Secure NetApp Volumes with a service perimeter

This page shows you how to protect your Google Cloud NetApp Volumes volumes with a service perimeter using VPC Service Controls.

VPC Service Controls protects your volumes against data exfiltration and provides an extra layer of security. For more information about VPC Service Controls, see VPC Service Controls overview.

After the NetApp Volumes API is protected by a service perimeter, NetApp Volumes API requests coming from clients outside of the perimeter must have appropriate access levels.

VPC Service Controls only controls access to the API of the service, which is used for administrative management of its resources. You can't access a volume's content with these APIs, but you can use NFS or SMB. Only clients which are connected to the same network as the volume can connect to the volumes after passing the protocol-specific access control and file permissions. For more information, see the following sections:

• Volume access controls for NFS protocols

• Volume access controls for SMB protocols

• File access control

Secure your volumes using VPC Service Controls

1. Create a service perimeter.

2. Add the NetApp Volumes API to your service perimeter. For instructions on adding a service to your service perimeter, see Update a service perimeter.

VPC Service Controls limitations

For a list of VPC Service Controls limitations for NetApp Volumes, see Supported products and limitations.

What's next

Configure access to Google Cloud NetApp Volumes.