Open in app

Sign in

Medium Logo
Write

Sign in

Google Cloud - Community

A collection of technical articles and blogs published or curated by Google Cloud Developer Advocates. The views expressed are those of the authors and don't necessarily reflect those of Google.

Connecting to Cloud SQL via Private Service Connect — Private connectivity made easy

--

Connecting to your managed SQL database privately just got a whole lot easier. One of the challenges with connecting to SQL database was transitive peering. To establish a private connecting to your database instance Private Service Access had to be enabled.

This allowed you to reserve a private IP range for your services. Under the hood a VPC network peering was made between your project and the service project where the database resided. This meant that if you had another VPC network peering to the main project it would not be able to connect to the database’s private IP. To allow this you would have to enable a VPN and export custom routes.

Now thanks to Private Service Connect (PSC) we now have another option to connect privately to your database instance. PSC allows producers to expose services via a service attachment. Access to the service attachment can be controlled to projects that are allowed. Consumer can use the PSC service attachment to create a PSC endpoint (which is a private IP which they choose) which allows direct connecting to the specific service. See deployment documentation.

Some of the benefits of PSC include:

  • 1–1 connection. Only one service is exposed
  • No issues with overlapping IP addressing
  • Multi-tenant connections. Connections can be allowed from multiple projects.
  • Extension to Hybrid environments (On-prem and/or other cloud) in a secure manner via Cross-Cloud Network.
  • Access from different regions by enabling Global access on the endpoint.

In the case of SQL there are two deployment patterns.

Hands-on

Now in order to learn something it’s always best to experiment, so I created two codelabs you can do in your own environment to test these capabilities.

# 1 — In the first codelabs well look as the deployment with PSC only.

psc sql

# 2 — In the second codelab we look at the deployment with PSA and then enable PSC.

psa psc sql

One thing you should note is that you can now also create a SQL instance with PSA and PSC enabled from inception.

Get your hands on today and stay sharp.

To find out more or share a thought? Please connect with me on Linkedin

Google Cloud Platform
Database
Technology
Networking
Gcp Security Operations

--

--

Google Cloud - Community
Google Cloud - Community

Published in Google Cloud - Community

64K followers
Last published 1 day ago

A collection of technical articles and blogs published or curated by Google Cloud Developer Advocates. The views expressed are those of the authors and don't necessarily reflect those of Google.

Ammett W
Ammett W

Written by Ammett W

1.4K followers
37 following

DevRel Cloud AI Infra/Networking @ Google | Founder of Start Cloud Now | CCIE#43659, CISSP, Inspiring people as I go along my journey. Learn, Do your best.

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Rules

Terms

Text to speech