Menu
default-logo-750

GCP – Powering public sector innovation: New networking features in GDC air-gapped

,

For organizations with stringent sovereignty and regulatory requirements, Google Distributed Cloud (GDC) air-gapped delivers a fully-managed experience with critical advanced networking capabilities. But operating in a completely isolated environment presents some unique networking challenges. Routine tasks become significantly more complex and manual, demanding more planning and bespoke solutions than on a connected network.

Today, we’re helping to solve these challenges with three major advancements in networking for GDC air-gapped: native IP address management (IPAM), multi-zone load balancing, and workload-level firewall policies — all powerful new capabilities designed to give you more control over your air-gapped environment. 

Let’s take a look at these new capabilities.

aside_block
<ListValue: [StructValue([(‘title’, ‘Try Google Cloud for free’), (‘body’, <wagtail.rich_text.RichText object at 0x3eb62669aee0>), (‘btn_text’, ‘Get started for free’), (‘href’, ‘https://console.cloud.google.com/freetrial?redirectPath=/welcome’), (‘image’, None)])]>

Streamlined IP management for GDC 

With GDC IP address management, you can now plan, track, and monitor IP addresses for all your workloads and infrastructure. IPAM for GDC is a valuable tool, since many air-gapped deployments consume IP addresses from your organization’s existing private IP address space, which can be difficult to manage, not very scalable, lacking in security, and finite. IPAM for GDC provides the following capabilities:

  • Automated and streamlined IP management: Minimize manual errors and speed up deployments with capabilities that include Per-Org BYO-External IP and Internal-only VPC subnets.
  • Scalable IP management: Expand your network for Day-2 IP growth, free from duplicate IP address conflicts, and with support for non-contiguous subnets.
  • Enhanced security and compliance: Strengthen your posture and meet strict compliance requirements with robust IPAM controls, including subnet delegation and private IPs for zonal infrastructure.
  • Optimized IP resource utilization: Reduce IP sprawl and maximize your finite IP resources.

IPAM for GDC provides the intelligent automation and centralized oversight essential for managing your complete IP lifecycle in secure, air-gapped environments, helping to ensure both operational excellence and adherence to critical regulations.

High availability with multi-zone load balancers

For critical applications, downtime is not an option. Now, you can help your workloads remain resilient and accessible, even in the event of a zone failure.

Our new multi-zone load balancing capability allows you to distribute traffic across multiple availability zones within your GDC environment. Both internal and external load balancers now support this multi-zone functionality, simplifying operations while maximizing uptime. This provides:

  • Continuous availability: Applications remain accessible even during a complete zone failure.

  • Operational simplification: There’s a single Anycast IP address for the application (regardless of where backends are located).

  • Optimized performance: Traffic is routed to the nearest available instance based on network topology and routing metrics.

The load balancing system operates by creating load balancer (LB) objects, which are then handled by new LB API controllers. These controllers manage object conditions, including cross-references and virtual IP address (VIP) auto-reservations, and create Kubernetes services across all clusters.

Workload-level network firewall policies

To secure an environment, you need to control traffic not just at the edge, but between every component inside. That’s why we’re launching workload-level firewall policies as part of the GDC air-gapped product. This feature provides fine-grained control over communication between individual workloads, such as VMs and pods, within a project. This feature helps:

  • Strengthen your security posture: Isolate workloads and limit communication between them.

  • Easily apply policies: Define and apply policies to specific workloads or groups of workloads.

  • Meet regulatory standards: Help adhere to regulatory requirements and internal standards.

GDC air-gapped implements default base network policies to create a secure architecture. In order to allow intra-project or cross-project traffic at the workload level, you can update these default policies as you wish. Policies are multi-zone by default. This means they affect all zones where your labeled workloads are present. You can enforce policies at the workload level using labels and workload selectors.

A new era of network control

These new capabilities — GDC IPAM, multi-zone load balancing, and workload-level firewall policies — represent a significant step forward in providing a robust, resilient, and secure networking experience for the air-gapped cloud. They work together to simplify your operations, strengthen your security posture, and empower you to run your most sensitive applications with confidence.

To learn more about these features, please refer to our documentation or contact your Google Cloud account team.

Related Article

Run AI anywhere with Google Distributed Cloud innovations

GDC offers a fully managed solution for AI and data-intensive workloads, in your own data center or at the edge.

Read Article


Read More for the details.

Related Posts