Data plane architecture
Suggest changes
PDFs
Google Cloud NetApp Volumes for Google Cloud leverages the Google Cloud private services access framework. In this framework, users can connect to the Google Cloud NetApp Volumes. This framework uses Service Networking and VPC peering constructs like other Google Cloud services, ensuring complete isolation between tenants.
For an architecture overview of Google Cloud NetApp Volumes for Google Cloud, see Architecture for Google Cloud NetApp Volumes.
User VPCs (standalone or shared) are peered to VPCs within Google Cloud NetApp Volumes managed tenant projects, which hosts the volumes.
The preceding figure shows a project (the NetApp Volumes consumer project in the middle) with three VPC networks connected to Google Cloud NetApp Volumes and multiple Compute Engine VMs (GCE1-7) sharing volumes:
-
VPC1 allows GCE1 to access volumes A and B.
-
VPC2 allows GCE2 and GCE4 to access volume C.
-
The third VPC network is a shared VPC, shared with two service projects. It allows GCE3, GCE4, GCE5, and GCE6 to access volumes D and E. Shared VPC networks are only supported for volumes of the NetApp Volumes-Performance service type.
|
GCE7 cannot access any volume. |
Data can be encrypted both in-transit (using Kerberos and/or SMB encryption) and at-rest in Google Cloud NetApp Volumes.