Home

Topics

VPC

What is a virtual private cloud?
Explore IBM's VPC solution Sign up for cloud updates
Illustration with collage of pictograms of computer monitor, server, clouds, dots

Published: 17 June 2024
Contributors: Stephanie Susnjara, Ian Smalley

What is a VPC?

A virtual private cloud (VPC) is a public cloud offering that lets an enterprise establish its own private cloud-like computing environment on shared public cloud infrastructure.

A VPC allows an enterprise to define and control a virtual network that is logically isolated from all other public cloud tenants, creating a private, secure space on the public cloud.

Imagine that a cloud provider's infrastructure is a residential apartment building with multiple families living inside. Being a public cloud tenant is akin to sharing an apartment with a few roommates. In contrast, having a VPC is like having your own private condominium—no one else has the key, and no one can enter the space without your permission.

A VPC's logical isolation is implemented by using virtual network functions and security features that give an enterprise customer granular control over which IP addresses or cloud applications can access particular resources. This function is analogous to the "friends-only" or "public/private" controls on social media accounts that restrict who can or can't see your otherwise public posts.

VPC falls under the infrastructure as a service (IaaS) category, one of the four most popular cloud service offerings, along with platform as a service (PaaS), software as a service (SaaS) and serverless. All top cloud service providers offer VPC solutions, including Amazon Web Services (AWS), Microsoft Azure, Google Cloud, IBM Cloud®, Oracle Cloud Platform, VMware and more.

Industries that require high levels of security, privacy and control over their data, including healthcare, finance and government, often favor VPCs. According to a Future Market Insights, Inc. report, the virtual private cloud (VPC) market share is predicted to grow from USD 38.8 billion in 2022 to USD 129.6 billion in 2032.1 The drivers behind this growth include the rising demand for simple installation and low-cost disaster recovery (DR) solutions and the growing adoption of virtual private cloud among small and medium businesses.2

Check out this video with Ryan Sumner from IBM Cloud for a deeper dive into VPC, its architecture and its benefits.

Strategic app modernization drives digital transformation

Strategic application modernization is one key to transformational success that can boost annual revenue and lower maintenance and running costs.

Related content Register for the guide on hybrid cloud
Features of a VPC

VPCs are a "best of both worlds" approach to cloud computing. They give customers many advantages of private clouds while using public cloud resources and savings. The following are some key features of the VPC model.

Agility

Control the size of your virtual network and deploy cloud resources whenever your business needs them. You can scale these resources dynamically and in real time.

Availability

Redundant resources and highly fault-tolerant availability zone architectures mean that your applications and workloads are highly available.

Security

Because a VPC is a logically isolated network, your data and applications won't share space or mix with those of the cloud provider's other customers. You have complete control over how resources and workloads are accessed and by whom.

Affordability

VPC customers can take advantage of the public cloud's cost-effectiveness, such as saving on hardware costs, labor times and other resources.

Benefits of a VPC

Each VPC's main features readily translate into benefits that help your business achieve agility, increased innovation and faster growth:

  • Flexible business growth: Because cloud infrastructure resources—including virtual servers, cloud storage and networking—can be deployed dynamically, VPC customers can quickly adapt to changes in business needs.
  • Satisfied customers: In today's "always-on" digital business environments, customers expect uptime ratios of nearly 100%. The high availability of VPC environments enables reliable online experiences that build customer loyalty and increase trust in your brand.
  • Reduced risk across the entire data lifecycle: VPCs enjoy high levels of security at the instance or subnet level (or both). This feature gives you peace of mind and further increases your customers' trust.
  • More resources to channel toward business innovation: With reduced costs and fewer demands on your internal IT team, you can focus on achieving key business goals and exercising core competencies.
VPC versus ...
VPC versus virtual private network

A virtual private network (VPN) makes a connection to the public Internet as secure as a connection to a private network by creating an encrypted tunnel through which the information travels. You can deploy a VPN as a Service (VPNaaS) on your VPC to establish a secure site-to-site communication channel between your VPC and on-premises environment or other location. By using a VPN, you can connect subnets in multiple VPCs so that they function as if they were on a single network.

VPC versus private cloud

Private cloud and virtual private cloud are sometimes—and mistakenly—used interchangeably. A VPC is actually a public cloud offering. A private cloud is a single-tenant cloud environment owned, operated and managed by the enterprise. It is hosted most commonly on premises or in a dedicated space or facility. By contrast, a VPC is hosted on multi-tenant architecture, but each customer's data and workloads are logically separate from those of all other tenants. The cloud provider is responsible for ensuring this logical isolation.

VPC versus public cloud

A VPC is a single-tenant concept that allows you to create a private space within the public cloud's architecture. A VPC offers greater security than traditional multi-tenant public cloud offerings but still lets customers take advantage of the public cloud's high availability, flexibility and cost-effectiveness. Sometimes, there might be different ways to scale a VPC and a public cloud account. For instance, extra storage volumes might only be available in blocks of a specific size for VPCs. Not all public cloud features are supported in all VPC offerings.

