End User to GCP Load Balancer Encryption

For HTTPS load balancers, connections between end users and the GFE are encrypted and authenticated with TLS or QUIC, using certificates that customers provide for the load balancer.

For HTTP load balancers, connections between end users and GFE are not encrypted or authenticated.

For SSL load balancers, connections between end users and the GFE are encrypted with TLS, similarly using customer-provided certificates.

For TCP load balancers, there is no encryption between the end user and the GFE.

What if you DO NOT have access to the company's SSL certificates? (Use SSL Proxy)

User to SSL Proxy can be encrypted using GCP provided or customer provided SSLs.

Cloud Load Balancing with SSL termination (click to enlarge)

The customer's application may, however, use its own encryption between the end user and the VMs.

By using Google Cloud SSL Proxy Load Balancing for your SSL traffic, you can terminate user SSL (TLS) connections at the load balancing layer, and then balance the connections across your backend instances by using the SSL (recommended) or TCP protocols.

You can use either a self-managed certificate, where you supply your own SSL certificate, or a Google-managed certificate, where Google issues a certificate that is valid for all of your domains.

Need a hands-on, GCP Consultant?

Need help with your GCP journey?  Start the conversation today.