It Helps to Network | Multiple VPC Networks

Multiple VPC Networks
In this next topic you will find out how to utilize multiple VPCs to build roburst networking solutions. Shared VPC allows an organisation to conect resources from multiple projects to a common VPC network. This allows the resources to communicate with each other securely and efficiently using internal IPs from that network. In this diagram there is one network that belongs to the web application service project, this network is shared with three other projects namely the recommendation service, personalization service and analytics service. Each of these service projects has instances that are in the same network as the web application server allowing for private communication to that server using internal IP addresses. The web application server communicates with clients and on-premises using the service external IP address the backend services on the other hand cannot be reached externally because they only communicate using internal IP addresses. When you use shared vpc you designate a project as a host project and attach one or more other service projects to it in this case the web application service project is the host project and the three other projects are the service projects the overall VPC network is called the shared vpc network. VPC network peering allows private RFC 1918 connectivity across two vpc networks regardless of whether they belong to the same project or the same organisation. Now remember that each VPC network will have firewall rules that define what traffic is allowed or denied between the networks. In this diagram there are two organisations that represent a consumer and a producer respectively. Each organisation has its own organisation node, VPC network VM instances, network admin and instance admin. In order for VPC network peering to be established successfully the producer network admin needs to peer the producer network with the consumer network and the consumer network admin needs to peer the consumer network with the producer network when both peering connections are created the VPC network peering session becomes active and routes are exchanged this allows the VM instances to communicate privately using their internal IP addresses. VPC network peering is a decentralized or distributed approach to multi project networking because each VPC network may remain under the control of separate administrative groups and maintain its own global firewall and routing tables. Historically such projects would consider external IP addresses or vpns to facilitate private communication between VPC network’s. However VPC network theory does not incur the network latency security and cost drawbacks that are present when using external IP addresses or vpns there are some things to remember when using VPC network peering. VPC network peering works with compute engine, Google Kubernetes engine and app Engine flexible environment. Peered VPC networks remain administratively separate which means that routes firewalls, vpns and other traffic management tools are administered and applied separately in each of the VPC networks each side of a peering association is set up independently so peering will be active only when the configuration from both sides match this allows side to delete the peering association at anytime. A subnet inside of prefix in one peered VPC network cannot overlap with the subnet side of prefix and another peer network this means that two auto mode VPC networks that only have the default subnet cannot PEER there is one more thing to remember when using VPC network peering only directly peered networks can communicate meaning that the transition peering is not supported in other words if VPC network N one is peered with N2 and N3 but n2 and n3 are not directly connected VPC network n1 and n2 can not communicate with VPC network n3 over the peering. This is critical if n one is a software-as-a-service organisation offering services to n2 and n3 now that you learnt about shared VPC and VPC network peering let’s compare both of these configurations to help you decide which is appropriate for a given situation. If you want to configure private communication between VPC networks in different organizations you have to use VPC network peering shared VPC only works within the same organisation somewhat similarly if you want to configure private communication between VPC networks in the same project you have to use VPC network peering this doesn’t mean that the network needs to be in the same project but they can be as you will explore in the upcoming lab. Shared vpc only works across projects, in a shared vpc the network administration is centralised in a VPC network peering situation the network administration is decentralized.

Module 1: It Helps To Network

Module 1: What's the Cloud Anyway?

What's the Cloud Anyway? - Learning Outcomes

What’s the Cloud Anyway - Introduction

Cloud Computing

Cloud vs Traditional Architecture

Iaas, PaaS and SaaS

Google Cloud Architecture

What's the Cloud Anywhere - Quiz

What's the Cloud Anyway? - Lesson Summary

Module 2: Start with a Solid Platform

Start with a Solid Platform - Learning Outcomes

Start with a Solid Platform - Introduction

The GCP Console

Understanding Projects

Billing in GCP

Install and Configure Cloud SDK

Use Cloud Shell

GCP APIs

Cloud Console Mobile App

Start with a Solid Platform - Quiz

Start with a Solid Platform - Lesson Summary

Module 3: Use GCP To Build Your Apps

Use GCP to Build your Apps - Learning Outcomes

Use GCP to Build your Apps - Introduction

Compute Options in the Cloud

Exploring IaaS with Compute Engine

Configuring Elastic Apps with Autoscaling

Exploring PaaS with App Engine

Event Driven Programs with Cloud Functions

Containerizing and Orchestrating Apps with GKE

Use GCP to Build your Apps - Lesson Summary

Module 4: Where Do I Store This Stuff?

Where Do I Store this Stuff? - Learning Outcomes

Where Do I Store this Stuff? - Introduction

Storage Options in the Cloud

Structured and Unstructured Storage in the Cloud

Unstructured Storage Using Cloud Storage

SQL Managed Services

Exploring Cloud SQL

Cloud Spanner as a Managed Service

NoSQL Managed Services Options

Cloud Datastore a NoSQL Document Store

Cloud Bigtable as a NoSQL Option

Where Do I Store this Stuff? – Lesson summary

Module 5: There's an API for that

There’s an API for that - Learning Outcomes

There’s an API for that - Introduction

The Purpose of APIs

Cloud Endpoints

Using Apigee Edge

Managed Message Services

Cloud Pub_Sub

There's an API for that – Lesson summary

Module 6: You Can't Secure the Cloud Right?

You Can't Secure the Cloud Right? - Learning Outcomes

You Can't Secure the Cloud Right? - Introduction

Introduction to Security in the Cloud

Understanding the Shared Security Model

Explore Encryption Options

Understand Authentication and Authorization

Identify Best Practices for Authorization

You Can't Secure the Cloud Right? - Quiz

You Can't Secure the Cloud Right? – Lesson summary

Module 7: It Helps To Network

It Helps to Network - Learning Outcomes

It Helps to Network - Introduction

Introduction to Networking in the Cloud

Defining a Virtual Private Cloud

Public and Private IP Address Basics

Google’s Network Architecture

Routes and Firewall Rules in the Cloud

Multiple VPC Networks

Building Hybrid Clouds

Different Options for Load Balancing

It Helps to Network - Quiz

It Helps to Network – Lesson Summary

Module 8: Let Google Keep an Eye on Things

Let Google Keep an Eye on Things - Learning Outcomes

Let Google Keep an Eye on Things - Introduction

Education should be...
free and accessible.