Secure And Audit The Google Cloud Platform Perimeter
“Private” transit
This article describes how Google Cloud Platform addresses the following traditional perimeter security question described in the concepts article: how do you secure your users’ transit to the cloud?
Google Cloud Platform provides a number of services which support this, in addition to HTTPS by default…
Cloud VPN
Cloud VPN securely connects your on-premises network to your Google Cloud Platform (GCP) Virtual Private Cloud (VPC) network through an IPsec VPN connection. Traffic traveling between the two networks is encrypted by one VPN gateway, then decrypted by the other VPN gateway.
Limitations:
- Management scaling
- Doesn’t support Google Cloud Load Balancer or directly support managed services such as App Engine and Google Cloud Storage.
Direct and Carrier Peering
Direct and Carrier Peering provide a dedicated link to Google and Google Cloud properties via one of our broad-reaching Edge network locations.
Limitations:
- No SLA
Dedicated and Partner Interconnect
Dedicated and Partner Interconnect provides direct physical connections between your on-premises network and Google’s network.
Limitations:
- Doesn’t support Google Cloud Load Balancing or directly support managed services such as App Engine and Google Cloud Storage.
- Dedicated Interconnect minimum bandwidth requirement.
Private IP access from reverse proxy
Cloud Load Balancing and reverse proxies such as NGINX can put your resources behind a single anycast IP and connect privately to Google Cloud Platform backends.
Limitations:
- Reverse proxy routes over public IP to App Engine, though not over public internet.
- Kubernetes / Google Kubernetes Engine master IP whitelisting is beta.
The following table describes how each of these solution components supports “private” transit across the representative Google Cloud Platform services described in the concepts article.
- * Private K8S worker nodes: setting up a private cluster
- ** IP whitelisting: configuring authorized networks for master access
- *** VPC Private Access
What’s next
Read the following to learn more about the concepts and solution components described in this article:
- Best practices for enterprise organizations: networking and security.
- Google Cloud Load Balancing.
- NGINX.
- Google Cloud VPN.
- Google Cloud Interconnect.
- VPC Private Access.
Read the following guides to learn about Google Cloud Platform’s capabilities in the following perimeter security areas.
