The new Cloud NAT, fully managed by Google, simplifies the process. It allows users to provision application instances without a public IP address, while also allowing them to access the internet for things like patching and updates. Outside resources cannot directly access these private instances behind the Cloud NAT gateway, which keeps these instances secure.
It uses Google's SDN platform Andromeda with no managed middle proxy. "What that means is there is no chokepoint in your network," said Prajakta Joshi, senior product manager for cloud networking at Google Cloud. "You get high performance and scale, and under the hood there is no middle proxy. It is fully software-defined."
It also supports both Google Compute Engine virtual machines (VMs) and Google Kubernetes Engine (GKE) containers. This speaks to Google's two goals for growing its enterprise customers that it wants to address with all of its new cloud services.