PathDojo Improves Network Efficiency, Security And Flexibility Through A Virtual Private Cloud
How we guided PathDojo in designing a secure serverless solution using advanced VPC features.
Overview
PathDojo is a virtual training ground that prepares pathologists to achieve their educational and professional goals by providing affordable online learning tools that fit into the busy schedules of physicians. The most affordable and extensive AP/CP exam prep tool on the internet; made by pathologists for pathologists.
As one of the fastest growing companies in the industry, PathDojo needed its network infrastructure to be able to keep up with the demand and its previous arrangement wasn’t enough. Therefore, PathDojo partnered with D3V to design and deploy a new networking infrastructure on Google Cloud, leveraging the serverless technology.
“D3V’s staff guided us in understanding the technical complexities of the project. Their certified engineers and architects used the best practices to deploy a cost-effective and optimized networking solution on the Google Cloud Platform.”
The Challenge
PathDojo wanted to modernize its network infrastructure and at the same time, make use of the numerous benefits of cloud computing. To achieve this goal, PathDojo chose D3V to guide them. The goal of the project was for us to design, test, and deploy a secure and optimized Google Cloud Network using advanced VPC features that involved setting up a serverless VPC access connector to secure Cloud Functions.
The main challenge was to have a combination of public and private HTTP based cloud functions (that hosted API services) that needed to coexist and at the same time be able to secure the API backend and communicate with other internal GCP services like Cloud SQL, MemoryStore that existed in a separate VPC.
The Solution: Choosing the Best Option
Generally, to make the backend service internal only and to enable service-to-service communication between frontend and backend services there were 2 options: Identity based control (using Oauth) or Network based control (VPC Service Controls).
In our case, Serverless VPC was the obvious choice for this project. Serverless VPC was the only option that was available to the client to secure their private API services deployed as Cloud Functions that connected to a VPC that hosted internal services using the RFC 1918 internal IP space. This also opened an option for the client to connect to hybrid scenarios to ensure maximum flexibility and scalability and seamless integration with other automated flows.
After careful evaluation and taking into consideration the client’s long-term business goals, we planned out the project in detail and devised a roadmap.
The Results: From Blueprint to Deployment
D3V helped PathDojo design and implement a secure serverless VPC setup involving private Cloud Functions to access internal services using a Serverless VPC Connector. This allowed PathDojo to route internal-only egress traffic to the connected VPC that hosted private services like Cloud SQL and other instances with internal IP addresses.
The project involved setting up GCP networking for an app with Cloud Functions deployed on Google Cloud Platform – a public-facing front end service written in NextJS and a backend service written in Node JS. All the infrastructure provisioning happened in a single custom VPC (default VPC was deleted). The backend service uses a Postgres database with Serverless VPC connector to Cloud SQL instance.
Furthermore, to ensure that everything was functioning was expected, several end-to-end tests were conducted. D3V’s cloud certified engineers also made sure to leverage Google Cloud best practices to make the networking solution as cost effective and optimized as possible.
