GCP 101: Understanding Google Cloud VPC
In the alphabet soup of the Google Cloud, you’ve probably come across the abbreviation, VPC. What exactly do those three letters stand for and what role do they play in your Google Cloud services environment?
VPC stands for Virtual Private Cloud. VPCs allow you to easily (and virtually) expand your IP space. In this latest edition of GCP 101, we’ll focus on understanding Google Cloud VPC and what using it can do for your organization.
What is Google Cloud VPC?
A virtual computing network is similar to a physical one. The main difference between a virtual private cloud and a physical one? A VPC is “virtualized” in a cloud computing environment, such as Google Cloud Platform.
You can create and run virtual machines in this environment. A virtual machine (VM) is a computer file, also known as an image, that behaves like a physical computer, including virtual hardware devices. Understanding how to use Google Compute Engine and other GCP services makes this a simple process. A virtual machine hosted in the cloud is known as an instance.
All of your Google Cloud VPCs function independently as separate virtual networks. These VPC networks are global, scalable and flexible.
What are the Benefits of Google Cloud VPC?
A Google Cloud VPS is global, shareable and expandable. Using a VPC gives you managed, global networking functionality for all of your Google Cloud resources through subnetworks, known as subnets, hosted in Google Cloud data centers. Each subnet is assigned to a specific region.
A single Google Cloud VPC and its subnets can span multiple regions without ever communicating to the public internet. It remains isolated from the outside world and is not associated with any specific region or zone.
Speaking of isolation, you can use this concept internally, as well. Teams can be separated into specific projects within a single VPC, each with distinct billing and quotas, but share private IP space and resources.
As your organization’s virtual networking needs grow, you can increase your IP space across your subnets. What’s more, with Google Cloud VPC, you can do this without any work interruption and downtime.
How Does a Google Cloud VPC Work?
When it comes to the technical side of things, a Google Cloud VPC:
- Provides networking functionality to Compute Engine VM instances, along with other cloud-based services, such as Google Kubernetes Engine (GKE) containers and the App Engine flexible environment. The same holds for other Google Cloud resources built on Compute Engine VMs.
- Addresses load balancing needs with native, internal TCP/UDP and proxy systems for internal HTTP(S).
- Uses Cloud VPN (virtual private network) tunnels and Cloud Interconnect attachments to allow users to connect to on-premise networks.
- Distributes traffic from Google Cloud external load balancers to backends.
Is a Google Cloud VPC Secure?
Concerning security, you can control traffic to and from a VPC’s VM instances with network firewall rules on the VMs themselves. Upon creation, every VPC has two implied firewall rules. These rules allow all egress (VPC access to remote resources) and deny all ingress (preventing remote access to the VPC). Any additional permissions need to be defined.
Traffic to and from instances can be controlled with network firewall rules. Rules are implemented on the VMs themselves, so traffic can only be controlled and logged as it leaves or arrives at a VM.
Resources within a VPC can communicate with each other using internal, private IPv4 addresses. This means for instances to communicate back and forth, they must have appropriate, instance-to-instance firewall rules that allow ingress from other sources within the VPC network. In the same manner, the firewall must also allow egress from each instance.
Additionally, you can secure access to VPC network administration functions by using Identity and Access Management (IAM), a simple interface that authorizes who can use various resources. It’s all controlled and monitored centrally by a single console.
How Do I Get Started with Google Cloud VPC?
Managing an IP address migration can be challenging for many organizations. In fact, it can be scary. Google has made it easy and cost-effective for you to start creating a VPC network by allowing you to “bring your own IPs.” You can use these addresses across all of Google’s 24 regions.
A trusted Google Cloud partner can help you make this transition, one that will minimize your downtime during the migration process. It also will reduce networking infrastructure costs because you won’t be starting from scratch.
We want to be sure you understand all that Google Cloud Platform has to offer, so be sure to check out other blogs in our GCP 101 series.