Private Service Connect is a capability of Google Cloud Networking that allows consumers to access managed services privately from inside their VPC network. Similarly, it allows managed service producers to host these services in their own separate VPC networks and offer a private connection to their consumers.

Network Connectivity Center creates a full mesh network between all spokes that are attached to the hub. It propagates all routes learned from a spoke to all the others, thus implementing full-mesh connectivity

BeyondCorp is Google’s implementation of the zero trust model. It builds upon a decade of experience at Google, combined with ideas and best practices from the community. By shifting access controls from the network perimeter to individual users, BeyondCorp enables secure work from virtually any location without the need for a traditional VPN.

Cloud Firestore is a cloud-hosted, NoSQL database that your Apple, Android, and web apps can access directly via native SDKs. Cloud Firestore is also available in native Node.js, Java, Python, Unity, C++ and Go SDKs, in addition to REST and RPC APIs.

Use a bastion host Con: Still have a VM with a public IP Use Cloud VPN/Interconnect Con: Developers are limited as to where they must be (i.e, connected to the network/VPN) Use Identity-Aware Proxy for TCP forwarding to forward a SSH/RDP connection to a remote instance without the need for a VPN connection Conclusion :…

The Identity-Aware Proxy(Cloud IAP) controls access to your cloud applications and VMs running on Google Cloud Platform(GCP)

Allows on-premises hosts to reach Google APIs and services using internal IPs To enable Private Google Access for on-premises hosts,

Application Default Credentials (ADC) is a strategy used by the authentication libraries to automatically find credentials based on the application environment. If you are using API keys, then you don’t need to set up ADC

Service accounts are needed for scenarios where a workload, such as a custom application, needs to access Google Cloud resources or perform actions. After your VM is configured to use the service account, applications can then use the service account to authenticate. The most common method is to authenticate by using Application Default Credentials and…