You want to update your existing VPC Service Controls perimeter with a new access level. You need to avoid breaking the existing perimeter with this change, and ensure the least disruptions to users while minimizing overhead. What should you do?
A.
Create an exact replica of your existing perimeter. Add your new access level to the replica. Update the original perimeter after the access level has been vetted.
B.
Update your perimeter with a new access level that never matches. Update the new access level to match your desired state one condition at a time to avoid being overly permissive.
C.
Enable the dry run mode on your perimeter. Add your new access level to the perimeter configuration. Update the perimeter configuration after the access level has been vetted.
D.
Enable the dry run mode on your perimeter. Add your new access level to the perimeter dry run configuration. Update the perimeter configuration after the access level has been vetted.
Enable Dry Run Mode: Start by enabling the dry run mode for your VPC Service Controls perimeter. This mode allows you to test changes without actually enforcing them, thus preventing any disruption to your current setup.
Add Access Level: Add your new access level to the dry run configuration. This way, you can monitor how the new access level would behave and interact with your existing setup without any real impact.
Vetting Process: Carefully vet the new access level by analyzing logs and monitoring the behavior in the dry run mode. Ensure that the new configuration meets your security and operational requirements.
Update Perimeter: Once you are confident that the new access level will not disrupt existing services and meets all requirements, update the actual perimeter configuration with the new access level. This approach minimizes risk by allowing you to test changes before they take effect, ensuring seamless updates with minimal disruption. References:
Google Cloud - Configuring VPC Service Controls
Google Cloud - Using Dry Run Mode
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit