Please enable JavaScript.
Coggle requires JavaScript to display documents.
:<3: SOCLE GCP FOUNDATION :<3: - Coggle Diagram
:<3: SOCLE GCP FOUNDATION :<3:
APPLICATION DOMAIN
NETWORK :spider_web:
Cloud VPC :arrow_forward:
Cloud VPN :house_buildings:
Cloud Interconnect :electric_plug:
Cloud Router :twisted_rightwards_arrows:
Cloud DNS :postbox:
Cloud NAT :telephone_receiver:
Cloud Load Balancer :arrow_upper_left: :arrow_upper_right:
Cloud IAP :computer: :snake:
Proxy Out Fortigate :arrow_backward: :arrow_forward:
IPAM :passport_control:
SECURITY :lock:
Cloud Armor :dagger_knife:
Organization policy :!!:
Cloud Command Security Center :video_game:
OS Patch Manger :zap:
Antivirus :bug:
RESOURCE MANAGEMENT :ballot_box_with_ballot:
Cloud Resource Management :classical_building:
Project :card_index::
Folder :card_file_box:
User & Resource Management :silhouette:
LMA :newspaper: :linked_paperclips: :traffic_light:
Monitoring Tools :tv:
Alerting :phone:
Logging :rolled_up_newspaper:
IDENTITY AND ACCESS MANAGEMENT :closed_lock_with_key:
Cloud Identity :silhouette:
Cloud IAM :passport_control:
BILLING :heavy_dollar_sign:
Billing Account :credit_card:
AUTOMATION :recycle:
Cloud Source Repository :construction_worker::
Cloud Build :building_construction:
Cloud Container Registry :registered:
Infrastructure As Code :twisted_rightwards_arrows:
Bitbucket :joystick:
BACKUP & DR :santa:
Scheduled Snapshots :camera:
Storage Backup :studio_microphone:
Firestore Backup :fire:
Cloud SQL :checkered_flag:
Organization DR :classical_building: :fire:
FLOW DOMAIN :octopus:
Internal
GCP to GCP
EXTERNAL
WWW to GCP :world_map: :lipstick:
SSH | RDP :kimono:
HTTP(S) :confetti_ball:
GCP to WWW :lipstick: :world_map:
GCP to SEPHORA | ATOS :male-technologist:: :lipstick:
SEPHORA | ATOS to GCP :lipstick: :male-technologist:
DATA DOMAIN :snake:
Securiy Logs
Admin Activity Logs :green_book:
System Events Logs :blue_book:
Data Access Logs :closed_book:
Network Logs
VPC Flow Logs :unlock:
Firewall Rules Logs :green_cross:
Billing Exports :heavy_dollar_sign:
OPERATIONAL PRINCIPLES :soccer:
Network Guidelines :spider_web:
Shared VP for all :check:
ROUTED is used for interaction with Sephora / Atos ONLY :checkered_flag:
DNS resolution via Umbrella :umbrella:
INTERNAL is used for workload on GCP :checkered_flag:
Resources reachable from stores or HQ will be built in INTERNAL with Internal LB in ROUTED :checkered_flag:
Resources which must join the stores will be built in ROUTED SEPHORA :checkered_flag:
Resources reachable from ATOS will be built within ROUTED DATACENTER :checkered_flag:
Resources which must join ATOS DC must be built within ROUTED DATACENTER :checkered_flag:
Resources which must join ATOS and SEPHORA must b built in ROUTED SEPHORA :checkered_flag:
Security Guidelines :police_car:
Use Service Account for FW rules :red_cross:
Reduce exposure by limiting IP Range in FW Rule :forbidden:
Use IAP for Admin Access :robot_face:
Key Mamagement via OS Login :film_projector:
Proxy Out Stack Fortigate :factory:
Default Data Encryption :champagne:
Compute Guidelines :computer:
No Public IP assigned :gun:
no default service account :hocho: :passport_control:
Custom OS image :lower_left_paintbrush:
IAM Guidelines :passport_control:
Use only trusted identities to access GCP :passenger_ship:
Manage IAM rules only at Cloud Storage buckets level :closed_lock_with_key:
Functional Guidelines :minidisc:
Use managed service in private mode :footprints:
Distribute sensitive services over minimum 2 zone :world_map:
Locate resources in europe-west1 region :euro: