GCP – Better together: Google Cloud Load Balancing, Cloud CDN, and Google Cloud Armor
Like many Google Cloud customers, you probably use Global Load Balancing platform to get benefits such as high availability, low latency, and the convenience of a single anycast IP to front-end your global load balancing capacity. But did you know that by adding Cloud CDN and Google Cloud Armor to your existing Global HTTP(S) load balancer deployment, you can get improved web protection and faster web performance. Read on to learn more.
Accelerate web performance by enabling Cloud CDN
At Google we are committed to making the web faster. For example, Cloud Load Balancing supports modern protocols such as Google QUIC and HTTP/2, which improve performance and reduce latency, especially for users on mobile networks.
Then there’s Cloud CDN, which runs on our globally distributed edge points to reduce network latency by caching content closer to your users. Whenever a request is served from the Cloud CDN cache, the load balancer doesn’t need to retrieve content from the backend infrastructure. This allows you to scale seamlessly and easily handle large spikes in demand (e.g., from holiday shopping). As static web elements such as images, videos, etc., can be served from Google’s global edge instead of your backend systems, your users can enjoy faster page loads and a smoother web experience. Finally, Cloud CDN helps you optimize and reduce the cost of delivery: it keeps load off your web servers, keeping down compute usage, and content served out of Google’s edge cache is billed at a lower egress cost.
Improve web protection by enabling Cloud Armor
Google Cloud Armor is the web-application firewall (WAF) and DDoS mitigation service that defends your web apps and services at Google scale. Cloud Armor automatically protects HTTP(S) Load Balancer workloads from volumetric and protocol based DDoS attacks. Users can configure Cloud Armor security policies for custom layer 7 filtering to further protect against application layer attacks.
Cloud Armor helps protect your applications from the threats from the internet while satisfying your organization’s security and compliance requirements and providing near-real time visibility and telemetry about the traffic targeting your applications. With Cloud Armor’s pre-configured WAF rules, you can easily help mitigate the OWASP Top 10 web application security risks and prevent exploit attempts such as SQL injection (SQLi), Cross-Site Scripting (XSS), or Remote Code Execution (RCE).
Cloud Armor allows users to customize the behavior of the edge of Google’s network to suit your business needs. Custom rules can be created using our comprehensive rules language to narrowly tailor what traffic is able to reach your web apps or services by filtering on request headers, parameters, and cookies. For example, you can create geography based access controls, leveraging Google’s own geo-ip database, to make your application available only in desired geographies.
We recently launched Cloud Armor Managed Protection Plus (Beta), which is a managed application protection service bundling Cloud Armor WAF, DDoS Mitigation, and Google-curate rules, and other associated services. Managed Protection Plus is offered as a monthly subscription with enterprise-friendly predictable pricing to further help mitigate the impact of DDoS attacks.
Getting started with enabling Google Cloud Armor and Cloud CDN
With Google Cloud Load Balancing, Google Cloud Armor and Cloud CDN deployed at the edge, your users can get fast, reliable and secure web delivery with global scale and reach.
Once you have set up the HTTP(S) load balancing, Cloud CDN can be enabled by clicking a single checkbox. For details on how to enable Cloud CDN, look at the Cloud CDN how-to guides. You can learn more about the benefits of Cloud CDN in this infographic.For details on how to enable Cloud Armor for your external HTTP(S) load balancer, look at the Google Cloud Armor how-to guides.
Read More for the details.