« Previous 1 2 3

Network security in the Google Cloud Platform

Intertwined

Virtual private clouds (VPCs) have seen Google and other hyperscalers revolutionize network management in the cloud. Although the process of dynamically creating and managing networks in on-premises IT can be very time-consuming – despite new developments such as software-defined networking (SDN) – cloud providers now offer APIs that can be used to create network constructs such as VPCs in next to no time.

However, cloud networks are often managed by DevOps teams, and the level of knowledge in DevOps is not always such that all security concerns are diligently taken into account. Additionally, the field of network security is relatively wide and presupposes expertise in tasks such as creating VPCs and their subnets, routing, analyzing flow logs, setting up firewalls, and establishing threat detection. Such concerns prompted this look into key security aspects in the Google Cloud Platform (GCP).

Enhancing Security with Shared VPC

Shared VPC is an evolution of the virtual private cloud. Shared VPC allows you to connect resources from multiple projects to a common VPC network. You can easily create a VPC with any kind of misconfiguration you can imagine. The approach of Shared VPC is to delegate the tasks of creating and managing the VPCs to a dedicated team to offload the burden of network security from the application teams, letting them take care of their applications.

Figure 1 illustrates the use of Shared and simple VPCs. In the lower part of the image, you can see a VPC spanning two regions with one subnet per region. The VPC and the virtual machines (VMs) belong to the same project, and you can see a dedicated host project at the top of the image, where Shared VPC was configured and shared. Service projects A and B are allowed to use Shared VPC, which means the projects run the VMs themselves, and the interfaces of the

...
Use Express-Checkout link below to read the full article (PDF).

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
Print Issues
Digital Issues
 
SUBSCRIPTIONS
Print Subs
Digisubs
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Photo by adrian on Unsplash
    Real World AWS for Everyone
    Sure you've heard about Amazon Web Services, but have you tried it? This article shows how to configure a web server and mirrored back-end database for a small-to-midsized business environment.
    more »
  • Advanced Security in Windows Firewall

    Windows Firewall with Advanced Security was introduced in Vista/Windows Server 2008. Compared with the old Windows Firewall, it offers many new features and possibilities.

    more »
  • Lead Image © J¸rgen Acker, Photocase.com
    Setting up DevOps Orchestration Platform
    DevOps Orchestration Platform open source framework was developed in Golang and can be used to bootstrap an IT infrastructure dynamically or import details of an existing IT infrastructure locally on VirtualBox or in the Cloud.
    more »
  • Photo by JJ Ying on Unsplash
    Hybrid public/private cloud
    Extending your data center temporarily into the cloud during a customer rush might not be easy, but it can be done, thanks to Ansible's Playbooks and some AWS scripts.
    more »
  • Lead Image © markovka, 123RF.com
    Roll out hybrid clouds with Ansible  automation
    Designing your own hybrid IT structure as a digital mix of your servers and public or private clouds might be technically elegant and cost effective, but setup is time consuming. Thanks to Ansible, it might take less work than you think.
    more »
comments powered by Disqus
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs

Most Popular

Support Our Work

ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.

Learn More”> </a> <hr> </div> </div> <div class=