Implementation of a Google cloud Research Platform Using Landing Zone

Posted on
|
by idanto@cloudzone.io

About Volcani Institute

The Volcani Institute is Israel’s national agricultural research and development (R&D) center and is officially an arm of the Ministry of Agriculture. With about 200 researchers, the Institute accounts for more than 75% of Israel’s agricultural research and innovation. It has been the driving force behind Israel’s renowned agricultural expertise and has contributed significantly to the development of advanced innovations and sustainable agricultural practices. The Volcani Institute, established in 1921, operates state-of-the-art research facilities and allows researchers to collaborate on research and solutions.

The Challenge

The Volcani Institute contacted CloudZone to build and implement a research platform on Google Cloud.

  • The Volcani Institute has many researchers who require resources to execute some workloads for their research. Each researcher has a strictly defined budget for computing resources, which they cannot surpass. Before the GCP research platform implementation, each researcher chose and managed their computing resources. Researchers were free to choose any Cloud or on-prem resources for their research projects and were responsible for operating their environments’ networking and security.

 

  • Additionally, the Volcani Institute researchers and IT staff faced multiple issues due to a lack of operation and decentralized budget control. Each researcher had their own budget, which led to overspending due to a lack of visibility and non-automated resource termination. The absence of centralized traffic control and basic hardening of resources in use increased the risk of Cloud accounts being hijacked and data loss, posing significant information security concerns and putting both the researchers and Volcani Institute’s IT team at risk.

 

  • The researchers needed a ready-to-go isolated and secure private network with compute and storage resources. They also needed to be notified when they were about to reach their budget limit and be locked out once they reached it. It was also important that budgets be assigned per research project per hour rather than on a monthly or annual basis to prevent overspending. Volcani required a centralized management system to achieve increased transparency among researchers, greater security, and more efficient management of research budgets.

“We are thrilled with the results of our collaboration with CloudZone. Implementing a centralized budget management system and utilizing their cutting-edge Landing Zone (CZLZ) solution have been transformative for the Volcani Institute. We now have 100% visibility and control over our research budgets, ensuring efficient allocation and preventing overspending. The security of our data and infrastructure has significantly improved, providing a safe and protected environment for our researchers.”

– The IT Management Department, Volcani Institue

The Solution

Based on our CloudZone Landing Zone (CZLZ) solution, we developed a cutting-edge research platform that supports easy onboarding and offboarding of researchers and new research projects. The platform uses Google Cloud infrastructure by utilizing IaC-based, easy-to-maintain, and extended templates. The GCP research platform on CZLZ includes hardened GCP Cloud organization, a central network operation platform with firewall, traffic inspection, and URL filtering, a hybrid network, central infra monitoring, budget management capabilities, as well as advanced automation features for the ongoing management of researchers budgets.

Creating a research environment using CZLZ strengthens the Volcani Institute’s information security since all environments will have predefined security guardrails that adhere to organizational standards, minimizing gaps and human error.

The results

The new Cloud system, now owned and operated by the Volcani Institute, has been a resounding success, with over 150 researchers now utilizing the system.

Before implementing this system, while researchers were familiar with using Cloud technology, there were significant security risks associated with the decentralized and unsecured approach, and there was little to no control of ingress and egress traffic. With the new research platform, CloudZone has successfully mitigated those risks and achieved complete control over the researchers’ infrastructure. This has significantly improved efficiency, cost-effectiveness, and overall security for the whole Volcani Institute organization.