VPC architecture

In a VPC, you can deploy cloud resources—referred to as logical instances—into your own isolated virtual network. These cloud resources fall into three categories:

  • Compute: Virtual server instances (VSIs, also known as virtual servers) are presented to the user as CPUs (vCPUs) with a predetermined amount of computing power, memory and so on.
  • Storage: VPC customers are typically allocated a certain block storage quota per account, with the ability to purchase more. This pricing model is akin to purchasing extra hard disk space. Storage recommendations are based on the nature of your workload.
  • Networking: You can deploy virtual versions of various networking functions into your virtual private cloud account to enable or restrict access to its resources, including:
    • Public gateways: Public gateways are deployed so that all or some areas of your VPC environment can be made available on the public-facing Internet.
    • Load balancers: Load balancers distribute network traffic across multiple VSIs to optimize availability and performance.
    • Routers: Routers direct traffic and enable communication between network segments.
    • Direct or dedicated links: Direct or dedicated network connections enable rapid and secure communications between your on-premises enterprise IT environment or your private cloud and your VPC resources on public cloud.
Other VPC components and terms
  • Regions: Providers host VPCs across regions. A region is a specific geographical location where apps, services and other resources can be deployed. Regions consist of one or more zones, which are physical data centers that house the compute, network and storage resources, with related cooling and power, for host services and applications. Zones are isolated from each other, which ensures that no shared single point of failure within a region occurs.
  • Availability zones: An availability zone is a logically and physically isolated location within a VPC region with independent power, cooling and network infrastructures.
  • Subnets: A subnet is a logical partition of an IP network that's divided into smaller network segments. These fundamental mechanisms within a VPC allocate IP addresses to individual resources (like virtual server instances) and enable various controls to these resources through network access control lists (ACLs), routing tables and resource groups. In a VPC environment, subnets act like private IP addresses that cannot be accessed publicly through the Internet.
  • Route tables: Each subnet in a VPC must be associated with a route table, a collection of rules or routes that control network traffic for the subnet or gateway.
  • Flow logs: Flow Logs enable the collection, storage and presentation of information about the IP traffic going to and from network interfaces within your VPC.
  • Domain name system (DNS) services:  DNS services associated with VPCs allow users to create their own private DNS zones and DNS resource records. Private DNS can improve online privacy and security by encrypting DNS queries and preventing third parties from monitoring online activity.
Three-tier architecture in a VPC

Most of today's software applications are designed with a three-tier architecture composed of the following interconnected tiers.

Web/presentation tier

The web or presentation tier takes requests from web browsers and presents information created by, or stored within, the other layers to end users. This top-level tier can run on a web browser (as a desktop application) or a graphical user interface (GUI).

Application tier

The application tier, sometimes called the middle tier, houses the business logic and is where most processing occurs.

Database tier

The database tier comprises cloud servers that store the data processed in the application tier.

In a three-tier application, all communication goes through the application tier. The presentation and data tiers cannot communicate directly with one another. The application tier communicates with the presentation and data tiers using application programming interface (API) calls. 

To create a three-tier application architecture on a VPC, you assign each tier its own subnet, giving it its own IP address range. Each layer is automatically assigned its own unique ACL.

VPC security

In a virtual private cloud (VPC) model, the VPC provider ensures that each customer's data remains isolated and secure. They accomplish this through cloud security procedures and technologies, including network isolation—subnets, virtual private networks (VPNs), virtual local area networks (VLANs) and so on—that help improve security and control network traffic.

Also, VPCs achieve high levels of security by creating virtualized replicas of the security features used to control access to resources housed in traditional data centers. These security features enable customers to define virtual networks in logically isolated parts of the public cloud and control which IP addresses can access which resources.

Two types of network access controls comprise the layers of VPC security:

  • Access control lists (ACLs): An ACL is a list of rules that limit who can access a particular subnet within your VPC. As previously discussed, a subnet is a portion or subdivision of your VPC; the ACL defines the set of IP addresses or applications granted access to it.
  • Security group: With a security group, you can create groups of resources (which can be situated in more than one subnet) and assign uniform access rules to them. For example, if you have three applications in three different subnets and want them all to be public Internet-facing, you can place them in the same security group. Security groups act like virtual firewalls, controlling the flow of traffic to your virtual servers, no matter which subnet they are in.
VPC pricing

The various cloud providers can offer different pricing models in their VPC offerings. It is common for individual VPC resources—such as load balancers, VSIs or storage—to be priced separately. Data transfer charges are also common based on volume, but some cloud providers do not charge for data transfers over private networks.

