Should we have a Database Server without an External IP?

I was thinking not to set any External IP Addresses on the cockroach database cluster that I will be launching, as I would be connecting to the cluster using the Internal IP Addresses itself.
I am deploying the cluster on GCP (Google Cloud Platform) and would have other application servers that would have External IPs and would interface with the Database Cluster.
I wanted to know, if there are any drawbacks or generally not a good practice to proceed with the above configuration.

Answer

In my opinion it is a good decision to avoid external IPs as much as possible, especially for databases and backend servers. it is an increase in security on the expense of convince in connecting (e.g. direct SSH).

You’ll be able to SSH to such servers as needed by opening SSH tunnels from other VMs in the same VPC or VPN (openvpn, tinc, ..).

Leave a Reply

Your email address will not be published. Required fields are marked *