Privileged Access Security
IAP TCP Forwarding
Identity-aware secure administrative access to private compute resources.
Google Cloud
Service information
IAP TCP ForwardingShortname: IAP TCP
Huawei equivalent shortnames: CBH
Keywords: privileged access, security, bastion, zero trust
Differences vs Huawei
- Identity-aware proxy access model differs.
- Audit telemetry and policy granularity differ.
Migration to Huawei
- Map detection/prevention policy scope, enforcement points, and response workflows. For Google Cloud IAP TCP Forwarding, the direct Huawei equivalence layer is CBH; validate feature-by-feature parity for control plane, data plane, and operational behavior before cutover.
- Use a composed Huawei migration pattern where needed: CBH + IAM. Treat CBH as the core equivalent capability and use the additional services to cover integration, security, observability, and governance gaps.
- Pricing model difference: Google Cloud usually bills policy/protected-resource tiers plus request/event/scan volume; Huawei usually bills WAF/CFW/DEW/DBSS/DSC billing by edition, protected assets, requests/events, or scans. Recalculate TCO with peak load, request volume, retention period, and cross-region/interconnect traffic before production migration.
Huawei Cloud
Huawei equivalent service
Cloud Bastion HostShortname: CBH
General function: Privileged Access Security
Privileged access and operation audit bastion service.
Keywords: bastion, privileged access, audit