GCP Hub & Spoke architecture network & security

Mar 01,2024


The customer is a leading pipeline & energy solution company based out in US. The customer planned to start their cloud journey for real-time data analytics and artificial intelligence based decision strategy. Intuitive support them right from start in decision making to select right cloud platform and setup a cloud native infrastructure which is robust, resilient and scalable for their bussiness needs.


The company had several challenges related to network complexity, scalability, security and data analysis in transformation for data center to cloud platform. They wanted to adopt hybrid cloud strategy to use best of their data center investment as well as benefit from latest artificial intelligence based data analytics capability from cloud.

Network complexity: The existing infrastructure was complex and hard to manage the expansion. Data footprint is not streamlined for production and non-production categories. Security Concerns: following a robust security posture in the transition was critical due to compliance requirements. It was challenging to manage unauthorized access and potential security vulnerabilities in hybrid environment.

Technology Solutions

After thorough discussion with different cloud platform vendors and considerations of bussiness compliance requirement, Google cloud platform(GCP) was shortlisted for next generation data first platform. Intuitive helped in establishing a holistic data strategy which will enable them to optimize operations and better monetize their assets. Data program was designed to enable Real-time (or near Real-time) transparency into each area of their business, delivering critical data, analytics, insights, and decision making that directly support their Strategy & Outcomes.

The architecture was aimed for centralized network & security design with deployment of Hub & spoke topology in GCP to mordernized it’s infrastructure to improve the scalability, robustness and enhance security. The architecture was focused on cloud native services with following design considerations.

Hub & Spoke VPC Topology: Deployed a Hub & Spole VPC topology in GCP environment, where Hub VPC act as central point of connectivity and main networking backbone. In spoke represents a business applications and units.

VPC Peering: Multiple Host VPCs were connected with Hub VPC using VPC peering to enable direct and secured connection.

Shared VPC: Configure the custom VPC in Host project and shared with the service projects.

HA VPN: Virtual private network established between On-prem set-up and Google Cloud Infra and it’s in high availability manner.

Identity and Access Management: IAM policies were configured to access control to resources, ensuring a secure network environment.

Network Security: Configured the highly essential firewall rules to allow required communication.

Implementation Strategy

The Primary goal of Data First Platform is to establish a highly optimized GCP infrastructure that leverages cloud native services and capabilities for enhanced operational efficiency and performance and also ensures the foundation for seamless connectivity, access, and security for all upcoming workloads. A structured implementation strategy was followed to deploy the GCP infrastructure and onboarding of services.

Assessment and planning: A thorough assessment to understand the requirements and a detailed plan for Hub & Spoke implementation was developed.

Hub VPC Setup: The central Hub or backbone of main network VPC were created, configured and secure with IAM policies and firewall rules.

Host VPC Setup: Created host and service projecst along with custom VPCs. VPC peering and PSC endpoints was deployed for connectivity across VPCs and services.

Connectivity with On-prem DCs: To connect with On-prem set-up, create High-availability VPN with on-prem VPN device and allow specific routes.

Security measures: IAM Policies, firewall rules and other security measures were implemented to ensure a secure network environment.

Results and Impact

Improved Scalability: The Hub & Spoke design allowed seamless scalability by adding new spoke in existing set-up without affecting the central Hub.

Enhance Security: IAM policies, VPC service control and firewall rules improved network security and ensuring that allow only authorized entities could access specific resources.

Redundent connectivity: High availability VPN configured between GCP infra and On-prem to ensure connectivity.


In conclusion, the implemention of GCP Hub & spoke solution marked as a significant milestone and strategic move for the customer in their cloud journey. This approach effectively addressed their immediate scalability, security and other network-related issues, resulting in notable improvements in performance, security and cost saving for the customer.

Main Logo