Overview of Google Cloud Platform Autoscaling Managed Instance Group (MIG)

This document explains how to deploy a new autoscaling Managed Instance Group (MIG) for the Google Cloud Platform (GCPClosed Google® Cloud Platform is a suite of products and services that includes hosting, cloud computing, database services and more.) using the Check Point Management ServerClosed Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server. and Check Point Security GatewayClosed Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources..

Key terms:

  • Managed Instance Group (MIG) - A GCP Compute Engine resource that manages multiple VM instances as a single unit.

  • Autoscaling - A feature that automatically adjusts resource allocation based on traffic. It increases resources during high demand and reduces them when demand is low, optimizing costs.

Common Use Case:

A web application running on multiple servers across different zones. A Load Balancer distributes traffic among these servers. Autoscaling adjusts the number of servers based on current demand.

Protecting these systems is crucial in today's cyber environment. The security solution must scale with the environment it protects. As protected resources scale up or down, the number of security measures must adjust accordingly.

Licensing

The number of Security Gateways in the autoscaling Managed Instance Group (MIG) changes over time.

Best Practice - Use the Check Point CloudGuard Security Gateways with the Pay As You Go (PAYG) licensing model.

Note - For BYOL (Bring Your Own License) Security Gateways, refer to the CloudGuard Central License Management Utility guide.

Important - Do not mix BYOL and PAYG Security Gateways in the same autoscaling MIG.

Prerequisites

You must be familiar with these topics:

  • GCP Managed Instance Groups (MIG)

  • GCP Autoscaling

  • GCP Load Balancers

  • GCP Identify & Access Management

  • GCP VPC Peering


Note - For the list of supported versions, refer to the Support Life Cycle Policy.