1. Home
  2. Training Library
  3. Google Cloud Platform
  4. Courses
  5. Configuring Private Google Access

An Overview of Private Google Access for On-Prem Hosts

The course is part of these learning paths

Start course
Overview
Difficulty
Intermediate
Duration
40m
Students
101
Ratings
4.2/5
starstarstarstarstar-border
Description

In this course, we look at configuring Private Google access starting with an overview of what it is, before moving on to networking and DNS configuration as well as routing and firewalls. We'll then walk you through a guided demonstration of how to enable Private Google Access so that you get a practical understanding of the service.

We'll also look at Private Google Access for on-premises hosts, covering domain names, virtual IPs, networking and DNS configuration, and permissions. We'll wrap with Private Services Access and Serverless VPC Access.

Learning Objectives

  • Learn about Private Google Access, its networking and DNS requirements, and how to configure routing and firewalls to use it
  • Learn about Private Google Access for on-premises hosts, its requirements, its permissions, and how to use it
  • Get a high-level overview of Private Services Access and Serverless VPC Access

Intended Audience

This course is intended for those who wish to learn how to configure private Google access on the GCP platform.

Prerequisites

To get the most out of this course, you should have a basic knowledge of GCP.

Transcript

Hello and welcome to private Google access for on-prem hosts. In this lesson, we will take a look at what private Google access for on-prem hosts offers and at some of the specifications and requirements for leveraging it.

Private Google Access for on-prem hosts is designed to offer you the ability to connect to Google APIs and services without needing to do so over the public internet. 

In scenarios where you need to establish connectivity from on-prem hosts to Google APIs and services, you can use cloud VPN or cloud interconnect. Both services allow you to establish connectivity from an on-prem network to Google cloud. In such cases, your on-prem hosts can access Google APIs and services as long as their source IP addresses are private IP addresses or if they are privately used, non-google-owned public IP’s.

For Private Google access for on-prem hosts to work, there are some additional tasks that you need to complete outside of enabling the service. You need to configure DNS along with firewall rules. You also need to ensure you define the proper routes in both your on-prem networks and in your VPC networks. 

As far as DNS configuration goes, when you get private google access enabled for on-prem hosts, the on-prem hosts need to be able to connect to the VIPs, or virtual IP addresses, for Google APIs and services for either restricted.googleapis.com or private.googleapis.com, depending on the services you need to access.  

While Google publishes a public DNS A record for each of these, Google does NOT publish routes for them. That being the case, you need to take care of this on your end. You need to add a custom route advertisement on a Cloud Router and you have to ensure you have custom static routes in your VPC network that can route traffic to the VIP destination for Google APIs and services you wish to use. The routes you configure also need to have their next hop configured to point to the default internet gateway.

I should also mention that any traffic that gets sent from a VPC network to the public VIP range for Google APIs and services remains on Google’s network. It does NOT traverse the public internet. It does not traverse the public internet because there are no public routes to the VIP range published externally by Google. 

Join me in the next lesson, where we’ll take a look at each of the Private Google Access-specific domains and VIPs. We’ll also take a look at what a typical configuration looks like.

About the Author
Avatar
Thomas Mitchell
Instructor
Students
39767
Courses
52
Learning Paths
16

Tom is a 25+ year veteran of the IT industry, having worked in environments as large as 40k seats and as small as 50 seats. Throughout the course of a long an interesting career, he has built an in-depth skillset that spans numerous IT disciplines. Tom has designed and architected small, large, and global IT solutions.

In addition to the Cloud Platform and Infrastructure MCSE certification, Tom also carries several other Microsoft certifications. His ability to see things from a strategic perspective allows Tom to architect solutions that closely align with business needs.

In his spare time, Tom enjoys camping, fishing, and playing poker.