Connect to Dedicated Server Room Workloads from Compute Engine Instances
Question
A company is running workloads in a dedicated server room.
They must only be accessed from within the private company network.
You need to connect to these workloads from Compute Engine instances within a Google Cloud Platform project.
Which two approaches can you take to meet the requirements? (Choose two.)
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D. E. F.DE.
https://cloud.google.com/solutions/secure-data-workloads-use-casesTo connect to the workloads running in a dedicated server room from Compute Engine instances within a Google Cloud Platform project, there are two possible approaches:
Configure the project with Cloud VPN: This approach establishes a secure connection between the on-premises network and the Google Cloud Platform project using a VPN tunnel. The VPN gateway in the Google Cloud Platform project can be configured to route traffic to the workloads running in the dedicated server room, and access to the workloads can be restricted to traffic originating from the VPN gateway. This approach is suitable if the on-premises network has a static IP address.
Configure the project with VPC peering: This approach allows two VPC networks to communicate with each other securely. The VPC network in the Google Cloud Platform project can be peered with the network that contains the workloads running in the dedicated server room. Access to the workloads can be restricted to traffic originating from the peered VPC network. This approach is suitable if the on-premises network has a dynamic IP address.
Therefore, the correct answers are A and E. Configuring the project with Shared VPC (B) and Cloud Interconnect (D) are not relevant to this use case. Configuring all Compute Engine instances with Private Access (F) is not a recommended approach as it only restricts external access to the instances, but does not establish connectivity to the workloads running in the dedicated server room.
