Skip to content

Create a Google Cloud VPC

It's a best practice to create a dedicated network for your new application within your Google Cloud Project. This provides better security, isolation, and control over your network resources.

Step 1: Create the Custom VPC Network

  1. Navigate to the VPC Networks page in the Google Cloud Console within your project: https://console.cloud.google.com/vpc/networks
  2. Click Create VPC network Create VPC Network

Configure VPC Settings

Basic VPC Configuration:

  • Name: my-cloud-mastery-vpc
  • Description: VPC for migrated application
  • Subnet creation mode: Select Custom create subnet

Configure Subnet

Under New subnet, provide these details:

  • Name: application-subnet
  • Region: Choose a region where you plan to deploy resources, such as us-central1
  • IP address range: Define a private IP range in CIDR notation
    • Recommended: 10.10.1.0/24 (This gives you 256 addresses, from 10.10.1.0 to 10.10.1.255)
  • Private Google Access: Turn it On (allows VMs without external IPs to access Google APIs)
  • Flow logs: Turn Off (unless you need network monitoring)

App Subnet

  1. Click DONE to finish subnet configuration
  2. Click CREATE to create the VPC network

Step 2: Create Firewall Rules

Navigate to VPC network → Firewall and create these essential rules for your new VPC network:

Rule 1: Allow SSH Access

  1. Click Create Firewall Rule
  2. Configure the following settings:
  3. Name: allow-ssh-ingress
  4. Description: Allow SSH access from anywhere
  5. Network: my-cloud-mastery-vpc
  6. Direction of traffic: Ingress
  7. Action on match: Allow
  8. Targets: All instances in the network
  9. Source filter: IPv4 ranges
  10. Source IPv4 ranges: 0.0.0.0/0

  11. Protocols and ports:

    • Check Specified protocols and ports
    • Check TCP
    • Enter port: 22

  12. Click CREATE

Rule 2: Allow HTTP Traffic

  1. Click Create Firewall Rule
  2. Configure the following settings:
  3. Name: allow-http-ingress
  4. Description: Allow HTTP web traffic from anywhere
  5. Network: my-cloud-mastery-vpc
  6. Direction of traffic: Ingress
  7. Action on match: Allow
  8. Targets: All instances in the network
  9. Source filter: IPv4 ranges
  10. Source IPv4 ranges: 0.0.0.0/0 (This allows web traffic from anyone on the internet)
  11. Protocols and ports:
    • Check Specified protocols and ports
    • Check TCP
    • Enter port: 80
  12. Click CREATE http ingress
  1. Click Create Firewall Rule
  2. Configure the following settings:
  3. Name: allow-https-ingress
  4. Description: Allow HTTPS web traffic from anywhere
  5. Network: my-cloud-mastery-vpc
  6. Direction of traffic: Ingress
  7. Action on match: Allow
  8. Targets: All instances in the network
  9. Source filter: IPv4 ranges
  10. Source IPv4 ranges: 0.0.0.0/0

  11. Protocols and ports:

    • Check Specified protocols and ports
    • Check TCP
    • Enter port: 443

  12. Click CREATE

Step 3: Verify Your VPC Configuration

  1. Navigate back to VPC networks
  2. Click on your newly created VPC (my-cloud-mastery-vpc)
  3. Verify the following:
  4. Subnets: Your subnet should be listed with the correct IP range
  5. Firewall rules: All three rules should be associated with your VPC
  6. Routes: Default routes should be automatically created

Network Architecture Overview

Your VPC now provides:

  • Isolation: Your migrated application will run in its own network environment
  • Security: Controlled access through firewall rules
  • Scalability: Room for additional subnets and resources as needed
  • Private Google Access: Ability to access Google APIs without external IPs

VPC Setup Complete

Your Google Cloud VPC is now ready to host your migrated virtual machine. The network provides proper isolation and security for your application.

What's Next

With your VPC network configured, you're ready to move to Phase 7 where we'll import your VMDK file as a bootable GCP image.

← Previous: Upload Image to GCS
Section 7 - Create GCP VPC
Next: Import Image →