Google Cloud Hybrid Connectivity

Home » Google Cloud » Google Cloud Hybrid Connectivity

Google Cloud Hybrid Connectivity

Last updated on July 25, 2023

Google Cloud Hybrid Connectivity Cheat Sheet

  • There are several ways to extend your on-premises environment to the Google Cloud Platform.
  • You can connect your infrastructure to Google Cloud Platform (GCP) on your terms, from anywhere based on your requirements.

Cloud Interconnect

  • Provides low latency, highly available connections that enable you to reliably transfer data between your on-premises and Google Cloud VPCs.
  • Cloud Interconnect connections provide internal IP address communication, which means internal IP addresses are directly accessible from both networks.
  • Tutorials dojo strip
  • Cloud Interconnect offers two options to extend your on-premises network to the Google Cloud Platform:
    • Dedicated Interconnect
      • Direct physical Connection to Google’s network.
    • Partner Interconnect
      • Provides connectivity through a supported service provider.
    • You can use Cloud Interconnect in combination with Private Google Access for on-premises resources so that your on-premises resources can use internal IP addresses rather than external IP addresses to reach Google APIs and services.

Direct Peering

  • Direct Peering connects your on-premises network to Google services, including Google Cloud products that can be exposed via one or more public IP addresses.
  • Traffic from Google’s network to your on-premises network also takes that same connection, including traffic from VPC networks in your projects.
  • Direct Peering exists outside of Google Cloud Platform. So, unless you need to access Google Workspace applications, the recommended methods of access to Google Cloud Platform are via Dedicated Interconnect or Partner Interconnect.

Carrier Peering

  • Carrier Peering enables you to access Google applications, such as Google Workspace, by using a service provider to obtain enterprise-grade network services that connect your infrastructure to Google.
  • When connecting to Google through a service provider, you can get connections with higher availability and lower latency, using one or more links.

Cloud VPN

  • Cloud VPN securely extends your peer network to Google’s network through an IPsec VPN tunnel.
  • Ipsec VPN tunnels encrypt data by using industry-standard Ipsec protocols as traffic traverses the public Internet.
  • It only requires a VPN device in your on-premises network, unlike Cloud Interconnect that comes with overhead and costs to set up a direct private connection.
  • Cloud VPN pricing is based on the location of the Cloud VPN gateway and the number of tunnels per hour.

Validate Your Knowledge

Question 1

You are running VMs that are currently reaching the maximum capacity on your on-premises data center. You decided to extend your data center infrastructure to Google Cloud to accommodate new workloads. You have to ensure that the VMs that you provisioned in GCP can communicate directly with on-premises resources via a private IP range.

What should you do?

  1. Create a VPC on Google Cloud and configure it as a host for a Shared VPC.
  2. Build a custom-mode VPC. Set up VPC Network Peering between your on-premises network and your newly created VPC to establish a connection through a private IP range.
  3. Provision virtual machines on your on-premises and Google Cloud VPC networks that will serve as bastion hosts. Configure the VMs as proxy servers using public IP addresses.
  4. Set up Cloud VPN between your on-premises network to a VPC network through an IPsec VPN connection.

Correct Answer: 4

On-premises hosts can reach Google APIs and services by using Cloud VPN or Cloud Interconnect from your on-premises network to Google Cloud. On-premises hosts can send traffic from the following types of source IP addresses:

– a private IP address, such as an RFC 1918 address

– a privately used public IP address, except for a Google-owned public IP address. (Private Google Access for on-premises hosts does not support re-using Google public IP addresses as sources in your on-premises network.)

In the following example, the on-premises network is connected to a VPC network through a Cloud VPN tunnel. Traffic from on-premises hosts to Google APIs travels through the tunnel to the VPC network. After traffic reaches the VPC network, it is sent through a route that uses the default Internet gateway as its next hop. This next hop allows traffic to leave the VPC network and be delivered to restricted.googleapis.com (199.36.153.4/30).

https://cloud.google.com/vpc/images/pga-onprem.svg

Hence, the correct answer is: Set up Cloud VPN between your on-premises network to a VPC network through an IPsec VPN connection.

The option that says: Create a VPC on Google Cloud and configure it as a host for a Shared VPC is incorrect because this will only allow resources on multiple GCP projects to communicate with each other by defining a host project. This does not allow you to connect your on-premises data center to Google Cloud.

AWS Exam Readiness Courses

The option that says: Build a custom-mode VPC. Set up VPC Network Peering between your on-premises network and your newly created VPC to establish a connection through a private IP range is incorrect because VPC peering only connects Google VPC networks, regardless of whether they belong to the same project or organization. It will not help you establish a connection between your on-premises and GCP resources.

The option that says: Provision virtual machines on your on-premises and Google Cloud VPC networks that will serve as bastion hosts. Configure the VMs as proxy servers using public IP addresses is incorrect because bastion hosts are specifically designed for end-users to access private instances. Since we need to connect resources and not just users, using bastion hosts will not satisfy the requirement. 

References:
https://cloud.google.com/vpc/docs/private-access-options
https://cloud.google.com/vpc/docs/private-google-access-hybrid#private-vips

Note: This question was extracted from our Google Certified Associate Cloud Engineer Practice Exams.

For more Google Cloud practice exam questions with detailed explanations, check out the Tutorials Dojo Portal:

Google Certified Associate Cloud Engineer Practice Exams

Google Cloud Hybrid Connectivity Cheat Sheet References:

https://cloud.google.com/hybrid-connectivity
https://cloud.google.com/network-connectivity/docs/interconnect/concepts/overview
https://cloud.google.com/network-connectivity/docs/vpn/concepts/overview
https://cloud.google.com/network-connectivity/docs/direct-peering

Tutorials Dojo portal

Be Inspired and Mentored with Cloud Career Journeys!

Tutorials Dojo portal

Enroll Now – Our Azure Certification Exam Reviewers

azure reviewers tutorials dojo

Enroll Now – Our Google Cloud Certification Exam Reviewers

Tutorials Dojo Exam Study Guide eBooks

tutorials dojo study guide eBook

FREE AWS Exam Readiness Digital Courses

Subscribe to our YouTube Channel

Tutorials Dojo YouTube Channel

FREE Intro to Cloud Computing for Beginners

FREE AWS, Azure, GCP Practice Test Samplers

Recent Posts

Written by: Jon Bonso

Jon Bonso is the co-founder of Tutorials Dojo, an EdTech startup and an AWS Digital Training Partner that provides high-quality educational materials in the cloud computing space. He graduated from Mapúa Institute of Technology in 2007 with a bachelor's degree in Information Technology. Jon holds 10 AWS Certifications and is also an active AWS Community Builder since 2020.

AWS, Azure, and GCP Certifications are consistently among the top-paying IT certifications in the world, considering that most companies have now shifted to the cloud. Earn over $150,000 per year with an AWS, Azure, or GCP certification!

Follow us on LinkedIn, YouTube, Facebook, or join our Slack study group. More importantly, answer as many practice exams as you can to help increase your chances of passing your certification exams on your first try!

View Our AWS, Azure, and GCP Exam Reviewers Check out our FREE courses

Our Community

~98%
passing rate
Around 95-98% of our students pass the AWS Certification exams after training with our courses.
200k+
students
Over 200k enrollees choose Tutorials Dojo in preparing for their AWS Certification exams.
~4.8
ratings
Our courses are highly rated by our enrollees from all over the world.

What our students say about us?