Linux Workload Management on Google Compute Engine | Granting Access to Operations Partner

Granting Access to Instances for Operations Partner

Prev Question Next Question

Question

Your company runs its Linux workloads on Compute Engine instances.

Your company will be working with a new operations partner that does not use Google Accounts.

You need to grant access to the instances to your operations partner so they can maintain the installed tooling.

What should you do?

Answers

A. Enable Cloud IAP for the Compute Engine instances, and add the operations partner as a Cloud IAP Tunnel User.

B. Tag all the instances with the same network tag. Create a firewall rule in the VPC to grant TCP access on port 22 for traffic from the operations partner to instances with the network tag.

C. Set up Cloud VPN between your Google Cloud VPC and the internal network of the operations partner.

D. Ask the operations partner to generate SSH key pairs, and add the public keys to the VM instances.

Show Answer

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

https://cloud.google.com/vpc/docs/firewalls

The correct answer to this question is D. Ask the operations partner to generate SSH key pairs, and add the public keys to the VM instances.

Explanation:

In this scenario, the goal is to grant access to the Compute Engine instances to an operations partner who does not use Google Accounts. SSH keys provide a secure way of connecting to Linux instances in Compute Engine. SSH keys consist of a public key that is shared with the remote system and a private key that is kept on the local system.

The steps to grant access to the Compute Engine instances to an operations partner are:

Ask the operations partner to generate an SSH key pair: The operations partner should generate an SSH key pair on their local system using a tool like ssh-keygen. This will create a public key and a private key.
Add the public key to the Compute Engine instances: The public key generated in step 1 should be added to the Compute Engine instances that the operations partner needs to access. This can be done by adding the public key to the instance's metadata.

The following steps can be used to add the public key to the Compute Engine instances:

a. Go to the Compute Engine page in the Google Cloud Console. b. Click on the instance to which you want to add the public key. c. Click on the "Edit" button at the top of the page. d. In the "SSH keys" section, click on "Add item". e. Paste the public key generated by the operations partner into the "Enter entire key data" field. f. Click on "Save" to save the changes.

Share the private key with the operations partner: The private key generated in step 1 should be shared with the operations partner. This will allow them to connect to the Compute Engine instances using SSH.

It is worth noting that enabling Cloud IAP or setting up Cloud VPN are not necessary for granting access to the Compute Engine instances in this scenario. These solutions are more appropriate for granting access to Google Cloud resources from external networks, such as on-premises data centers or remote users. Tagging the instances and creating firewall rules to grant TCP access on port 22 is also not recommended because it can be difficult to manage and maintain over time.

Prev Question Next Question