Tuesday, June 27, 2017

Re: [google-cloud-sql-discuss] Eliminating SSL overhead by using a Google VM to connect to CloudSQL

Hi Kurt,

I believe you are referring to articles such as this, which says "messages inside of the Google datacenter network will be encrypted". We use encryption in lots of places (such as on disk and HTTPS to users) but this is mostly referring to encryption in our RPC mechanism (closely related to gRPC, which also provides encryption). As traffic from your GCE instance to Cloud SQL is raw packets and not in this RPC mechanism it doesn't automatically get encrypted.

Therefore if you want your traffic encrypted between the VM and the Cloud SQL instance, you should enable SSL.  However note that traffic from GCE to Cloud SQL doesn't leave our network, so whether you need to encrypt this depends on your data and threat model.

You can read more about GCP security at https://cloud.google.com/security/.

David

On Tue, Jun 27, 2017 at 6:12 AM, Kurt Josep <kurt.josephson@gmail.com> wrote:
I remember reading that all traffic between endpoints within the Google ecosystem are encrypted - is that accurate?  Would that mean that I could turn off SSL for MYSQL connections from a Google hosted VM and my Google CloudSQL instance since the traffic would be encrypted anyway?  That would be a pretty big performance boost for my legacy app where the SSL negotiation slows down each request by ~0.5 seconds and requires extra resources that could be devoted to serving more traffic.

Thanks,

-Kurt

--
You received this message because you are subscribed to the Google Groups "Google Cloud SQL discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-cloud-sql-discuss+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-cloud-sql-discuss/46c84354-38ec-4f6e-bbb0-4db06b189810%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Google Cloud SQL discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-cloud-sql-discuss+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-cloud-sql-discuss/CAJZK_bbS6AiXRNeSHBcu%3DZ6K1z02fQrMCddQ99_xwBCZPAN_Tw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)