Load Balancing for Instance Group SSL Termination
Question
You have an instance group that you want to load balance.
You want the load balancer to terminate the client SSL session.
The instance group is used to serve a public web application over HTTPS.
You want to follow Google-recommended practices.
What should you do?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.A.
https://cloud.google.com/load-balancing/docs/https/The recommended approach for terminating SSL sessions at the load balancer is to use an HTTP(S) Load Balancer.
An HTTP(S) Load Balancer is a Google Cloud Platform service that distributes incoming traffic across multiple backends, such as Compute Engine instances, based on various criteria, including protocol and port number. It supports SSL/TLS offloading, which allows the load balancer to terminate SSL sessions and decrypt traffic before forwarding it to the backend instances. This approach offers several benefits, such as improved security, reduced CPU load on backend instances, and simplified certificate management.
Therefore, the correct answer to the question is A. Configure an HTTP(S) load balancer.
Option B, Configure an internal TCP load balancer, would not terminate the SSL session at the load balancer and would require additional steps to achieve SSL offloading.
Option C, Configure an external SSL proxy load balancer, is not recommended because SSL proxy load balancing can be more complex to configure than HTTP(S) load balancing.
Option D, Configure an external TCP proxy load balancer, is not recommended because it does not support SSL offloading.
In summary, to follow Google-recommended practices for load balancing an instance group that serves a public web application over HTTPS and terminate the client SSL session, you should configure an HTTP(S) Load Balancer.
