1

I'm a total noob on all these networking stuff so please bear with me. I'm a SQL-person and we don't have any network specialist here and I'm doing a small proof of concept with GCP.

I have an instance already created and working fine. This instance have an external IP address. Now, I would like to create a VPC because we are going to create other vm's. Is it possible to create a VPC and add the already created instance to the new VPC? Will a move to the new VPC create any problems with the external IP? Is this the right approach or is it better to just have firewall rules to access the instances?

Also, I would like to create a firewall rule to whitelist a range of IP's that may access the VPC. How do I set this up?

There are persons that won't be able to work on the GCP instances from the whitelisted IP's. Is a VPN the best option? How do I set up VPN so user may connect from their computers to the new VPC (and the instances in there).

Many questions....thanks in advance for any guidance..

Br Cris

Md Zubayer
  • 367
  • 1
  • 7
i_am_cris
  • 557
  • 1
  • 5
  • 19

1 Answers1

2

Google Cloud creates a default VPC. The instance that you created is located in that VPC. You can create a new VPC but you cannot move that instance to the new VPC. You would need to create an image of the instance and then launch a new instance in the new VPC. However, why do you think that you need to create a new VPC? Answer you don't. Use the existing VPC unless you have specific technical reasons.

For your question about the external IP. You will need to move the external IP address to the new instance manually. Note: If the type of external IP address is ephemeral then you cannot manage this address. You must change the address to static which assign this address to your project.

Your question just have firewall rules to access the instances?. Firewall rules do not provide access to an instance in the same manner as an IP address. Firewall rules provide protocol and port access thru the firewall. You will still need an external IP address to access the instance from the public Internet.

Firewall rules are easy to setup and specify. I suggest that you read the documentation on firewall rules so that you understand what you are doing. Here is link.

Setting up a VPN is a good option that I recommend. This is another item where you need to know what you are doing. To make the process simpler, use a marketplace image with a VPN already setup. I recommend OpenVPN. That link will launch the OpenVPN page in Google Marketplace.

John Hanley
  • 74,467
  • 6
  • 95
  • 159
  • Hi John, Thanks for your comments. Ok, so I don't need a new vpc. What about all the default subnets? I cant delete those. Is it a problem to keep them? The IP is static. I will try the openvpn image. Thanks! – i_am_cris Nov 29 '18 at 05:52
  • Google VPC is designed to be global. One subnet per region. You can ignore regions that you do not use. There is no harm/risk/worry having subnets that you do not use. – John Hanley Nov 29 '18 at 05:57
  • ok thanks. I have been reading a lot but don't know how put all things together. I actually created a snapshot of the instance yesterday and created a new instance from that in the new vpc. Worked fine but don't know what to do with the routes. Well, I think your suggested approach is: 1) Keep and use the default vpc, 2) set up firewall rules to whitelist ip ranges, 3) Set up OpenVPN. – i_am_cris Nov 29 '18 at 06:14