有没有办法将我的 GCP.network 与企业 VPN 服务器连接起来?
[英]Is there a way to connect my GCP network with a corporate VPN Server?
问题描述
We have a strict security policy which is based on the usage of our VPN.network.
我们有严格的安全政策,该政策基于我们 VPN.network 的使用情况。 I recently joined the company and am trying to strengthen GCP as our new cloud technology.我最近加入了公司,正在努力加强 GCP 作为我们的新云技术。
However the questions I receive are often based on the concern that GCP products like Cloud Run services are "somewhat" in the inte.net.然而,我收到的问题通常是基于对 GCP 产品(如 Cloud Run 服务)在 inte.net 中“有点”的担忧。 I tried to convince the team that GCPs security infrastructure is pretty state-of-the-art and there should not be too much concerns for services to be "invaded".我试图说服团队 GCP 的安全基础设施是最先进的,不应该对服务被“入侵”有太多担忧。
Anyway the core opinion is that the company would like to include the connection/communication to the GCP.network into the boundaries of the corporate VPN.network.无论如何,核心意见是公司希望将与 GCP.network 的连接/通信纳入公司 VPN.network 的边界。
So my question is - if there is a way to manage this?所以我的问题是——是否有办法解决这个问题? Does the GCP.network has a global IP that I can "whitelist" for the VPN.network or what is the approach here? GCP.network 是否有全局 IP,我可以为 VPN.network “白名单”或者这里的方法是什么?
1 个解决方案
解决方案1
1 已采纳 2022-06-22 08:11:51
Google Cloud, AWS, Azure, etc have very good security features by design. Google Cloud、AWS、Azure 等在设计上具有非常好的安全功能。 The key is your knowledge of how to implement good security.关键是您了解如何实施良好的安全性。 To answer your question about one global IP - Google Cloud is a global service consisting of millions of services, frontends, endpoints, etc. Using IP addresses as a security vehicle is a horse and buggy in an era of race cars.回答您关于一个全球 IP 的问题 - Google Cloud 是一项全球服务,由数百万个服务、前端、端点等组成。在赛车时代,使用 IP 地址作为安全工具是一匹马和一辆马车。
Study how authentication and authorization are performed in a zero trust environment .研究如何在零信任环境中执行身份验证和授权。 VPNs are still important but using legacy VPN features will hamper strong security in the cloud. VPN 仍然很重要,但使用旧版 VPN 功能会妨碍云中的强大安全性。
Security for individual services such as Cloud Run must be considered on a case-by-case basis.必须根据具体情况考虑 Cloud Run 等单个服务的安全性。 Cloud Run is a public service. Cloud Run 是一项公共服务。 By adding features, such as serverless connectors, you can configure Cloud Run to be private and accessible only thru your VPN.通过添加无服务器连接器等功能,您可以将 Cloud Run 配置为私有且只能通过您的 VPN 访问。
解决方案2
0 2022-08-11 14:49:37
https://cloud.google.com/vpc/docs/configure-serverless-vpc-access This should help for the VPN access component. https://cloud.google.com/vpc/docs/configure-serverless-vpc-access这应该有助于 VPN 访问组件。
If you want to embed private, zero trust connectivity directly into the application running in GCP serverless then you can embed an SDK from the OpenZiti project.如果您想将私有、零信任连接直接嵌入到在 GCP 无服务器中运行的应用程序中,那么您可以从 OpenZiti 项目中嵌入一个 SDK。 This also completely replaces VPNs, bastions etc. https://openziti.github.io/ziti/overview.html这也完全取代了 VPN、堡垒等。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.