Your team needs to configure a Google Cloud Platform (GCP) environment to centralize control over networking resources such as firewall rules, subnets, and routes. An on-premises environment also requires access to GCP resources via a private VPN connection. The network security team must manage these networking resources.

Which networking design should your team implement to meet these requirements?