Best Practices

General Principles

• Usability and Simplicity
  • Design the architecture to be easy to use, so that it can be built, maintained and adopted by a wide range of users.
• Scalability
  • Ensure that the architecture is designed to scale horizontally and vertically to accommodate the expected growth in traffic and data.
• Resilience
  • Implement mechanisms to ensure that the system can handle failures, such as load balancing and fault tolerance.
• Security
  • Incorporate security measures to protect sensitive data and prevent unauthorized access.
• Performance
  • Optimize the architecture for high performance by considering factors such as network latency, data access patterns, and caching strategies.
• Modularity
  • Design the architecture to be modular, with loosely coupled components that can be easily replaced or upgraded.
• Automation
  • Automate as much as possible, such as provisioning, deployment, and monitoring to reduce manual errors and increase efficiency.
• Monitoring
  • Monitor the system to detect and diagnose issues, and to gather metrics for capacity planning and performance optimization.
• Cost optimization
  • Consider the cost of the architecture, both in terms of initial investment and ongoing maintenance, and optimize for cost where possible.
• Flexibility
  • Design the architecture to be flexible, so that it can easily adapt to changing requirements and technologies.
• Continuous integration and delivery
  • Implement continuous integration and delivery (CI/CD) practices to streamline the development and deployment process.

Google Cloud Principles

Google Cloud Architecture Framework

Core principles of system design

• Document everything
• Simplify your design and use fully managed services
• Decouple your architecture
• Use a stateless architecture

Geography

• Deploy over multiple regions
• Select regions based on geographic proximity
• Select regions based on available services
• Choose regions to support compliance
• Compare pricing of major resources
• Use Cloud Load Balancing to serve global users
• Use the Cloud Region Picker to support sustainability

Manage cloud resources

https://cloud.google.com/architecture/framework/system-design/resource-management

• Use a simple folder structure for labels/tags
• Use folders and projects to reflect data governance policies
• Use tags and labels at the outset of your project
• Assign labels to support cost and billing reporting
• Avoid creating large numbers of labels
• Avoid adding sensitive information to labels
• Anonymize information in project names
• Don't include attributes that can change in the future, for example, a team name or technology.
• Apply tags to model business dimensions
• Apply tags to model business dimensions

Organizational policies

• Establish project naming conventions
• Automate project creation
• Audit your systems regularly
• Configure projects consistently
• Decouple and isolate workloads or environments
• Enforce billing isolation
• Use the Organization Policy Service to control resources
• Use the Organization Policy Service to comply with regulatory policies
• Limit resource sharing based on domain
• Disable service account and key creation
• Restrict the physical location of new resources

Choose and manage compute

• Choose a compute platform
  • Serverless
  • Containers
  • Instances
• Choose a compute migration approach
  • Lift and shift
  • Upgrade to containers

Designing workloads

• Evaluate serverless options for simple logic
• Decouple your applications to be stateless
• Use caching logic when you decouple architectures
• Use live migrations to facilitate upgrades

Scaling workloads

• Use startup and shutdown scripts
• Use MIGs to support VM management
• Use pod autoscalers to scale your GKE workloads
• Distribute application traffic
• Automate compute creation and management

Managing operations

• Use Google-supplied public images
• Use snapshots for instance backups
• Use a machine image to enable VM instance creation
• Evaluate built-in migration tools
• Use virtual disk import for customized operating systems
• evaluate whether your application is listed under a supported vendor.

Capacity, reservations, and isolation

• Use committed-use discounts to reduce costs
• Choose machine types to support cost and performance
• Use sole-tenant nodes to support compliance needs
• Use reservations to ensure resource availability

VPC networking

• Consider VPC network design early
• Start with a single VPC network
• Keep VPC network topology simple
• Use VPC networks in custom mode
• Inter-VPC connectivity
• Use simple naming conventions
• Use connectivity tests to verify network security

Cloud Services Best Practices

AWS services

• Trend Micro collection of AWS Best Practices
  • https://www.trendmicro.com/cloudoneconformity/knowledge-base/aws/

Microsoft Azure services

• Trend Micro collection of Azure Best Practices
  • https://www.trendmicro.com/cloudoneconformity/knowledge-base/azure/

Google Cloud services

• Trend Micro collection of GCP Best Practices
  • https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/

Architecture Topic References

Resilieance

• Understand resiliency patterns and trade-offs to architect efficiently in the cloud
  • https://aws.amazon.com/blogs/architecture/understand-resiliency-patterns-and-trade-offs-to-architect-efficiently-in-the-cloud/