for landing zones, and helps you choose the option that best meets your requirements. Products used: VPC Service Controls, Virtual Private Cloud |
Deploy network monitoring and telemetry capabilities in Google Cloud Network telemetry collects network traffic data from devices on your network so that the data can be analyzed. Network telemetry lets security operations teams detect network-based threats and hunt for advanced adversaries, which is essential for... Products used: Compute Engine, Google Kubernetes Engine (GKE), Logging, Packet Mirroring, VPC, Virtual Private Cloud |
Deploying FortiGate-VM Next Generation Firewall using Terraform Shows you how to use Terraform to deploy a FortiGate reference architecture to help protect your applications against cyberattacks. FortiGate is a next-generation firewall (NGFW) with software-defined wide area network (SD-WAN)... Products used: Cloud Load Balancing, Cloud NAT, Cloud Storage, Compute Engine |
Design secure deployment pipelines Describes best practices for designing secure deployment pipelines based on your confidentiality, integrity, and availability requirements. Products used: App Engine, Cloud Run, Google Kubernetes Engine (GKE) |
Designing networks for migrating enterprise workloads: Architectural approaches This document introduces a series that describes networking and security architectures for enterprises that are migrating data center workloads to Google Cloud. These architectures emphasize advanced connectivity, zero-trust security principles, and... Products used: Anthos Service Mesh, Cloud CDN, Cloud DNS, Cloud Interconnect, Cloud Intrusion Detection System (Cloud IDS), Cloud Load Balancing, Cloud NAT, Cloud VPN, Google Cloud Armor, Identity-Aware Proxy, Network Connectivity Center, Traffic Director, VPC Service Controls, Virtual Private Cloud |
Global load-balancing architectures using DNS routing policies This document describes how you can combine multiple regional load balancers with Google DNS routing policies to create global load-balancing architectures. The document is aimed at network engineers, solutions architects, and operations... Products used: Google Load Balancing |
Hub-and-spoke network architecture Evaluate the architectural options for designing hub-and-spoke network topologies in Google Cloud. Products used: Cloud NAT, Cloud VPN, Virtual Private Cloud |
Hybrid and multi-cloud patterns and practices The first part of a multi-part series that discusses hybrid and multi-cloud deployments, architecture patterns, and network topologies. This part explores the opportunities and challenges of hybrid and multi-cloud deployments, and... Products used: Google Kubernetes Engine (GKE) |
Hybrid and multicloud monitoring and logging patterns Discusses monitoring and logging architectures for hybrid and multicloud deployments, and provides best practices for implementing them by using Google Cloud. Products used: Anthos, Cloud Logging, Cloud Monitoring, Google Kubernetes Engine (GKE) |
Identify and predict anomalies in firewall rules with Forseti Reports on the first stage of a project between Forseti and Google engineers designed to test a variety of approaches to the stages of implementing a machine learning solution for system security. Products used: BigQuery, Forseti Security |
Implement your Google Cloud landing zone network design This document provides steps and guidance to implement your chosen network design for your landing zone. Products used: Virtual Private Cloud |
Installing F5 BIG-IP ADC for GKE on VMware Shows how to install and configure the F5 BIG-IP Application Delivery Controller (ADC) before you integrate the ADC with Anthos clusters on VMware. Products used: Anthos, Google Kubernetes Engine (GKE) |
Installing F5 BIG-IP ADC for GKE on VMware using manual load balancing Shows how to set up the F5 BIG-IP Application Delivery Controller (ADC) before you integrate with Anthos clusters on VMware using the manual load-balancing mode on Anthos clusters on VMware. Products used: Anthos, Google Kubernetes Engine (GKE) |
Jump Start Solution: Load balanced managed VMs Demonstrates how to create a virtual machine cluster with a load balancer, make VMs globally available, and instantaneously manage traffic. |
Landing zone design in Google Cloud This series shows how to design and build a landing zone in Google Cloud, guiding you through high-level decisions about identity onboarding, resource hierarchy, network design, and security. |
Modernization path for .NET Framework applications on Google Cloud Looks at the common limitations of monolithic applications and describes a gradual yet structured process for modernizing them. Products used: Anthos, Cloud Run, Cloud SQL, Compute Engine, Google Kubernetes Engine (GKE), Migrate for Compute Engine |
Patterns for connecting other cloud service providers with Google Cloud Helps cloud architects and operations professionals decide how to connect Google Cloud with other cloud service providers (CSP) such as Amazon Web Services (AWS) and Microsoft Azure. In a multi-cloud design, these connections allow data... Products used: Cloud Interconnect, Dedicated Interconnect, Partner Interconnect |
This guide is intended to help you address concerns unique to Google Kubernetes Engine (GKE) applications when you are implementing customer responsibilities for Payment Card Industry Data Security Standard (PCI DSS) requirements. Disclaimer: This... Products used: Cloud Data Loss Prevention, Google Cloud Armor, Google Kubernetes Engine (GKE) |
Secure virtual private cloud networks with the Palo Alto VM-Series NGFW Dscribes the networking concepts that you need to understand to deploy Palo Alto Networks VM-Series next generation firewall (NGFW) in Google Cloud. Products used: Cloud Storage |
Security blueprint: PCI on GKE The PCI on GKE blueprint contains a set of Terraform configurations and scripts that demonstrate how to bootstrap a PCI environment in Google Cloud. The core of this blueprint is the Online Boutique application, where users can browse items, add them... Products used: Google Kubernetes Engine (GKE) |
VMware Engine network security using centralized appliances Design advanced network security for Google Cloud VMware Engine workloads to provide network protection features like DDoS mitigation, SSL offloading, NGFW, IPS/IDS, and DPI. Products used: Cloud CDN, Cloud Interconnect, Cloud Load Balancing, Cloud VPN, Google Cloud VMware Engine, Virtual Private Cloud |