Skip to content
Pass Microsoft, Cisco, Sap and Salesforce Exams
Menu
  • Home
  • Exams
  • Certifications
  • Cloud Computing
  • Cyber Security
  • Contact Us
  • Log in
  • Sign up
Menu

Bastion hosts – Google Associate Cloud Engineer Study Guide

Posted on 2024-09-032024-09-03 by examcert

Bastion hosts are VMs that provide secure access to other VMs in a GCP network. They should be hardened to be more secure than other VMs in the network. This includes using strong passwords and SSH keys, keeping the software up to date, and disabling unnecessary services. The idea is to restrict their access to your on-premises networks or specific narrowed-down network ranges.

Sometimes, bastion hosts are called jump boxes or jump servers. Regardless of the name, the idea is the same. They are secure and allow you to access your cloud infrastructure.

To learn more about bastion hosts and how to securely connect to the Google Cloud instances, visit the following link: https://cloud.google.com/solutions/connecting-securely.

Identity-Aware Proxy

Although Identity-Aware Proxy (IAP) isn’t a part of the Associate Cloud Engineer exam, I’d like to introduce this Google Cloud product as something that’ll be a significant security improvement to your infrastructure.

IAP allows you to securely connect to your instances without a public IP address to both Linux and Windows operating systems. IAP provides a single point of control for managing users and access to systems with just HTTPS access, as can be seen in the following diagram (for more details, refer to https://cloud.google.com/iap/images/iap-load-balancer.png):

Figure 4.26 – Access to VMs with IAP

To learn more about IAP, visit the Google Cloud documentation: https://cloud.google.com/iap/docs/concepts-overview.

Linux instances

For our purposes, we will not use IAP or OS login, which is available to connect to Linux instances. Still, we encourage you to try to connect to both possibilities using both options.

Console

Instances can be accessed from within the Cloud console itself by using Cloud Shell or any other software of your preference available on your operating system.

The following screenshot shows the different ways to connect to a Linux instance:

Figure 4.27 – A Linux instance with options to connect via SSH

We have many options on how we can connect to the instance. They are as follows:

  • Open an SSH connection in the browser window
  • Open an SSH connection in the browser window on a custom port
  • Open SSH connection in the browser window using a provided private SSH key

The most straightforward connection can be achieved by clicking on the SSH button, and a new window will open where we have full access to the instance:

Figure 4.28 – In the browser, an SSH connection to the instance

This connectivity is effortless to establish and use.

Command line

To access an instance from the Cloud Shell, we need to execute the following command:
gcloud compute ssh –zone “zone_name” “instance_name” –project “project_name”

The following screenshot shows that the connection to Cloud Shell using the gcloud command is very easy to establish.

Figure 4.29 – An SSH connection to the instance from Cloud Shell

As many SSH clients are available for many operating systems, it is impossible to cover them all in this book.

The following screenshot shows the SSH session established with the instance, using its public IP address and the PuTTY SSH client from the Windows operating system:

Figure 4.30 – An SSH connection to the instance from Cloud Shell

Connecting to instances is quite an important topic, and we strongly advise trying out connectivity via the SSH protocol.

Post navigation

← Console – Google Associate Cloud Engineer Study Guide
Windows Server instances – Google Associate Cloud Engineer Study Guide →

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Categories

  • 100-150 Study Course
  • AWS Study Course
  • AZ-104 Study Course
  • Certified Advanced Salesforce Admin
  • Cisco Study Course
  • CLF-C02 Study Course
  • Google
  • Google Associate Cloud Engineer
  • Microsoft Study Course
  • Salesforce
  • Study Course
© 2024 Zeusexam, Inc. All rights reserved. | Privacy Statement | Terms of Use | Use of Cookies | Trust | Accessibility | Cookie Preferences | Your Privacy Choices