Virtual private clouds in the Google Cloud Platform allow even complex network infrastructures to be created quickly and easily. But as any IT manager will confirm, fast does not always mean right – and that is a problem in the cloud, especially when it comes to security. In this workshop, we will therefore show you which on-board tools ensure security. The second part deals with the difference between Firewalls Essentials and Standard. We will also show you how virtual machines can securely access the Internet with Cloud NAT.
Firewall Essentials and Firewall Standard
In autumn 2022, Google made a series of announcements regarding network security at its in-house exhibition Google Next – these include the new products ‘Cloud Firewall Essentials’ and ‘Cloud Firewall Standard’. These comprise the previous VPC firewall rules and supplement them.
An interesting additional feature is tag integration. However, these tags are not the network tags described above, which are used in VPC firewall rules, but resource manager tags. These have the advantage that you can authorise them via IAM. For example, it is possible to create a tag with the key ‘vm-function’ and create a list of possible values such as “database”, ‘app-client’ or ‘app-server’. You then assign permissions to these tags. For example, database administrators could be assigned the role ‘Tag User’ for the tag with the value ‘database’. This allows the relevant administrator to start a VM with the tag and allow database traffic.
You can read the full article online in the IT Administrator Portal.
