A VPC is a public cloud offering that lets an enterprise establish its own private cloud-like computing environment on shared public cloud infrastructure. A VPC gives an enterprise the ability to define and control a virtual network that is logically isolated from all other public cloud tenants, creating a private, secure place on the public cloud.
Imagine that a cloud provider’s infrastructure is a residential apartment building with multiple families living inside. Being a public cloud tenant is akin to sharing an apartment with a few roommates. In contrast, having a VPC is like having your own private condominium—no one else has the key, and no one can enter the space without your permission.
A VPC’s logical isolation is implemented using virtual network functions and security features that give an enterprise customer granular control over which IP addresses or applications can access particular resources. It is analogous to the “friends-only” or “public/private” controls on social media accounts used to restrict who can or can’t see your otherwise public posts.
VPCs are a “best of both worlds” approach to cloud computing. They give customers many of the advantages of private clouds, while leveraging public cloud resources and savings. The following are some key features of the VPC model:
Each VPC’s main features readily translate into a benefit to help your business achieve agility, increased innovation, and faster growth.
In a VPC, you can deploy cloud resources into your own isolated virtual network. These cloud resources—also known as logical instances—fall into three categories.
The majority of today’s applications are designed with a three-tier architecture comprised of the following interconnected tiers:
To create a three-tier application architecture on a VPC, you assign each tier its own subnet, which will give it its own IP address range. Each layer is automatically assigned its own unique ACL.
For a more detailed explanation of how to create this architecture in a VPC and deploy applications to it, see the blog post “Virtual Private Cloud: The Tech and the Test.”
VPCs achieve high levels of security by creating virtualized replicas of the security features used to control access to resources housed in traditional data centers. These security features enable customers to define virtual networks in logically isolated parts of the public cloud and control which IP addresses have access to which resources.
Two types of network access controls comprise the layers of VPC security:
A virtual private network (VPN) makes a connection to the public Internet as secure as a connection to a private network by creating an encrypted tunnel through which the information travels. You can deploy a VPN-as-a-Service (VPNaaS) on your VPC to establish a secure site-to-site communication channel between your VPC and your on-premises environment or other location. Using a VPN, you can connect subnets in multiple VPCs so that they function as if they were on a single network.
Private cloud and virtual private cloud are sometimes—and mistakenly—used interchangeably. In fact, a virtual private cloud is actually a public cloud offering. A private cloud is a single-tenant cloud environment owned, operated, and managed by the enterprise, and hosted most commonly on-premises or in a dedicated space or facility. By contrast, a VPC is hosted on multi-tenant architecture, but each customer’s data and workloads are logically separate from those of all other tenants. The cloud provider is responsible for ensuring this logical isolation.
A virtual private cloud is a single-tenant concept that gives you the opportunity to create a private space within the public cloud’s architecture. A VPC offers greater security than traditional multi-tenant public cloud offerings but still lets customers take advantage of the high availability, flexibility, and cost-effectiveness of the public cloud. In some cases, there may be different ways of how you scale a VPC and a public cloud account. For instance, additional storage volumes may only be available in blocks of a certain size for VPCs. Not all public cloud features are supported in all VPC offerings.
For answers to some of the most commonly asked questions about virtual private clouds, see "FAQs for VPC."
The various cloud providers may offer different pricing models in their VPC offerings. It is common for individual VPC resources—such as load balancers, VSIs, or storage—to be priced separately. It is also common for data transfer charges to be applied based on volume, but there are some cloud providers do not charge for data transfers over private networks.
To find the VPC offering whose pricing model works best for your business needs, it is vital to consider the requirements of the applications you are planning to deploy. Are they compute-intensive? Will they require large amounts of memory and CPU? Or are they more balanced in terms of their CPU, storage, and memory requirements? Answering these questions accurately helps you to predict your usage needs, which in turn allows you to estimate the potential costs when comparing options.
Highly scalable, single-tenant and multi-tenant compute capacity you can launch fast for maximum network isolation and control.
IBM Cloud® with Red Hat offers market-leading security, enterprise scalability, and open innovation to unlock the full potential of cloud and AI.
IBM Cloud® Direct Link is a cloud service designed to secure and accelerate data transfer between private infrastructure and IBM Cloud®.
Cloud computing lets you "plug into" infrastructure via the internet and use computing resources without installing and maintaining them on-premises.
Learn how computer networks work, the architecture used to design networks, and how to keep them secure.