Google Cloud Platform allows you to build your own virtual data centers in the cloud.  And one of the most important parts of any data center is the underlying network.  Because you cannot physically access any of Google’s hardware, everything you build in GCP needs to have some level of connectivity.

However, this introduces a problem.  GCP has many different customers.  And each customer is using a different portion of Google’s services.  So Company A might be using five virtual machines and Company B might be using 5 virtual machines.  And all of these VMs could be on the same physical network.  However, Company A and Company B are completely separate.  They do not want to share the same network.  They do not want their servers to talk to each other.  They also do not want to have to worry about networking conflicts (like IP collisions or contradictory firewall rules).  The two companies want to access the same pool of resources, but they also want complete isolation from each other.  That is exactly what Virtual Private Cloud delivers.

Virtual Private Cloud (or VPC for short) allows you to create and maintain your own private virtual networks.  Basically, you use it to create a bunch of VPCs, and each VPC is further broken down into sub-networks (or subnets).  So you could have all your resources running inside a single subnet in one giant VPC.  Or you can break things up into multiple VPCs and multiple subnets.  So you can keep things simple, or get as complicated as you need.

One great feature of VPCs is that they are global.  You can have multiple servers spread out all over the world, but they can still easily communicate with each other.  Subnets are assigned to a specific region.  But this means you can have a subnet dedicated for servers running in the US, another subnet for servers in the UK, and then a third subnet for servers running in China.  They all exist in the same VPC, and so they can all communicate.  Of course, if you want to isolate these servers from each other, that is easy as well.  You would just break them up into separate VPCs.

Google Virtual Private Cloud tries to give you as much control as you need.  You can manually manage everything or let Google handle most things for you.  If you want, you can specify your own CIDR ranges, create custom routes, and define any needed firewall rules.  There are also options for connecting two VPCs together via peering.  You can even share your VPCs with other projects and other teams. 

The ultimate goal is to balance connectivity with security.  By segregating everything into different VPCs, you have full control over what is allowed and disallowed.  You can create a very open VPC to host public web servers.  Or you can create a more locked down VPC for running private, internal application servers.  And, by using Google Private Access you can completely disable all internet access, while still being able to connect to your other GCP resources.  So even though everything is running in the “cloud”, you can still maintain complete control and ensure the privacy for all your business data.