image
Networking and DNS for Private Google Access for On-Prem Hosts

Contents

Course Introduction
1
Introduction
PREVIEW2m 15s
GETTING STARTED WITH PRIVATE GOOGLE ACCESS
2
Overview of Private Access Options for Services
PREVIEW2m 32s
OTHER TYPES OF PRIVATE ACCESS
11
Private Services Access Overview
1m 36s
12
Serverless VPC Access Overview
3m 13s
Course Conclusion
13
Conclusion
1m 59s

The course is part of these learning paths

Deepen Your GCP Knowledge
10
4
Google Professional Cloud Security Engineer Exam Preparation
16
2
9
1
Google Professional Cloud Network Engineer Exam Preparation
17
2
11
1
Google Cloud Platform for Solution Architects
17
4
14
Google Professional Cloud Architect Exam Preparation
18
2
14
1
more_horizSee 2 more
Start course
Overview
Difficulty
Intermediate
Duration
40m
Students
781
Ratings
4.5/5
starstarstarstarstar-half
Description

In this Course, we look at configuring Private Google access starting with an overview of what it is, before moving on to networking and DNS configuration as well as routing and firewalls. We'll then walk you through a guided demonstration of how to enable Private Google Access so that you get a practical understanding of the service.

We'll also look at Private Google Access for on-premises hosts, covering domain names, virtual IPs, networking and DNS configuration, and permissions. We'll wrap with Private Services Access and Serverless VPC Access.

Learning Objectives

  • Learn about Private Google Access, its networking and DNS requirements, and how to configure routing and firewalls to use it
  • Learn about Private Google Access for on-premises hosts, its requirements, its permissions, and how to use it
  • Get a high-level overview of Private Services Access and Serverless VPC Access

Intended Audience

This Course is intended for those who wish to learn how to configure private Google access on the GCP platform.

Prerequisites

To get the most out of this Course, you should have a basic knowledge of GCP.

Transcript

Welcome to Networking and DNS for Private Google Access for On-prem hosts. In this lesson, we are going to take a look at the network requirements that must be addressed in order to allow the on-prem resources to send traffic to Google APIs and services.

As we touched on earlier, to use Private Google Access for on-prem hosts, you need to direct traffic to either private.googleapis.com or restricted.googelapis.com, depending on your requirements. The private.googleapis.com domain can be used to access most Google APIs and services, including those that DO support VPC Service Controls and those the DO NOT support VPC Service Controls. The restricted.googleapis.com domain only provides access to APIs that DO support VPC Service Controls.

To use Private Google Access for on-prem hosts, you need to configure your on-prem DNS or Cloud DNS so that your on-prem resources can resolve the IP addresses for the private and restricted domain names. The process for configuring DNS for Private Google Access for on-prem hosts is identical to the process we covered in Networking and DNS Configuration for Private Google Access. However, there is one extra step that you need to take if you are using Cloud DNS rather than your own on-prem DNS.

If you opt to use Cloud DNS to resolve Google APIs and services domain names, you need to ensure that you configure your environment so that your on-prem resources can query the Cloud DNS zones that you create – because creating zones and records in Cloud DNS doesn’t help you if your on-prem resources can’t resolve against it.

To do this, you need to first create an inbound server policy in the VPC network that your on-prem network is connected to. You then need to configure your on-prem environment so that queries for googleapis.com and any other API and service domains are forwarded to an inbound forwarder entry point that exists in the same Google Cloud region as the Cloud VPN tunnel or Cloud Interconnect attachment that was used to connect the on-prem network to your VPC network. 

For a refresher on configuring DNS, go back and take a look at the Networking and DNS Configuration for Private Google Access lesson in this course. Otherwise, join me in the next lesson, where we will talk about routing and firewalls when configuring Private Google Access for on-prem hosts.

 

About the Author
Avatar
Thomas Mitchell
Instructor
Students
82258
Courses
86
Learning Paths
62

Tom is a 25+ year veteran of the IT industry, having worked in environments as large as 40k seats and as small as 50 seats. Throughout the course of a long an interesting career, he has built an in-depth skillset that spans numerous IT disciplines. Tom has designed and architected small, large, and global IT solutions.

In addition to the Cloud Platform and Infrastructure MCSE certification, Tom also carries several other Microsoft certifications. His ability to see things from a strategic perspective allows Tom to architect solutions that closely align with business needs.

In his spare time, Tom enjoys camping, fishing, and playing poker.

Covered Topics

NetworkingSecurityGoogle Cloud PlatformNetworking for GoogleSecurity for GoogleCloud DNSGoogle Virtual Private Cloud (VPC)