You are deploying an application on App Engine that needs to integrate with an on-premises database.
For security purposes, your on-premises database must not be accessible through the public internet.
What should you do?
Click on the arrows to vote for the correct answer
A. B. C. D.D.
The best solution to integrate an application on App Engine with an on-premises database that needs to be secured is to deploy the application on the App Engine flexible environment and use Cloud VPN to limit access to the database.
Here's why:
Option A, deploying the application on App Engine standard environment and using App Engine firewall rules to limit access to the on-premises database, is not a recommended solution because App Engine standard environment does not support VPC (Virtual Private Cloud) networking, which means it is not possible to establish a private network connection between App Engine and the on-premises database. App Engine firewall rules can restrict access to specific IP addresses, but they are not a secure solution to protect a database from unauthorized access.
Option B, deploying the application on App Engine standard environment and using Cloud VPN to limit access to the on-premises database, is also not a recommended solution because App Engine standard environment cannot connect to a VPN. Cloud VPN allows for secure connections between networks over the internet, but App Engine standard environment is not able to use it to establish a secure connection to the on-premises database.
Option C, deploying the application on App Engine flexible environment and using App Engine firewall rules to limit access to the on-premises database, is a possible solution. However, it is not the best solution for security purposes. App Engine flexible environment can connect to a VPC network, which allows for a private network connection between App Engine and the on-premises database. However, App Engine flexible environment does not offer a Service Level Agreement (SLA) for availability, which means it may not be the best choice for a production environment.
Option D, deploying the application on App Engine flexible environment and using Cloud VPN to limit access to the on-premises database, is the best solution for security purposes. App Engine flexible environment can connect to a VPC network, which allows for a private network connection between App Engine and the on-premises database. Cloud VPN allows for secure connections between networks over the internet, which means that App Engine flexible environment can establish a secure connection to the on-premises database without exposing it to the public internet. This solution is also recommended for a production environment because it offers an SLA for availability.