Ends in
00
days
00
hrs
00
mins
00
secs
LEARN MORE

SALE! AWS Specialty Practice Exams at $15.99 USD each ONLY instead of $17.99

Google Cloud Hybrid Connectivity

  • There are several ways to extend your on-premises environment to the Google Cloud Platform.
  • You can connect your infrastructure to Google Cloud Platform (GCP) on your terms, from anywhere based on your requirements.

Cloud Interconnect

  • Provides low latency, highly available connections that enable you to reliably transfer data between your on-premises and Google Cloud VPCs.
  • Cloud Interconnect connections provide internal IP address communication, which means internal IP addresses are directly accessible from both networks.
  • Cloud Interconnect offers two options to extend your on-premises network to the Google Cloud Platform:
    • Dedicated Interconnect
      • Direct physical Connection to Google’s network.
    • Partner Interconnect
      • Provides connectivity through a supported service provider.
    • You can use Cloud Interconnect in combination with Private Google Access for on-premises resources so that your on-premises resources can use internal IP addresses rather than external IP addresses to reach Google APIs and services.
  • IT Certification Category (English)728x90

Direct Peering

  • Direct Peering connects your on-premises network to Google services, including Google Cloud products that can be exposed via one or more public IP addresses.
  • Traffic from Google’s network to your on-premises network also takes that same connection, including traffic from VPC networks in your projects.
  • Direct Peering exists outside of Google Cloud Platform. So, unless you need to access Google Workspace applications, the recommended methods of access to Google Cloud Platform are via Dedicated Interconnect or Partner Interconnect.

Cloud VPN

  • Cloud VPN securely extends your peer network to Google’s network through an IPsec VPN tunnel.
  • Ipsec VPN tunnels encrypt data by using industry-standard Ipsec protocols as traffic traverses the public Internet.
  • It only requires a VPN device in your on-premises network, unlike Cloud Interconnect that comes with overhead and costs to set up a direct private connection.
  • Cloud VPN pricing is based on the location of the Cloud VPN gateway and the number of tunnels per hour.

Validate Your Knowledge

Question 1

You are running VMs that are currently reaching the maximum capacity on your on-premises data center. You decided to extend your data center infrastructure to Google Cloud to accommodate new workloads. You have to ensure that the VMs that you provisioned in GCP can communicate directly with on-premises resources via a private IP range.

What should you do?

  1. Create a VPC on Google Cloud and configure it as a host for a Shared VPC.
  2. Build a custom-mode VPC. Set up VPC Network Peering between your on-premises network and your newly created VPC to establish a connection through a private IP range.
  3. Provision virtual machines on your on-premises and Google Cloud VPC networks that will serve as bastion hosts. Configure the VMs as proxy servers using public IP addresses.
  4. Set up Cloud VPN between your on-premises network to a VPC network through an IPsec VPN connection.

Correct Answer: 4

On-premises hosts can reach Google APIs and services by using Cloud VPN or Cloud Interconnect from your on-premises network to Google Cloud. On-premises hosts can send traffic from the following types of source IP addresses:

– a private IP address, such as an RFC 1918 address

– a privately used public IP address, except for a Google-owned public IP address. (Private Google Access for on-premises hosts does not support re-using Google public IP addresses as sources in your on-premises network.)

In the following example, the on-premises network is connected to a VPC network through a Cloud VPN tunnel. Traffic from on-premises hosts to Google APIs travels through the tunnel to the VPC network. After traffic reaches the VPC network, it is sent through a route that uses the default Internet gateway as its next hop. This next hop allows traffic to leave the VPC network and be delivered to restricted.googleapis.com (199.36.153.4/30).

https://cloud.google.com/vpc/images/pga-onprem.svg

Hence, the correct answer is: Set up Cloud VPN between your on-premises network to a VPC network through an IPsec VPN connection.

The option that says: Create a VPC on Google Cloud and configure it as a host for a Shared VPC is incorrect because this will only allow resources on multiple GCP projects to communicate with each other by defining a host project. This does not allow you to connect your on-premises data center to Google Cloud.

The option that says: Build a custom-mode VPC. Set up VPC Network Peering between your on-premises network and your newly created VPC to establish a connection through a private IP range is incorrect because VPC peering only connects Google VPC networks, regardless of whether they belong to the same project or organization. It will not help you establish a connection between your on-premises and GCP resources.

The option that says: Provision virtual machines on your on-premises and Google Cloud VPC networks that will serve as bastion hosts. Configure the VMs as proxy servers using public IP addresses is incorrect because bastion hosts are specifically designed for end-users to access private instances. Since we need to connect resources and not just users, using bastion hosts will not satisfy the requirement.

References:
https://cloud.google.com/vpc/docs/private-access-options
https://cloud.google.com/vpc/docs/private-google-access-hybrid#private-vips

Note: This question was extracted from our Google Certified Associate Cloud Engineer Practice Exams.

For more Google Cloud practice exam questions with detailed explanations, check out the Tutorials Dojo Portal:

Google Certified Associate Cloud Engineer Practice Exams

Tutorials Dojo Study Guide and Cheatsheet

References:
https://cloud.google.com/hybrid-connectivity
https://cloud.google.com/network-connectivity/docs/interconnect/concepts/overview
https://cloud.google.com/network-connectivity/docs/vpn/concepts/overview
https://cloud.google.com/network-connectivity/docs/direct-peering

AWS Specialty Practice Exams SALE!

NEW! AWS Certified Developer Associate Video Course (Early Access Release)

NEW! AWS Certified Solutions Architect Associate Video Course [Early Access Release]

Pass your AWS, Azure, and Google Cloud Certifications with the Tutorials Dojo Portal

Tutorials Dojo portal

Our Bestselling AWS Certified Solutions Architect Associate Practice Exams

AWS Certified Solutions Architect Associate Practice Exams

Enroll Now – Our AWS Practice Exams with 95% Passing Rate

AWS Practice Exams Tutorials Dojo

FREE AWS Cloud Practitioner Essentials Course!

Enroll Now – Our Azure Certification Exam Reviewers

azure reviewers tutorials dojo

Enroll Now – Our Google Cloud Certification Exam Reviewers

Tutorials Dojo Exam Study Guide eBooks

tutorials dojo study guide eBook

Subscribe to our YouTube Channel

Tutorials Dojo YouTube Channel

FREE Intro to Cloud Computing for Beginners

FREE AWS, Azure, GCP Practice Test Samplers

Browse Other Courses

Generic Category (English)300x250

Recent Posts

AWS, Azure, and GCP Certifications are consistently among the top-paying IT certifications in the world, considering that most companies have now shifted to the cloud. Earn over $150,000 per year with an AWS, Azure, or GCP certification!

Follow us on LinkedIn, YouTube, Facebook, or join our Slack study group. More importantly, answer as many practice exams as you can to help increase your chances of passing your certification exams on your first try!

View Our AWS, Azure, and GCP Exam Reviewers

Our Community

~98%
passing rate
Around 95-98% of our students pass the AWS Certification exams after training with our courses.
200k+
students
Over 200k enrollees choose Tutorials Dojo in preparing for their AWS Certification exams.
~4.8
ratings
Our courses are highly rated by our enrollees from all over the world.

What our students say about us?

error: Content is protected !!