Within the solution, two deployment zones are defined in GCP, in one the DMZ is implemented and in the other, a private network, so that communication to the servers in the DMZ is made directly through the Google Gateway, this allows you to make use of the qualities of this Google component without the need to implement highly available Firewall appliances. For communications with external partners, a high availability VPN concentrator PFSense Appliance is implemented which is the entry point to the private zone, in the same way, the private zone will have access by RFC 1918 to the Compute Engine instances where the PostgreSQL databases 9.6.
Within the implementation strategy, the DRP model is proposed, through a script (Deployment Manager) that allows the deployment of the infrastructure between us-east4 and us-east1 so that if any failure, the same model can continue to be used of DMZ thanks to the fact that the PFSense is found in both regions (Master and Slave), while the HA was raised for the database (covering regional gaps).
In terms of monitoring the application and operation of the different components, Stackdriver is used by means of which there is a faster troubleshooting at the time of a contingency. On the other hand, the appropriate logging level was defined and the stackdriver modules to have on the database servers and others, in order to guarantee the necessary information for the analysis of any anomalous event within the platform.