As your organization grows, eventually, you may want to add another region to your Google Cloud VMware Engine environment. Whether for expansion, disaster recovery, or improving your geographic presence, adding a new region is relatively simple if you follow the correct steps. However, the steps may not be evident for those that have never added a new region in Google Cloud VMware Engine before. This post will walk you through the configurations and some of the considerations when adding a new region to your Google Cloud VMware Engine environment.
Before adding a new region, some prerequisites and assumptions are made about your current setup:
- Your first private cloud should be up and operational
- The private services access between your VPC and your private cloud is already established
- Optional: Having a point-to-site VPN appliance for direct access to the VPC
Adding a new private cloud within the same region
If you are adding a new private cloud within the same region, either into a new zone or placement group, there is good news for you. All the networking required to connect the two instances within the same region will be configured automatically. Yes, just add the new private cloud, and everything will be taken care of for you. However, if you are adding a new private cloud within a different region, a few extra steps need to happen, so keep reading.
Adding the new region
The first step in this process is to add the new private cloud. Decide what region you would like, pick an unused IP CIDR block, and follow through with the creation wizard. Since it takes about 30-60 minutes for the private cloud to be completed, it is recommended to start the process first and move along to the next steps while it is being created.
We are creating the new private cloud in the us-east4 data center in this example.
Adding a new private connection
While the private cloud is being created in the background, you can start configuring the private connection for the new region. Creating the new private connection is similar to when initially connecting to your VPC, only with fewer steps. From the Google Cloud VMware Engine console, navigate to the Networking section > Private Connection > Click Add Private Connection.
Specify the new region, then enter the same Peer Project ID, Peer Project Number, Peer VPC ID, and Tennant Project ID as previously. You can copy these values from the existing private connection by clicking the expansion arrow on your existing private connection to view its current settings. Once this process begins, it will also take several minutes to complete.
When it is done, the private connections screen should display both connections, each with a different region (as shown below).
Adding regional settings
If the new region needs inbound or outbound internet access, it must also be added to the regional settings screen. Remember that you will need to provide a second unused /26 IP CIDR for the edge services in that region. Once completed, your regional settings should resemble the image below.
Adding the nameservers to the DNS profile
If you want to extend name resolution between regions, adding the newly created nameservers to the DNS profile is also a good idea. This can be done by clicking on Network > DNS Configuration > then clicking the pencil to edit the existing profile. From there, add the new gve.goog subdomain and DNS server IP addresses, then click submit.
Optional: Adding new subnets to VPN appliances
Finally, if you have a point-to-site VPN appliance residing in GCP or Google Cloud VMware Engine, this is a friendly reminder that you will likely need to add the new subnets to the approved subnets or route list. If you have followed my previous video and are using an , the new subnets should be added to the routing section of the VPN settings page (as shown below).