Size XL - Sonatype IQ - GCP Cloud-Native Reference Architecture
This Sonatype IQ Server extra-large reference architecture describes the recommended infrastructure specifications for deploying a large-scale, high-availability IQ Server environment in Google Cloud Platform (GCP) using cloud-native services. It supports environments with 20,000–80,000 applications and an expected throughput of approximately 405 evaluations per hour per node, or approximately 29,160–38,880 evaluations per day total.
This reference architecture is designed for enterprise-scale production environments that require maximum evaluation throughput, large onboarding capacity, resilient infrastructure services, and operational scalability. The XL profile represents the largest validated GCP deployment profile for IQ Server and uses four IQ Server nodes to support sustained large-scale workloads.
Infrastructure Specifications
This architecture includes the following layers:
Compute Layer – IQ Server application runtime
Database Layer – PostgreSQL metadata database
Storage Layer – Shared file storage for IQ Server data
Network Layer – Connectivity, load balancing, and security controls
Compute Layer (IQ Server)
The compute layer hosts the IQ Server application cluster and processes application evaluations, policy evaluations, reports, and related user activity.
This layer meets the following specifications:
Four IQ Server nodes:
16 vCPU
128 GB RAM
JVM configuration:
-Xms96g-Xmx96g
Example GCP machine type:
n4a-highmem-16(ARM Ampere Altra)
Database Layer (Cloud SQL PostgreSQL)
This layer meets the following specifications:
Service: Cloud SQL PostgreSQL 15+
Instance tier:
db-custom-16-65536Database resources: 16 vCPU, 64 GB RAM
Edition: Enterprise
Storage: 500 GB – 2 TB PD-SSD, auto-resize
Availability: Regional with automatic failover
Storage Layer (Cloud Filestore)
Cloud Filestore provides persistent shared storage for IQ Server operational data, reports, logs, and scan-related content.
This layer meets the following specifications:
Service: Cloud Filestore
Tier: BASIC_HDD
Capacity: 10 TiB
Protocol: NFS v3
IOPS: 1,000 read / 5,000 write
Network and Security
Typical deployment patterns include the following:
Google Cloud Load Balancer in front of IQ Server nodes
Private connectivity between IQ Server, Cloud SQL, and Cloud Filestore
IQ Server nodes distributed across multiple zones where possible
Apply standard network security practices, including the following:
VPC firewall rules following least-privilege principle
Cloud NAT for outbound internet access
Secret Manager for credential and secret management
Cloud Logging and Cloud Monitoring for centralized logging and monitoring
Limitations
This architecture has the following limitations:
This architecture requires multiple IQ Server nodes and introduces significant operational complexity compared to smaller profiles.
Extremely large evaluation spikes or rapid onboarding growth beyond the recommended profile may require additional infrastructure tuning or architectural review.
This architecture does not provide cross-region disaster recovery.
Shared storage throughput and database performance remain critical scaling dependencies and should be continuously monitored.
Regional Cloud SQL deployments provide failover protection within a region only.
Deploying this Architecture
You can quickly deploy this reference architecture using Sonatype's IQ Terraform configuration for GCP deployments. This automates the creation and configuration of all required GCP resources, including networking, compute, storage, and security components.
For full deployment details, see the README that accompanies the provided Terraform.