Source URL: https://cloud.google.com/blog/topics/hybrid-cloud/new-networking-features-in-gdc-air-gapped-can-power-innovation/
Source: Cloud Blog
Title: Powering public sector innovation: New networking features in GDC air-gapped
Feedly Summary: For organizations with stringent sovereignty and regulatory requirements, Google Distributed Cloud (GDC) air-gapped delivers a fully-managed experience with critical advanced networking capabilities. But operating in a completely isolated environment presents some unique networking challenges. Routine tasks become significantly more complex and manual, demanding more planning and bespoke solutions than on a connected network.
Today, we’re helping to solve these challenges with three major advancements in networking for GDC air-gapped: native IP address management (IPAM), multi-zone load balancing, and workload-level firewall policies — all powerful new capabilities designed to give you more control over your air-gapped environment.
Let’s take a look at these new capabilities.
aside_block
Streamlined IP management for GDC
With GDC IP address management, you can now plan, track, and monitor IP addresses for all your workloads and infrastructure. IPAM for GDC is a valuable tool, since many air-gapped deployments consume IP addresses from your organization’s existing private IP address space, which can be difficult to manage, not very scalable, lacking in security, and finite. IPAM for GDC provides the following capabilities:
Automated and streamlined IP management: Minimize manual errors and speed up deployments with capabilities that include Per-Org BYO-External IP and Internal-only VPC subnets.
Scalable IP management: Expand your network for Day-2 IP growth, free from duplicate IP address conflicts, and with support for non-contiguous subnets.
Enhanced security and compliance: Strengthen your posture and meet strict compliance requirements with robust IPAM controls, including subnet delegation and private IPs for zonal infrastructure.
Optimized IP resource utilization: Reduce IP sprawl and maximize your finite IP resources.
IPAM for GDC provides the intelligent automation and centralized oversight essential for managing your complete IP lifecycle in secure, air-gapped environments, helping to ensure both operational excellence and adherence to critical regulations.
High availability with multi-zone load balancers
For critical applications, downtime is not an option. Now, you can help your workloads remain resilient and accessible, even in the event of a zone failure.
Our new multi-zone load balancing capability allows you to distribute traffic across multiple availability zones within your GDC environment. Both internal and external load balancers now support this multi-zone functionality, simplifying operations while maximizing uptime. This provides:
Continuous availability: Applications remain accessible even during a complete zone failure.
Operational simplification: There’s a single Anycast IP address for the application (regardless of where backends are located).
Optimized performance: Traffic is routed to the nearest available instance based on network topology and routing metrics.
The load balancing system operates by creating load balancer (LB) objects, which are then handled by new LB API controllers. These controllers manage object conditions, including cross-references and virtual IP address (VIP) auto-reservations, and create Kubernetes services across all clusters.
Workload-level network firewall policies
To secure an environment, you need to control traffic not just at the edge, but between every component inside. That’s why we’re launching workload-level firewall policies as part of the GDC air-gapped product. This feature provides fine-grained control over communication between individual workloads, such as VMs and pods, within a project. This feature helps:
Strengthen your security posture: Isolate workloads and limit communication between them.
Easily apply policies: Define and apply policies to specific workloads or groups of workloads.
Meet regulatory standards: Help adhere to regulatory requirements and internal standards.
GDC air-gapped implements default base network policies to create a secure architecture. In order to allow intra-project or cross-project traffic at the workload level, you can update these default policies as you wish. Policies are multi-zone by default. This means they affect all zones where your labeled workloads are present. You can enforce policies at the workload level using labels and workload selectors.
A new era of network control
These new capabilities — GDC IPAM, multi-zone load balancing, and workload-level firewall policies — represent a significant step forward in providing a robust, resilient, and secure networking experience for the air-gapped cloud. They work together to simplify your operations, strengthen your security posture, and empower you to run your most sensitive applications with confidence.
To learn more about these features, please refer to our documentation or contact your Google Cloud account team.
Related Article
Run AI anywhere with Google Distributed Cloud innovations
GDC offers a fully managed solution for AI and data-intensive workloads, in your own data center or at the edge.
Read Article
AI Summary and Description: Yes
Summary: The text discusses Google Distributed Cloud’s (GDC) new networking capabilities designed for air-gapped environments, emphasizing advancements in IP address management, multi-zone load balancing, and workload-level firewall policies. These features are crucial for organizations with stringent sovereignty and regulatory requirements, enhancing operational efficiency and security for sensitive applications.
Detailed Description:
The text outlines three major advancements in networking provided by Google Distributed Cloud (GDC) for air-gapped environments, focusing on how these enhancements aid organizations with stringent sovereignty and regulatory requirements.
– **Streamlined IP Management for GDC**:
– **Automated and streamlined IP management**: Reduces manual errors and accelerates deployment processes.
– **Scalable IP management**: Allows for expansion without duplicate IP address conflicts and manages non-contiguous subnets effectively.
– **Enhanced security and compliance**: Offers robust controls to meet compliance, like subnet delegation and private IPs for zonal infrastructures.
– **Optimized IP resource utilization**: Help in managing the finite IP resources effectively, reducing IP sprawl.
– **High Availability with Multi-Zone Load Balancers**:
– **Continuous availability**: Maintains application accessibility even during zone failures.
– **Operational simplification**: Utilizes a single Anycast IP address for applications irrespective of backend location.
– **Optimized performance**: Routes traffic efficiently to the nearest available instance based on topology and routing metrics.
– **Workload-Level Network Firewall Policies**:
– **Strengthening security posture**: Enhances security by controlling traffic between workloads.
– **Easily apply policies**: Enables the definition and application of specific policies to workloads.
– **Meeting regulatory standards**: Aids organizations in adhering to regulatory requirements.
These capabilities represent a significant step in improving security, operational efficiency, and regulatory compliance within air-gapped environments. They facilitate the management of sensitive applications, allowing organizations to operate confidently under strict regulatory frameworks. Overall, the new features reflect a comprehensive approach to enhancing both security and functionality in cloud computing environments.