This is a very common situation, where it isn't actually an application and a solution, but rather earlier in the business lifecycle moving to cloud. Where the customer's interested in establishing standards and systems whereby their organization can design and develop their own solutions as needed. The problem the customer came to us with was that their project teams were provisioning hardware, which was slow and arduous. A side effect of the slowness was that it stifled experimentation and innovation. Nobody wants to ask for hardware unless they know exactly what they need it for. That was a business requirement the customer expressed to us. A customer had this interesting business requirement. Provisioning VMs within their own data center took weeks. They wanted to empower their IT teams to develop new applications in the Cloud, with greater autonomy and more quickly using a hybrid Cloud strategy. We need a solution where the customer can provision projects, including runtime environments at scale, and it needs to work very quickly. There's a review process, so this is not a free for all. There's a human being or a group that will review certain parameters, a review gate. And basically once a request has passed the review gate, it should only take a couple of minutes for the resources to be deployed. We map this to technical requirements like this, a turn-key GCP project for any developer team that requested it. Manually provisioned within 24 hours, following a brief review of the request. From a practical implementation perspective, that meant setting up the organization node. And folders for each organization for different kinds of organizations and different kinds of projects. We implemented VPN tunnels to GCP, so the company could reach the cloud resources without having to go through the public Internet space unprotected. We also went through a process of identifying the proper IAM roles to assign to various environments. And we needed to establish processes for project owners to be able to log into the environment. We needed to synchronize these roles and identities with the Active Directory service in the datacenter. And this is how we implemented that technical requirement. User identity via Google Cloud Directory Sync, that's GCDS, from on-prem. Network connectivity between colo and GCP via two VPN tunnels. Organization node, folders by department and use case, project by environment. IAM roles, commonly Project Owner, not Project Creator. We needed to set up processes for establishing new project creation, and who would be assigned specific roles. So there was a kind of process and logic around this that needed to be established. What kind of data is going to be stored in each project, is it confidential? We need to go through some basic classification, and who's going to pay for it. In this case, there were multiple billing accounts and that needed to be decided.
