Google Cloud VPN is a service you can use to connect to your virtual private cloud (VPC) network from your local network through an Internet Protocol Security (IPsec) virtual private network (VPN) connection. It’s often used to allow on-site networks to leverage the power of resources on VPCs, and vice versa.
This is a lot of information to digest, but in this guide we’ll break down what it all means. By the end of the article, you’ll have a high-level understanding of what Google Cloud VPN does, and how it might be useful for your organization.
What is a private cloud?
First, let’s define what a private cloud is. Companies that rent resources like data storage servers and virtual machines are using cloud models. There are two types of cloud: private cloud and public cloud. A private cloud is a set of cloud-hosted resources dedicated exclusively to a single customer, whereas public clouds may see customers sharing computing resources such as network bandwidth and processing power.
Private clouds are typically more secure than public clouds. And because resources are not shared with other customers, private cloud performance is more stable and reliable.
However, private clouds are relatively expensive, because they require an investment in hardware and software. They also need someone to manage and maintain the hardware and software, too, and it’s not easy to scale a private cloud up or down when you need to.
What is a virtual private cloud?
A virtual private cloud is a private cloud contained within a public cloud. The cloud provider sells logically isolated parts of its public cloud to many customers.
Importantly, processing and data storage systems aren’t shared between customers in a virtual private cloud. You get your own unique, private cloud resources, and your data is always kept separate from other virtual private clouds. This means a virtual private cloud should be just as secure as a traditional private cloud, but is much less expensive to rent.
How are virtual private clouds managed?
From a network technician’s point of view, virtual private clouds work roughly like traditional offline physical networks, but everything is handled virtually with software. You set up virtual computers, subnets, network partitions, network gateways, and access control parameters, just as you would if you were working with physical devices.
Instead of having to physically set up the devices, setup and maintenance of the virtual cloud is achieved through a browser-based management console.
Within the Google Cloud ecosystem, this service is called Virtual Private Cloud. Other cloud providers use similar names for their services. For instance, Amazon Web Services’ virtual private cloud service is also called Virtual Private Cloud (AWS VPC).
What is a VPN?
Let’s tackle another acronym. A virtual private network (VPN) is a tunnel between two remote networks. It enables devices on separate networks to interact with each other as if they were connected to the same physical network.
In business setups, VPN connections are often made using the internet. Security is therefore an issue, so all data is encrypted. No intermediary server can see what’s being sent, keeping information secure.
For personal use, VPN services are used to increase anonymity and security on the web.
What is a cloud VPN?
Do virtual private clouds have a use for VPNs? Yes, even in virtual private clouds, VPNs are important. The VPN in a virtual private cloud performs the same functions as a VPN does for traditional business networks. Namely, a cloud VPN (e.g., Google Cloud VPN) allows remote networks to securely connect to the virtual private network, and vice versa.
An interesting use case for cloud VPNs is enabling access to the cloud network from your physical network. Your on-site network can use the cloud VPN to access resources in a virtual private cloud as if they were on computers hosted on your local network. Similarly, your cloud-based resources can now leverage the resources that remain on your on-site network.
Another application for cloud VPNs is bridging between two cloud networks. It’s possible to allow access to your Google Virtual Private Cloud from another cloud provider such as Amazon Web Services (AWS), for example. Google Cloud VPN, in this case, is the vital bridge between your two cloud-based services.
Google Cloud VPN: HA vs. Classic
It’s worth noting there are two versions of Google Cloud VPN: HA VPN and Classic VPN. Some of Classic VPN’s functionality was deprecated in March 2022, so Google encourages administrators to move to HA VPN instead.
HA stands for high availability, which works by offering multiple connections at once. It’s easier to set up and maintain than Classic VPN.
Because of its improved setup, when properly configured, HA VPN has an availability service level agreement (SLA, or uptime) of 99.99%. Classic VPN only has a 99.9% availability SLA. This extra reliability can make all the difference for mission-critical applications.
Google Cloud VPN plays a similar role to a traditional VPN in that it allows for secure remote access to network resources as if you were connected on the same network. It’s only different in that it works in the Google Cloud Virtual Private Cloud, the networking layer of Google’s cloud infrastructure.
Google Cloud VPN can be used to securely connect your in-house networks to your virtual private cloud, or to connect multiple virtual private clouds while maintaining a high level of security. It’s available in two versions: HA VPN and Classic VPN, but we strongly encourage you to use the HA VPN version whenever possible.
- Log in to Fireware Web UI.
- Select VPN > Branch Office VPN.
The Branch Office VPN configuration page appears.
- In the Gateways section, click Add.
- In the Gateway Name text box, type a name to identify this BOVPN gateway.
- From the Address Family drop-down list, select IPV4 Addresses.
- In the Credential Method section, select Use Pre-Shared Key.
- In the adjacent text box, type the pre-shared key.
- Keep the default String-Based setting.