VPC in Cloud de Confiance versus Google Cloud

Virtual Private Cloud (VPC) provides networking functionality to Compute Engine virtual machine (VM) instances and Google Kubernetes Engine (GKE) clusters. VPC includes networking features such as networks, subnets, IP addresses, routing, and access to Google APIs and services.

This page describes the differences between the Cloud de Confiance and Google Cloud versions of VPC.

For more detailed information about VPC, see the VPC overview and the rest of the VPC documentation.

Key differences

There are some differences between the Cloud de Confiance version of VPC and the Google Cloud version. If you are already familiar with Google Cloud, we recommend that you review these differences carefully, particularly before designing an application to run on Cloud de Confiance. We also recommend reviewing the general differences between Cloud de Confiance and Google Cloud.

If you would like to use a particular VPC feature that isn't currently available in Cloud de Confiance, contact Cloud de Confiance support. To be notified when new features roll out in Cloud de Confiance, subscribe to the release notes. Unless otherwise specified, features that are in preview are not available in Cloud de Confiance.

Network

VPC networks
  • Because there's only one region in Cloud de Confiance, auto mode networks contain only one subnet.
  • There is no default network created when you create a project. Some guides assume that you have a default network. If you need a default network you can manually create an equivalent auto mode network called default.
Legacy networks Not available
IP addresses Global external IPv4 addresses aren't available.
Network Service Tiers

Only Premium Tier is available.

Routing Policy-based routes aren't available.
Private Service Connect
  • Automatic DNS configuration isn't available for endpoints that have published service targets.
  • Endpoints with Google API targets aren't available.
  • Endpoints with regional Google APIs targets aren't available.
  • Backends aren't available.
  • Service connection policies and service connectivity automation aren't available.
  • Connection propagation for Private Service Connect endpoints isn't available.
Private Google Access

The IP addresses for Private Google Access are different:

  • private.googleapis.com:
    • IPv4: 177.222.88.0/30
    • IPv6: 2a13:7500:8302::/64
  • restricted.googleapis.com:
    • IPv4: 177.222.88.4/30
    • IPv6: 2a13:7500:8302:1::/64
Private services access Not available
Bring your own IP address
  • Only v2 prefixes are available in Cloud de Confiance.
  • BYOIP IPv6 sub-prefixes in subnet creation mode aren't available in Cloud de Confiance.
Network profiles Not available.
Network interfaces Dynamic Network Interfaces aren't available.

Regions and zones

Regions and zones Cloud de Confiance has only a single region, though with multiple zones. Multi-region features and cross-region failover aren't supported.

Insights and observability

VPC Flow Logs
  • Flow logs for subnets are available. Flow logs for Cloud VPN and Cloud Interconnect aren't available.
  • The InternetRoutingDetails and GkeDetails records aren't available.

The following information might also affect how you use and design for VPC in Cloud de Confiance by S3NS. These guides include general information about working in Cloud de Confiance, including documentation, security and access control, billing, tooling, and service usage.

For details about other services and features in Cloud de Confiance and their differences from their Google Cloud counterparts, see the product list.

Cloud de Confiance guides