Figure 5@3x
Physicalboundarycontrolledby Google
Physicalboundarycontrolledby Google
Google Cloud’s virtual network encryption
Google Cloud’s virtual network encryption
e.g., istio
Google Cloud’s virtual network encryption
Google Cloud’s virtual network encryption
Google Cloud Service
Google Cloud Service
Physicalboundarycontrolledby Google
Wide AreaNetwork(WAN)
Wide AreaNetwork(WAN)
Cloud Load Balancing
e.g., TLS to VM via public IP
TLS
A
C
Virtual Machine
Compute Engine
e.g., n1-standard-1
Virtual Machine
Compute Engine
e.g., n1-standard-1
ALTS
ALTS
E
TLS
D
B
User
Additional User Configurable Protection
Layer 3/4 Default Protection
Layer 7 Default Protection
ALTS
ALTS
GoogleFront End
GoogleFront End
Virtual Machine
Compute Engine
e.g., n1-standard-1