VPC Service Controls in Trusted Cloud versus Google Cloud

VPC Service Controls secures Trusted Cloud services and resources by defining a security perimeter around your resources. VPC Service Controls lets you define security policies that prevent access to Google-managed services outside of a trusted perimeter, block access to data from untrusted locations, and mitigate data exfiltration risks. This page describes the differences between the Trusted Cloud and Google Cloud versions of VPC Service Controls.

For more detailed information about VPC Service Controls, see the VPC Service Controls overview and the rest of the VPC Service Controls documentation.

Key differences

There are some differences between the Trusted Cloud version of VPC Service Controls and the Google Cloud version. Some notable differences include the following:

  • Standalone access levels are unavailable in Trusted Cloud by S3NS.
  • Perimeter bridges are unavailable in Trusted Cloud by S3NS.
  • Support for configuring VPC networks and identity groups in the ingress and egress rules are unavailable.

A more detailed list of differences is provided in the rest of this section. If you are already familiar with Google Cloud, we recommend that you review these differences carefully, particularly before designing an application to run on Trusted Cloud. We also recommend reviewing the general differences between Trusted Cloud and Google Cloud.

If you would like to use a particular VPC Service Controls feature that isn't currently available in Trusted Cloud, contact Trusted Cloud support. To be notified when new features roll out in Trusted Cloud, subscribe to the release notes.

Availability and disaster recovery

Regions and zones Trusted Cloud by S3NS has only a single region, though with multiple zones. Multi-region features and cross-region failover are not supported. Deployment across multiple zones for resiliency is supported.

Security and access control

Access levels
  • Standalone access levels are unavailable. Use access levels in ingress and egress rules instead.
  • Custom access levels are unavailable.
Perimeter bridges
  • Perimeter bridges are unavailable. Use ingress and egress rules instead.
Ingress and egress rules The following features are unavailable when configuring ingress and egress rules:
  • Using service methods.
  • Configuring identities such as service accounts, identity groups, and third-party identities.
  • Configuring VPC networks.
  • Configuring access levels with internal IP addresses.

Integrations

Supported services Only the following services are available for configuring with VPC Service Controls in Trusted Cloud by S3NS:
  • Access Approval
  • Artifact Registry
  • BigQuery
  • BigQuery Reservation API
  • Cloud DNS
  • Cloud KMS
  • Cloud Logging
  • Cloud Monitoring
  • Cloud Storage
  • Cloud SQL
  • Compute Engine
  • Essential Contacts
  • GKE
  • Identity and Access Management (IAM)
  • Organization Policy Service
  • Pub/Sub
  • Resource Manager
  • Security Token Service
  • Service Account Credentials
  • Service Directory

Other differences

Troubleshooting
  • VPC Service Controls troubleshooter is unavailable.

The following information might also affect how you use and design for VPC Service Controls in Trusted Cloud by S3NS. These guides include general information about working in Trusted Cloud, including documentation, security and access control, billing, tooling, and service usage.

For details about other services and features in Trusted Cloud and their differences from their Google Cloud counterparts, see the product list.

Trusted Cloud guides