[Osaka/Yokohama/Tokushima] Looking for infrastructure/server side engineers!

[Osaka/Yokohama/Tokushima] Looking for infrastructure/server side engineers!

[Deployed by over 500 companies] AWS construction, operation, maintenance, and monitoring services

[Deployed by over 500 companies] AWS construction, operation, maintenance, and monitoring services

[Successor to CentOS] AlmaLinux OS server construction/migration service

[Successor to CentOS] AlmaLinux OS server construction/migration service

[For WordPress only] Cloud server “Web Speed”

[For WordPress only] Cloud server “Web Speed”

[Cheap] Website security automatic diagnosis “Quick Scanner”

[Cheap] Website security automatic diagnosis “Quick Scanner”

[Reservation system development] EDISONE customization development service

[Reservation system development] EDISONE customization development service

[Registration of 100 URLs is 0 yen] Website monitoring service “Appmill”

[Registration of 100 URLs is 0 yen] Website monitoring service “Appmill”

[Compatible with over 200 countries] Global eSIM “Beyond SIM”

[Compatible with over 200 countries] Global eSIM “Beyond SIM”

[If you are traveling, business trip, or stationed in China] Chinese SIM service “Choco SIM”

[If you are traveling, business trip, or stationed in China] Chinese SIM service “Choco SIM”

[Global exclusive service] Beyond's MSP in North America and China

[Global exclusive service] Beyond's MSP in North America and China

[YouTube] Beyond official channel “Biyomaru Channel”

[YouTube] Beyond official channel “Biyomaru Channel”

[Training review] This is what happens when you interact with Google Cloud as if you were using AWS.

 Introduction

nice to meet you. I'm Paru, a 24-year-old and a first-year infrastructure engineer in the System Solutions Department.
I graduated from the Faculty of Letters and am a liberal arts major, but I am working hard every day to become a full-fledged engineer...!

This time, as a review of the training, I
would like to introduce the things that people with no IT experience were confused about when they tried building a server using Google Cloud during role-playing after learning about AWS in a classroom lecture.
For detailed training content, please see the past article below 👀

[Biyo Tsutomu #41] We held a study session regarding training content for new graduate engineers!

Please also check out our past articles on AWS for beginners, which are extremely easy to understand.

[AWS for beginners] Rough explanation! What is Amazon VPC?

Premise: Rough summary of terms

Even though the services are similar, AWS and Google Cloud have different names.
This is a rough introduction, but I hope you will read on with this in mind.

AWS Google Cloud meaning
VPC VPC network virtual network
availability zone zone Group of data centers with geographical distance
Security Groups & Network ACLs firewall rules Function to control communication
Elastic Load Balancing Cloud Load Balancing Ability to distribute received traffic across multiple targets

Network configuration

Now, let's take a look at the differences in network configurations that I encountered first.
AWS and Google Cloud have very different network configurations.
See below.

AWS network configuration

In AWS, VPCs exist within regions .

Additionally, IP address ranges must be added
to each VPC and subnet The IP address range for the subnet is allocated by cutting it out from the IP address range of the VPC.

Google Cloud network configuration

In Google Cloud, exist
within a VPC network In Google Cloud, VPC itself is a global entity, and the difference is created by specifying regions within it.

add
IP address ranges only to subnets In the case of Google Cloud, network expansion and design changes are possible simply by creating a new subnet.

Bonus: Database placement

By the way, depending on the network configuration, there are also differences in how the database is placed.
AWS builds RDS inside a VPC that you create .
builds CloudSQL in its own VPC , rather than within your VPC Therefore, VPC Peering is required to connect your VPC and CloudSQL.
If you build according to AWS guidelines, the database and VPC will not be associated! I'm confused.

Differences in communication control methods

You want to block access from offensive IPs, or you want to allow access only from specific IPs because it's a development environment, etc.
Communication control methods differ depending on the server.
Here, we will compare the differences in communication control methods between AWS and Google Cloud.

AWS security groups and network ACLs

In AWS, you can control communication on an instance-by-instance basis using security groups, and on a subnet-by-subnet basis using network ACLs.

Security groups allow you to set rules that allow
access to individual resources such as EC2 instances It can be used as a means to enhance security by managing inbound (inbound) and outbound (outbound) traffic between AWS resources or between resources and clients.
Additionally, network ACLs you that deny to subnets
Since you can deny specific IPs and ports, you can flexibly set network security policies.

Google Cloud firewall rules

Google Cloud communication control can be configured using only
firewall rules Unlike AWS, there are no changes in the services handled depending on the resource or network unit.
Inbound (receiving) and outbound (sending) settings, as well as permission and denial settings, can be created using firewall rules.

