You want to establish a Compute Engine application in a single VPC across two regions. The application must communicate over VPN to an on-premises network.
How should you deploy the VPN?
You want to establish a Compute Engine application in a single VPC across two regions. The application must communicate over VPN to an on-premises network.
How should you deploy the VPN?
To establish a Compute Engine application in a single VPC across two regions and communicate over VPN to an on-premises network, you should deploy Cloud VPN Gateways in each region. This ensures that each region has at least one VPN tunnel to the on-premises peer gateway. This approach provides redundancy and addresses the regional nature of Cloud VPN objects, ensuring reliable communication.
It can't be -A - VPC Network Peering only allows private RFC 1918 connectivity across two Virtual Private Cloud (VPC) networks. In this example is one VPC with on-premise network https://cloud.google.com/vpc/docs/vpc-peering It is not definitely - B - Can't be It is not C - Because Cloud VPN gateways and tunnels are regional objects, not global So, it the answer is D - https://cloud.google.com/vpn/docs/how-to/creating-static-vpns
Why not A? https://cloud.google.com/vpc/docs/vpc-peering#benefits_of_exchanging_custom_routes The second use case is exactly what is in the question. Don't get the argument about RFC 1918. Will go with A
https://cloud.google.com/vpc/docs/vpc-peering allows internal IP address connectivity across two VPC so A is not the answer as the on premise network need to use public IP. cmiiw
The question clearly asks us to use VPN.
Agreed with D.
Just Passed my exam and I answered (D) for this question
sound promising dude
IS the Exam Idea questions enough dude, for passing this exam?
Cloud VPN Gateway is a regional service, not global.
It can't be -A - VPC Network Peering only allows private RFC 1918 connectivity across two Virtual Private Cloud (VPC) networks. In this example is one VPC with on-premise network https://cloud.google.com/vpc/docs/vpc-peering It is not definitely - B - Can't be It is not C - Because Cloud VPN gateways and tunnels are regional objects, not global So, it the answer is D - https://cloud.google.com/vpn/docs/how-to/creating-static-vpn
D is the correct answer
Go for D. Cloud VPN Gateway is regional. NOt Global gcloud compute vpn-gateways create GW_NAME \ --network=NETWORK \ --region=REGION
Why not C? services across regions can communicate to each other, VPN only connects to the closet region, and all the VPC shall be connected if firewall's set.
As HA isn't required, why do we need two VPN gateways?
Each Cloud VPN gateway is a regional resource that uses one or more regional external IP addresses. A Cloud VPN gateway can connect to a peer VPN gateway.
It´s option C! So, while the VPN Gateway itself is a regional resource, its scope can be effectively global as it can serve resources across different regions within the same Virtual Private Cloud (VPC). This is why it’s sometimes referred to as a ‘global’ service in the context of its functionality, even though strictly speaking, it’s a regional resource.
there is two VPN: 1. classic VPN 2. HA VPN
D is the correct answer, in order to do A you will need VPN., or interconnect
D is ok
D looks fine.
C is wrong. A global vpn is a single region resource. https://cloud.google.com/network-connectivity/docs/vpn/how-to/creating-ha-vpn?hl=it gcloud compute vpn-gateways create GW_NAME \ --network=NETWORK \ --region=REGION \ --stack-type=IP_STACK so D is the answer
Global Cloud VPN Gateway: This feature allows for the creation of a single VPN gateway that can serve multiple regions within the same VPC network. By creating a global VPN gateway, you can efficiently manage VPN connections from all regions of your VPC to your on-premises network. Simplicity and Efficiency: Using a global gateway simplifies the configuration and management of VPN connections as opposed to maintaining separate regional VPN gateways. It centralizes the VPN endpoint on the Google Cloud side, reducing the complexity of the network setup. Reliable and Secure Communication: The global Cloud VPN Gateway allows for secure, encrypted tunnels between Google Cloud and the on-premises network, ensuring that the application’s inter-regional and on-premises communications are secure.
Option C: Create a global VPN gateway and establish VPN tunnels from each region to the on-premises peer gateway. This suggests that a single global VPN gateway manages the tunnels from both regions. Option D: Deploy a VPN gateway in each region and ensure that each region has at least one VPN tunnel to the on-premises peer gateway. This indicates that each region has its own VPN gateway. >Option D ensures that there is a VPN gateway in each region, providing greater redundancy. If a gateway in one region fails, the gateway in the other region remains operational.