You are deploying an application on App Engine that needs to integrate with an on-premises database. For security purposes, your on-premises database must not be accessible through the public internet. What should you do?
A.
Deploy your application on App Engine standard environment and use App Engine firewall rules to limit access to the open on-premises database.
B.
Deploy your application on App Engine standard environment and use Cloud VPN to limit access to the on-premises database.
C.
Deploy your application on App Engine flexible environment and use App Engine firewall rules to limit access to the on-premises database.
D.
Deploy your application on App Engine flexible environment and use Cloud VPN to limit access to the on-premises database.
Agree with D - "When to choose the flexible environment" "Accesses the resources or services of your Google Cloud project that reside in the Compute Engine network."
https://cloud.google.com/appengine/docs/the-appengine-environments
Where does it say appengine cannot connect to on-prem db? With CloudVPN, it shoudl connect as per this https://cloud.google.com/appengine/docs/flexible/storage-options#on_premises
Also going with D will require app to be containerized. That is not listed in the requirement.
This is the link for Standard Env
https://cloud.google.com/appengine/docs/standard/storage-options
Both standard and Flexible can connect to a VPC with Serverless VPC connector. Once it connects to a VPC, connecting to onprem is same for any service.
I just had the same confusion. Serverless VPC Connector is something relatively newer than this question on the exam, so probably it's safer to assume that a VPC connection is not supported (at least directly) by App Engine Standard.
Besides, this would add extra overhead, and would also increase the costs for the solution.
Most of these questions haven't been updated or repurposed according to newer products and services. For this particular question, using a Serverless VPC Connector would add unnecessary complexity and the solution would become more expensive.
I swore to god it was B lol, but after a few hours of reading the documentation, I changed my mind and switched to option D. You might want to do the same.
Yes, that phrase in the question bothers me too. However, when I check this:
https://cloud.google.com/appengine/docs/flexible/storage-options#:~:text=On%20premises,-If%20you%20have&text=Because%20App%20Engine%20and%20Compute,database%20server's%20internal%20IP%20address.
it says "If you have existing on-premises databases that you want to make accessible to your App Engine app, you can either configure your internal network and firewall to give the database a public IP address or connect using a VPN."
So I think the question should have skipped the words "not public internet access" if they want us to choose VPN.
In a forum mentions that GCE and CAP flex are designed for connect to VPC . With GAP standard is needed a proxy .
https://stackoverflow.com/questions/47537204/how-to-connect-app-engine-and-on-premise-server-through-vpn
Standard requires more setup compared to Flexible.
Standard Environment:
To connect from the standard environment, you primarily use "Serverless VPC Access" which allows your App Engine app to reach your VPC network over private IP addresses without exposing it directly to the public internet.
Flexible Environment:
In the flexible environment, you can directly connect to your VPC network by deploying your app within the same VPC as your Cloud VPN gateway, enabling a more seamless connection using the private IP addresses of your network resources.
App Engine Standard Environment:
Limited Customization: It runs on predefined runtime environments with limited flexibility.
No Access to Compute Engine Network: It does not support integration with the VPC network, which is necessary for setting up VPN connections.
App Engine Flexible Environment:
Customizable Runtimes: Allows you to run custom runtimes and use your own Docker containers.
VPC Integration: Fully supports VPC networking, enabling you to set up Cloud VPN to securely connect to your on-premises database.
Greater Flexibility: More control over the instance types, scaling, and networking options.
Per google:
For using Cloud VPN, App Engine Flexible is generally considered better than App Engine Standard because it offers more customization and control over your virtual machine environment, allowing you to configure network settings and access on-premises resources more easily through the VPN
Answer is D
The answer is BOTH B&D...
Answer: BD
I'm not sure what is the point of the question or the problem.
The standard environment can scale from zero instances up to thousands very quickly. In contrast, the flexible environment must have at least one instance running for each active version and can take longer to scale out in response to traffic. Standard environment uses a custom-designed autoscaling algorithm.
But the question doesn't address this.
The flexible environment gives you more control over the networking configuration of your application. This is crucial for setting up a secure connection to your on-premises database.
B and C are not appropriate and wherein in App Engine flex resources reside in VPC NEtwo
https://cloud.google.com/appengine/docs/the-appengine-environments#app-engine-environments
D
App Engine flexible environment provides more flexibility and supports VPC (Virtual Private Cloud) connectivity, which allows you to set up a Cloud VPN connection. The VPN can be used to securely connect your App Engine application to the on-premises database without exposing it to the public internet.
The documentation mentions that App Engine Standard can connect to on-prem database using VPN. Link of the documentation: https://cloud.google.com/appengine/docs/standard/storage-options
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
MyPractice
Highly Voted 4 years, 12 months agoAWS56
4 years, 11 months agoareza
3 years, 6 months agoVSMu
1 year, 10 months agoCloudcrawler
1 year, 4 months agojrisl1991
1 year, 2 months agoelaineshi
2 years, 6 months agomnsait
7 months, 1 week agoharoldbenites
3 years agojcmoranp
Highly Voted 5 years, 1 month agoamxexam
2 years, 7 months agomoiradavis
2 years, 5 months agodeep316
Most Recent 1 week, 4 days agoNimeshv
2 weeks, 4 days agodesertlotus1211
2 weeks, 4 days agodesertlotus1211
3 weeks, 6 days agodesertlotus1211
3 weeks, 6 days agoicarogsm
1 month agoEkramy_Elnaggar
1 month agoyocixim836
1 month, 1 week agodpttpd
2 months agoraghupothula
3 months agomaxdanny
3 months, 2 weeks agojoecloud12
4 months, 2 weeks agojanji456
4 months, 4 weeks agoneha_pallod
5 months, 2 weeks agonhatne
5 months, 3 weeks agonhatne
5 months, 3 weeks agoToothpick
5 months agogustangelo
6 months, 4 weeks ago