Google Cloud VPN is a service you can use to connect to your virtual private cloud (VPC) network from your on-premises network through an Internet Protocol Security (IPsec) virtual private network (VPN) connection. It is often used to allow on-premises networks to leverage the power of resources on VPCs, and vice versa.
That’s a lot of information to digest, but in this guide, we’ll break down what it means. By the end of the article, you will have a thorough understanding of what Google Cloud VPN does and how useful it is for your organization.
What is a private cloud?
Let’s first define what a private cloud (opens in a new tab) is. Companies that lease resources such as data storage servers and virtual machines use cloud models. There are two types of cloud: private cloud and public cloud (opens in a new tab). A private cloud is a collection of cloud-hosted resources dedicated exclusively to a single customer, while public clouds can see customers share computing resources such as network bandwidth and processing power.
Private clouds are generally more secure than public clouds. And since resources are not shared with other customers, private cloud performance is more stable and reliable.
However, private clouds are relatively expensive, as they require investment in hardware and software. They also need someone to manage and maintain the hardware and software, and it’s not easy to scale a private cloud up or down when you need it.
What is a Virtual Private Cloud?
A virtual private cloud is a private cloud contained within a public cloud. The cloud provider sells logically isolated parts of its public cloud to many customers.
Importantly, data processing and storage systems are not shared between customers in a virtual private cloud. You get your own unique private cloud resources and your data is always separated from other virtual private clouds. This means that a virtual private cloud should be as secure as a traditional private cloud, but it is much cheaper to rent.
How are virtual private clouds managed?
From a network technician’s perspective, virtual private clouds operate much like traditional offline physical networks, but everything is managed virtually with software. You configure virtual machines, subnets, network partitions, network gateways, and access control settings just as you would if you were working with physical devices.
Instead of having to physically configure devices, virtual cloud configuration and maintenance is done through a browser-based management console.
Within the Google Cloud ecosystem, this service is called Virtual Private Cloud. Other cloud providers use similar names for their services. For example, Amazon Web Services’ Virtual Private Cloud service is also called Virtual Private Cloud (AWS VPCs (opens in a new tab)).
What is a VPN?
Let’s talk about another acronym. A virtual private network (opens in a new tab) (VPN) is a tunnel between two remote networks. It allows devices on separate networks to interact with each other as if they were connected to the same physical network.
In business setups, VPN connections are often established using the Internet. Security is therefore an issue, so all data is encrypted. No intermediate server can see what is being sent, ensuring information security.
For personal use, VPN Services (opens in a new tab) are used to increase anonymity and security on the web.
What is a Cloud VPN?
Do virtual private clouds have a use for VPNs? Yes, even in virtual private clouds, VPNs are important. The VPN in a virtual private cloud performs the same functions as a VPN for traditional corporate networks. Namely, a cloud VPN (e.g. Google Cloud VPN) allows remote networks to securely connect to the virtual private network, and vice versa.
An interesting use case for cloud VPNs is to enable access to the cloud network from your physical network. Your on-premises network can use cloud VPN to access resources in a virtual private cloud as if they were on computers hosted on your on-premises network. Likewise, your cloud-based resources can now take advantage of resources that remain on your on-premises network.
Another application for cloud VPNs is to bridge two cloud networks. It is possible to allow access to your Google Virtual Private Cloud from another cloud provider, such as Amazon Web Services (opens in a new tab) (AWS), for example. Google Cloud VPN, in this case, is the essential bridge between your two cloud-based services.
Google Cloud VPN: high availability and classic
It should be noted that there are two versions of Google Cloud VPN: HA VPN and Classic VPN. Some of Classic VPN’s features were deprecated in March 2022, so Google encourages admins to switch to HA VPN instead.
HA stands for high availability, which works by offering multiple connections at once. It is easier to set up and maintain than regular VPN.
Due to its enhanced configuration, when properly configured, HA VPN has an uptime service level agreement (SLA or uptime) of 99.99%. Classic VPN only has a 99.9% uptime SLA. This added reliability can make all the difference for critical applications.
Google Cloud VPN performs a role similar to a traditional VPN in that it allows secure remote access to network resources as if you were logged in on the same network. The only difference is that it runs in Google Cloud’s Virtual Private Cloud, the network layer of Google’s cloud infrastructure.
Google Cloud VPN can be used to securely connect your internal networks to your virtual private cloud, or to connect multiple virtual private clouds while maintaining a high level of security. It is available in two versions: HA VPN and Classic VPN, but we strongly encourage you to use the HA VPN version whenever possible.