Google updates its cloud with new networking tools
Google LLC is adding new capabilities to its cloud networking portfolio in order to help customers manage, secure and modernize their applications more easily.
The new features unveiled at Google’s Cloud Next conference in London early Thursday may not set the world alight, but they should help to give information technology admins more peace of mind regarding the security of their cloud deployments.
Google is pitching its new managed Network Address Translation service, Cloud NAT, as the most important upgrade it’s announcing today. NAT refers to the process where a network device, usually a firewall, assigns a public address to a computer or group of computers inside a private network. Organizations generally use NAT is to limit the number of public IP addresses they’re using, for both economy and security reasons.
Cloud NAT, available in beta starting today, manages this process and also allows applications to be provisioned without public IP addresses. The idea is that access to these applications is limited only to users within the organization, while still allowing for updates, patching and configuration management to be done over the web.
“Outside resources cannot directly access any of the private instances behind the Cloud NAT gateway, thereby helping to keep your Google Cloud VPCs isolated and secure,” Google product manager Prajakta Joshi said in a blog post.
Google is further strengthening network security with a new Firewall Rules Logging capability, also available in beta. The new feature helps administrators to audit, verify and analyze the effects of firewall rules they’ve put in place to govern access to their cloud deployments.
“For example, it provides visibility into potential connection attempts that are blocked by a given firewall rule,” Joshi said. “Logging is also useful to determine that there weren’t any unauthorized connections allowed into an application.”
A third new networking capability plugs a possible security gap in HTTPS load balancers.
Load balancing is all about splitting the amount of work that a computer has to do between two or more machines, so that more work gets done in the same amount of time and, in general, all users get served faster. HTTPS load balancing provides extra security for the data in transit as it uses a Transport Layer Security protocol connection, which works to ensure data integrity between two communicating devices.
The biggest problem with this, Joshi said, is that managing TLS certificates for HTTPS load balancers involves a lot of work for network admins. So Google is introducing a new managed certificates service to handle these tasks.
“With Managed Certs, we take care of provisioning root-trusted TLS certificates for you and manage their lifecycle including renewals and revocation,” Joshi explained.
Finally, Google is adding container-native load balancing functionality for applications running on Google Kubernetes Engine and self-managed Kubernetes deployments. This should be a useful capability for developers building apps on Google’s cloud using software containers, which allow software to be built once and run on any platform. Kubernetes is open-source software used to manage large container deployments.
“With this capability, you can program load balancers with network endpoints representing the containers and specified as IP and port pair(s) using a Google abstraction we call Network Endpoint Groups,” Joshi said. “With NEGs, the load balancer now load balances directly to the containers, rather than to VMs, thereby avoiding one or more extra hops.”
Image: Chaitawat/Pixabay
A message from John Furrier, co-founder of SiliconANGLE:
Your vote of support is important to us and it helps us keep the content FREE.
One click below supports our mission to provide free, deep, and relevant content.
Join our community on YouTube
Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.
THANK YOU