Also, if you want to apply rules to resources, tags to add rules.
If you want to apply a firewall to resources such as instances, you can apply the rules by setting tags when creating firewall rules and adding tags to the target resources.
I remember that when I was just trying to figure out how to use tags during training, I didn't really understand how to use tags, so I created a lot of rules and ended up in a lot of trouble.

Load balancer type

A load balancer is a service that can distribute the load on a server by linking it to multiple servers.
AWS has 4 types , while Google Cloud has
10 types By the way, the service names are also unique, with AWS having the service name Elastic Load Balancing and Google Cloud having the service name
Cloud Load Balancing Here, I would like to compare AWS and Google Cloud load balancers and see why there are different types.
The table below shows each load balancer type.

AWS Google Cloud
Application Load Balancer (ALB)
Network Load Balancer (NLB)
Gateway Load Balancer (GLB)
Classic Load Balancer (CLB)
ApplicationExternal Global Load Balancer
ApplicationExternal Regional Load Balancer
ApplicationInternal Global Load Balancer ApplicationInternal Regional Load Balancer

Global
Proxy Load

Balancer NetworkExternal Regional Proxy Load Balancer Global Proxy Load Balancer
NetworkInternal Regional Proxy Load Balancer NetworkExternal Regional Pass-Through Load Balancer
Network internal regional passthrough load balancer

Elastic Load Balancing (AWS load balancer)

First of all, there are various types of AWS load balancers as follows.

Application Load Balancer (ALB)
Network Load Balancer (NLB) that supports HTTP and HTTPS traffic
Gateway Load Balancer (GLB) that distributes large amounts of access with low latency
Classic Load Balancer (CLB) that can expand third-party virtual networks ) … Similar to ALB and NLB, it distributes load across multiple instances, but only supports EC2-Classic networks.

AWS load balancers can be selected from the above depending on the purpose.

Cloud Load Balancing (Google Cloud's load balancer)

Next, I will briefly explain Google Cloud's load balancer.
In fact, instead of choosing from four types of load balancers like AWS, you will be able to choose one based on the content of your construction.
You can set up a load balancer by selecting from the following steps.

Application type or network
typeApplication type: load balancing at the application layer (receiving requests at layer 7 of the OSI reference model)
Network type: load balancing at the network layer (receiving requests at layer 3 or 4 of the OSI reference model) )

External facing or internal facing
External facing…Receiving communications from the Internet
Internal facing…Receiving communications only within the VPC

Global or regional?
Global... Settings are applied to server resources placed globally and placed at edge PoPs (bases for connecting to networks within Google Cloud from the Internet side).
Regional... A specific region. is placed within the region, and the settings are reflected only within that region.

Proxy type or pass-through type?(Network type only)
Proxy type...Pass-through type, which receives communication requests from clients and can perform processing such as rewriting headers and redirecting
...Communications from clients are passed through as is.

By following these steps, you can install a load balancer such as an "application external global load balancer" or "network internal regional pass-through load balancer," and you can choose from 10 different types. It will be.

It was difficult to understand because there were so many types, and during the training I couldn't understand them, and I was annoyed by the large number of them, but
when I looked at them again, I found that the Google Cloud load balancer can be selected under detailed conditions. I think this can be said to be an advantage of a balancer.

summary

In my first memorable blog post, I talked about the confusion I had when I used Google Cloud to build a server after using AWS as a person with no IT experience.
It was a good opportunity for me to review my training and learn about AWS and Google Cloud again✨I
hope this blog is even a little helpful for IT beginners who are new to the cloud!

Reference website:
Comparing AWS, Azure, and GCP - IaaS edition
AWS/Azure/GCP service comparison Network edition
Understand from scratch! Overall picture of GCP's network security

Understanding the world of Google Cloud load balancers from the perspective of the AWS side that
configures replication from MySQL in AWS EC2 to GCP Cloud SQL [Introduction to AWS] What is AWS ELB? Introducing the types, features, and prices of load balancers
Understanding Google Compute Engine's firewall #gcpja
How to use AWS ACLs and security groups

If you found this article helpful , please give it a like!
7
Loading...
7 votes, average: 1.00 / 17
129
X facebook Hatena Bookmark pocket
[2025.6.30 Amazon Linux 2 support ended] Amazon Linux server migration solution

[2025.6.30 Amazon Linux 2 support ended] Amazon Linux server migration solution

The person who wrote this article

About the author

Paru

24th graduate, System Solutions Department
My dream for the future is to rent a slightly larger room and keep a cat.