Centralize control with Shared VPC
Вставка
- Опубліковано 1 лис 2019
- Maintain tight control over network resources, while avoiding any roadblocks to teams spinning up the resources they need. In this episode of Cloud networking, see how Shared VPC is a powerful feature that makes GCP more flexible and manageable for your organization.
Getting started with Shared VPC → goo.gle/32hSAgn
Watch other episodes of this series here → goo.gle/2ZmtZEY
Get notified when new episodes are released by subscribing to the GCP Channel → goo.gle/GCP
product:Cloud, Virtual Private Cloud (VPC); fullname: Stephanie Wong;
#NetworkingEndToEnd - Наука та технологія
I learnt more from this 5 min video then I did from a 15 hour paid course in Udemy. Thank you so much!
was that course from Rangananthan ?
Google's Shared VPC is powerful! Google's Shared VPC is one of my top reasons to go with GCP over other cloud providers. Thanks for the excellent demonstration, Stephanie! I learned some great info, here!
Thanks a lot Stephanie! You're the best 💛❤💙💚
Amazing information Stephanie
Thank you Stephanie
Shared VPC is so cool 👍
Excellent...very well explained.
Awesome features
thank you
Thanks for wonderful explanation @stephanie
This is helpful but needs a refresh
Very nice info ;)
are we able to share specific subnet to a specific project only? for example subnet-a should only be shared to project-a, subnet-a shouldn't be seen by other projects
no you can share to multi projects too in same subnets, you can fine grain to use even same node on both projects,
you need your network diagrams clear before implementation
Amazing cool demo :)
Thank you Pallavi ☺️
I could not go fishing yet, unfortunately It does not cover how the resources in service project VPC able to access the shared VPC resources.
indeed it can't, unless i use VM with multihome nic, with 1 extra leg in shared VPC.
The basic idea of Shared VPC is, you put all vNIC in a single VPC, well it will hit the maximum limit of number vNic allowed in a single VPC when it hosts all Projects VMs
So the host project can enforce an org level policy like 'disable external IP' to all service projects? regardless of whether the service project creates an instance from the shared VPC subnet or its own VCP subnet?
can vm's in two different projects that use the same network tag (prod) talk to each other by default or I need to add firewall rules and\or routes to make that happen? for instance, one project hosts the UI and the other project hosts the db but both are on same prod network. UI needs to call to the db.
Time 1:12 Subnet 2 is missing one 0 :)
on John account, what is the minimum permission needed?
The minimum permission needed for John would be Compute Network User role for the Development subnet (roles/compute.networkUser) which means he can create Compute Engine resources in that subnet. He also has the Compute Instance Admin role for the Dev project, so they have full control of Compute Engine instances.
👍🔐
She missed an important step. She need to remove the user who should only see Development from the Production shared subnet
If you watch another GCP video ua-cam.com/video/4MtfyViH9t0/v-deo.html which is almost using same example
They did it right. The steps are around 3:38. You need to remove the 2 users from the shared subnets individually.
Thanks Simartar! You're right, as an added step of precaution, you can remove the user you don't accessing a host project subnet by removing them as a Compute Network user (Service project admin) for that subnet on the Shared VPC page. That means they can't create VMs that host project subnet.
What is the difference between Google Cloud shared VPC and VPC peering? What are the pros and cons of each components?
you use shared VPC when you want to sort of bring subnets (and its resources) under one umbrella (so you can manage the firewalls and networking from a centralised place). SVPC is used for different projects in the same organisation. The communication in a SVPC is as fast as if it was within the same VPC (well, it is the same VPC). On the other hand if you want to connect resources from two different organisations, you use VPC peering. Thats why VPC peering has to be initiated from both VPCs that are supposed to pair with each other.
Why does google hire actors to do these PR videos? These videos look like episodes of Barney & Friends. It would be much more helpful if the nuances of setting up these services are explained as opposed to pretending everything is straightforward; there are many setups where following along with this video doesn't apply and the overly energetic actor just grates and annoys. Mentioning a little about cost is also important.
Who did hit like without watching this video completely?
#Googlecloud
why my third project in free trial can not enable compute engine? when i click enable, it required billing account and when i set the 'My Billing Account' to it, it keeps spinning.
5
GCP has the least technically helpful technical videos. it feels kind a casual talk and just running over things really quick.