Private Service Connect versus Peered VPCs
Overview - What is Private Service Connect? How does it differ from Private Google Access?
Private Google Access ( on GCP)
The idea is exactly the same as the AWS VPC Endpoint. The primary difference is that this is defined at the SUBNET LEVEL (as opposed to the VPC level in AWS).
Private access allows VMs to reach Google services via a private route. Services such as BigQuery, Cloud Bigtable, container registry, Cloud Dataproc, cloud storage can all be reached internally through Private Google access.
What is Private Service Connect ?
Confusingly named, the idea behind Private Service Access is to allow cross VPC (or cross Org) access to your deployed PaaS services. Say you have two different organizations with deployed GCP services - and you would like to grant private access between these two. Normally, a lot of NATing, Public IPs and such would be involved. With Private Service access, GCP offers a way to go from a private IP of a deployed service to another private IP (in the second org). This is made possible through a Private zone (private DNS) that is shared between the two organizations.
Why not just use Peered VPCs?
Private Service Endpoints cannot be accessed from peered VPCs, by design.
Show me how to create a Private Service Connect Service?
- Create a new VPC Network. We will call ours
my-network
. Note specifically, that we must enable Private Google Access. - Click the CONNECT SERVICE link. This is where we are going to create a Private Service Connect endpoint in our network which will be the path we will use to connect to GCP managed services.
- Create a Cloud DNS Zone - and add a record set to the DNS zone
Need an experienced Cloud Professional to help out with your Public Cloud Strategy? Set up a time with Anuj Varma.
Leave a Reply