Google Cloud Fundamentals: Core Infraestructure - Virtual Machines and Networks in the Cloud -> VPC networking and compatibilities

Google Cloud's Virtual Private Cloud (VPC)

A virtual private cloud (VPC) is a secure and isolated cloud computing environment hosted within a public cloud platform like Google Cloud. It offers the benefits of both public and private cloud computing:

• Scalability and Convenience: Like public cloud, VPCs offer easy resource provisioning and scaling based on your needs.
• Data Isolation: Similar to private clouds, VPCs provide a dedicated network environment for your resources, ensuring data isolation and security.

Key Features of VPC Networks:

• Connectivity: VPC networks connect Google Cloud resources (VMs, storage, websites) to each other and the internet.
• Network Segmentation: You can segment your network using subnets, creating logical divisions for different functionalities or security levels.
• Firewall Control: Define firewall rules to restrict access to specific resources within your VPC.
• Static Routing: Configure static routes to direct traffic to designated destinations.
• Global Scope: VPC networks are global, allowing subnets to be placed in any Google Cloud region worldwide. Subnets can even span zones within a region.
• Scalability: The size of a subnet can be increased without impacting existing VMs.

Benefits of Global VPCs:

• Simplified Network Design: Define network layouts with global reach, simplifying management.
• Flexible Resource Placement: Resources can reside in different zones within the same subnet, enhancing fault tolerance.

Example:

Consider a VPC network named vpc1 with subnets in both asia-east1 and us-east1 regions. Three Compute Engine VMs attached to this VPC are considered neighbors on the same subnet despite being in geographically distinct zones. This allows building resilient solutions with a straightforward network structure.

Key VPC Compatibility Features for Secure Networking

Virtual Private Clouds (VPCs) in Google Cloud offer several built-in features for managing network traffic and security within your cloud environment. These features eliminate the need to provision or manage physical network equipment, simplifying infrastructure management.

1. VPC Routing Tables (Built-in):

• Eliminate the need for manual router configuration.
• Route traffic efficiently within the VPC, across subnets, or between Google Cloud zones.
• No external IP addresses required for internal communication.

2. Global Distributed Firewall:

• Manages inbound and outbound traffic for instances within the VPC.
• Provides centralized control for network security.
• Define firewall rules based on network tags attached to Compute Engine instances.

Example:

• Tag all web servers with "WEB".
• Create a rule allowing traffic on ports 80 and 443 only to VMs with the "WEB" tag, regardless of their IP address.

3. VPC Peering:

• Connects two VPCs within the same region for private communication.
• Enables secure traffic exchange between resources in different VPCs.

4. Cloud Identity and Access Management (IAM) for VPC Network Sharing (Advanced):

• Leverages IAM policies to control access to VPC resources from other projects.
• Granular control over who and what in one project can interact with a VPC in another project.
• Provides enhanced security and project isolation.

In summary, these VPC compatibility features enable efficient traffic routing, centralized security management, and secure communication between resources across projects, all without managing physical network infrastructure.