0

The hierarchy suggested during the "Set up your foundation" step 5. "Hierarchy & access" found within GCP as a banner is the following:

  • Production
  • Non-Production
  • Development

But what is the purpose of Non-Production (possibly: QA, Staging, Sandbox) - and why not include Development environment within Non-Production?

GCP Networking Diagram

ServerFaulted
  • 101
  • 1

1 Answers1

0

Developers should not touch test or stage environments under the non-production category. Introducing new software has risks of introducing functional or security problems.

As test should be like production, so too should dev be like test. Isolating infrastructure encourages that as new services are being added, they are figured out in dev first. And it helps IT administrators when the compute and network infrastructure follows the same design in each environment. Networks are cheap to set up in the VPC cloud concept.

Bend these rules to suit your organization. A developer may put on their analyst hat to troubleshoot an issue in test. However, they should respect any change control processes, and limit significant changes to the agreed on update procedures.

For those wishing to follow along, the referenced diagram comes from the GCP console's cloud-setup wizard. As the overview mentions, "This guide is intended for large organizations." Which makes sense for a design that sets up a handful of administrator groups, and assumes several projects.

John Mahowald
  • 32,050
  • 2
  • 19
  • 34
  • The arguments outlined in your second paragraph regarding isolation and "be like" (not very precise engineering terms) I all agree with, perhaps even stronger as a ideally close carbon-copy through GitOps. But why not in this scenario create 4 (dev, test, staging, prod) environments instead of lumping x into the same nonprod category? It would seem that this makes it more difficult to mimic production within staging.. – ServerFaulted Feb 14 '23 at 09:09
  • I say category, but I'm unclear on how many separate environments that represents, having zero context for the applications and the organization. Duplicate VPCs and create more isolated nets if you wish, and change the design. The goal of this exercise is to diagram an infrastructure that makes sense, running necessary applications, and keeping them in a secure and mass produced box. – John Mahowald Feb 15 '23 at 14:27
  • That makes sense. Could be as you allude to; that the diagram with "nonprod" represents any X (staging, test), such that you add additional as needed and not a category with them all lumped together. Needless to say - the diagram is unnecessarily confusing. – ServerFaulted Feb 15 '23 at 15:01