Certified Google Cloud Architect

Author Archives: anuj - Page 32

Subnet to Subnet Routes and Routing Tables in GCP

anuj June 8, 2021 Subnet to Subnet Routes and Routing Tables in GCP2022-09-30T18:07:56+00:00 GCP Networking No Comment

(Also read, Routing across a peered VPC in GCP ) Routes belong to a project (actually, to a network that belongs to a project) The first thing to understand is…

Peered VPCs in GCP and Exchanging of Routes (Automatic Routes Exchange)

anuj June 8, 2021 Peered VPCs in GCP and Exchanging of Routes (Automatic Routes Exchange)2021-06-08T00:32:13+00:00 GCP Networking 1 Comment

How does GCP Routing work for a peered VPC? A router is part of the peering connection. A router gets spun up by default, which allows route exchange. Using a…

Why does a Second Network Interface get its own VPC in GCP

anuj June 8, 2021 Why does a Second Network Interface get its own VPC in GCP2021-06-08T00:25:30+00:00 GCP Networking No Comment

Why does a second network interface require a separate VPC (subnet in a separate VPC) to attach to? The reason has to do partly with the way routes are inherited…

Fewer Subnets with Larger Address Spaces – Best Practices for VPC Subnetting in GCP

anuj June 8, 2021 Fewer Subnets with Larger Address Spaces – Best Practices for VPC Subnetting in GCP2021-06-08T00:25:12+00:00 GCP Networking No Comment

Subnets and Routes work differently in GCP, partly due to the global nature of GCP VPCs. Group applications into fewer subnets with larger address ranges Unlike other networking environments in…

Native GCP Firewall and Firewall Rules

anuj June 6, 2021 Native GCP Firewall and Firewall Rules2022-06-26T23:30:48+00:00 Compute Engine 1 Comment

Firewalls in GCP vs AWS AWS SGs are only ALLOW rules. For DENY, you need to go to NACLs GCP full blown FW rules -allow and deny, just like on…

Egress Costs that come into play with a Transit VPC

anuj June 3, 2021 Egress Costs that come into play with a Transit VPC2021-06-08T00:26:32+00:00 AWS No Comment

Egress charges incur TWICE when traffic goes through a TRANSIT VPC (Regardless of AWS or GCP). This is true on both AWS and GCP. Adding additional filtering appliances introduces…

Patching versus Reloading Images

anuj June 1, 2021 Patching versus Reloading Images2021-06-01T15:53:20+00:00 GCP Infrastructure No Comment

Today's Public Cloud Hosting introduces a slight twist on the data center 'patching' paradigm. Instead of patching an OS, one typically reloads the base image (AMI in AWS, base compute…

KMS Keys in a Single Project or Multiple Projects?

anuj May 28, 2021 KMS Keys in a Single Project or Multiple Projects?2024-01-23T20:29:25+00:00 Cloud KMS No Comment

Also read KMS - Auditing Key Activity and KMS - Monitoring and Alerting Storing all KMS Keys in a single project has some advantages. One can tightly place IAM controls…

KMS Auditing Key Activity

anuj May 28, 2021 KMS Auditing Key Activity2024-01-23T20:29:37+00:00 Cloud KMS 1 Comment

Which KMS Activities are not LOGGED by default? (Also read KMS Monitoring and Alerting ) IMonitoring administrative activities vs. data access activities: All administrative KMS activities are logged by default. For…

«‹30 313233 34 ›»