What is a virtual private cloud (VPC)?
A virtual private cloud (VPC) is a public cloud offering that enables an enterprise to establish its own private cloud-like computing environment on a shared public cloud infrastructure. A VPC gives an enterprise the ability to define and control a virtual network that is logically isolated from all other public cloud tenants, creating a private, secure place on the public cloud.
Imagine that a cloud provider’s infrastructure is a mixed-housing residential building with multiple residents living in its condominiums and apartments. Being a public cloud tenant is akin to sharing an apartment with a few roommates. In contrast, having a VPC is like having your own private condominium — no one else has the key, and no one can enter the space without your permission.
A VPC’s logical isolation is implemented using virtual network functions and security features that give an enterprise customer granular control over which IP addresses or applications can access particular resources. It’s analogous to the friends-only or public/private controls on social media accounts that are used to restrict who can or can’t see otherwise public posts.
What are the advantages of a VPC?
A VPC can provide:
- Agility: Control the size of your virtual network and deploy cloud resources whenever your business needs them. You can scale these resources dynamically and in real time.
- Availability: Redundant resources and highly fault-tolerant availability-zone architectures ensure your applications and workloads are highly available.
- Security: Because the VPC is a logically isolated network, your data and applications won’t share space or mix with those of the cloud provider’s other customers. You have full control over how resources and workloads are accessed — and by whom.
- Affordability: VPC customers can take advantage of the public cloud’s cost-effectiveness, such as saving on hardware costs, labor times and other resources.
What are the business benefits of a VPC?
The business benefits of a VPC include:
- Flexible business growth: Because cloud infrastructure resources can be deployed dynamically — including virtual servers, storage and networking — VPC customers can easily adapt to changes in business needs.
- Satisfied customers: In today’s “always on” digital business environments, customers expect uptime ratios of nearly 100%. The high availability of VPC environments helps enable reliable online experiences that build customer loyalty and increase trust in your brand.
- Reduced risk across the entire data lifecycle: VPCs enjoy high levels of security at the instance or subnet level, or both. This gives you peace of mind and further increases the trust of your customers.
- More resources to channel toward business innovation: With reduced costs and fewer demands on your internal IT team, you can focus your efforts on achieving key business goals and exercising core competencies.
What is the security of a VPC?
VPCs achieve high levels of security by creating virtualized replicas of the security features used to control access to resources housed in traditional data centers. These security features enable customers to define virtual networks in logically isolated parts of the public cloud and control which IP addresses have access to which resources.
Two types of network access controls comprise the layers of VPC security:
- Access control lists (ACLs): An ACL is a list of rules that limit who can access a particular subnet within your VPC. A subnet is a portion or subdivision of your VPC; the ACL defines the set of IP addresses or applications granted access to it.
- Security groups: With a security group, you can create groups of resources (which may be situated in more than one subnet) and assign uniform-access rules to them. For example, if you have three applications in three different subnets, and you want them all to be public internet-facing, you can place them in the same security group. Security groups act like virtual firewalls, controlling the flow of traffic to your virtual servers, no matter which subnet they reside in.
Can I connect my VPC to my other IBM Cloud workloads?
Yes. You can set up access to your IBM Cloud® classic infrastructure from one VPC in each region. For more information, see Setting up access to classic infrastructure.
Can a subnet’s size be changed after it’s created?
No. A subnet cannot be resized after it has been created.
What is the limit on the number of characters in a VPC name?
Currently, the limit is 100. If this limit is exceeded, you might receive an "internal error" message.
Can any of my VPC resource names begin with a number?
No. Although the name can contain numbers, it must begin with a letter.
Are there restrictions on what characters I can use in a name?
Yes. The user interface blocks consecutive double dashes, underscores and periods from being part of a virtual server instance (VSI) name.
During the packet gateway (PGW) creation, do I need to reserve the floating IP address, or does the system automatically reserve the floating IP address? Will I see that floating IP address when I query all the floating IP addresses?
The VPC application programming interface (API) automatically creates a floating IP address along with the public gateway, if an existing floating IP address is not specified. And yes, that floating IP address shows up in the list.
Who enforces that there must be only one public gateway per zone for a VPC?
The VPC API service enforces this limit.
How do you obtain the Cloud Resource Name (CRN) of a VPC?
To obtain the CRN of a VPC, click Menu > Resource list from the IBM Cloud console. Expand VPC Infrastructure to list your VPCs. Select a VPC and then click the Status entry to view its details. Use the icon to copy the CRN and paste it where needed.
Explore your options and learn how to start creating your own virtual private cloud on the IBM Cloud today.