Determining the best VPC and pricing model to meet your business needs starts with considering the requirements of the applications you are planning to deploy. Are they compute-intensive? Will they require large amounts of memory and CPU? Or are they more balanced regarding their CPU, storage and memory requirements? Answering these questions will help predict your usage needs, allowing you to estimate the potential costs when comparing options.

VPC use cases
  • Host web applications: Securely host web applications and exercise better control over how network traffic can reach your VPC resources from the Internet.
  • Cloud migration: VPC provides a cost-efficient way to move sensitive on-prem assets to an isolated private cloud within a public cloud environment, ensuring low latency, minimal downtime and robust cloud security.
  • Hybrid cloud strategy: A VPC supports today's hybrid cloud strategy. Developers can connect VPCs to a public cloud or on-premises infrastructure with a VPN, integrating on-prem, private and public cloud resources to create a single, flexible and unified IT infrastructure.
  • Multicloud deployment: VPCs also support multicloud deployments by allowing private connections between VPCs across cloud providers. Multicloud solutions include open-sourcecloud-native technologies like Kubernetes. They also typically include capabilities for managing workloads across multiple clouds with a central console or single pane of glass.
  • DevOps practices: VPC environments support  DevOps practices, accelerating the delivery of higher-quality applications and services.  DevOps automation uses cloud-native tools and technologies to perform routine tasks, thus speeding up workflows and the entire software development lifecycle. 
  • High-performance computing (HPC): VPC environments offer fast-provisioning compute capacity with the highest networking speeds and the most secure, software-defined networking resources to support high-performance computing (HPC) needs of highly regulated industries like finance, healthcare and more.
  • Regulatory compliance and data governance: Adhering to strict regulatory and data governance requirements is critical, especially for global industries like oil and gas. Today's managed service providers for cloud VPCs offer built-in security and regulatory compliance tools and hardware and software solutions for confidential computing. Standard features include encryption options and data residency controls. 
  • Industry-specific clouds: VPCs are an ideal component of industry-specific cloud platforms, a growing trend among industries like finance and healthcare that are looking for sector-specific capabilities that are secure and can deliver business outcomes faster
  • Business continuity disaster recovery (BCDR): Like other cloud-based services, business continuity disaster recovery (BCDR) with VPCs involves mechanisms to protect data and restore service functions. These include various tools, policies and procedures to restore a system, application or data center after a disruption. By replicating crucial infrastructure in a VPC across different regions, organizations can ensure BCDR in the event of a disaster (for example, equipment failures, cyberattacks, natural disasters).
  • Edge computing and the Internet of Things (IoT): As more industries like manufacturing and retail use IoT and edge devices connect to the cloud, there is a need for secure and scalable cloud environments like VPCs.
Related solutions
IBM Cloud VPC solutions

IBM Cloud Virtual Private Cloud (VPC) is a highly resilient and highly secure software-defined network (SDN) on which you can build isolated private clouds for your business operations while maintaining essential public cloud benefits. 

Explore IBM Cloud VPC
IBM Cloud

IBM Cloud with Red Hat offers market-leading security, enterprise scalability and open innovation to unlock the full potential of cloud and AI.

Explore IBM Cloud
IBM Cloud Direct Link

IBM Cloud Direct Link is a cloud service that is designed to secure and accelerate data transfer between private infrastructure and IBM Cloud®.

Explore IBM Cloud Direct Link
IBM Cloud Bare Metal Servers

IBM Cloud Bare Metal Servers are single-tenant, dedicated servers that can be deployed and managed as cloud services. These 100% dedicated, secure, bare metal servers are part of IBM Cloud and available in classic or VPC deployment models. 

Resources What is cloud computing?

Cloud computing lets you "plug into" infrastructure via the Internet and use computing resources without installing and maintaining them on premises.

What is networking?

Learn how computer networks work, the architecture used to design networks and how to keep them secure.

What is virtualization?

Virtualization is a process that allows for more efficient utilization of physical computer hardware and is the foundation of cloud computing.

FAQs for VPC

Answers to some of the most commonly asked questions about virtual private clouds.

What is a virtual machine (VM)?

A virtual machine (VM) is a virtual representation or emulation of a physical computer that uses software instead of hardware to run programs and deploy applications.

What is machine learning (ML)?

Machine learning (ML) is a branch of artificial intelligence (AI) and computer science that focuses on using data and algorithms to enable AI to imitate how humans learn, gradually improving its accuracy.

Take the next step

Designed for industry, security and the freedom to build and run anywhere, IBM Cloud is a full stack cloud platform with over 170 products and services covering data, containers, AI, IoT and blockchain. Use IBM Cloud to build scalable infrastructure at a lower cost, deploy new applications instantly and scale up workloads based on demand.

Explore IBM Cloud Start for free
Footnotes

All links reside outside ibm.com

Virtual Private Cloud Market Outlook (2022 to 2032), Future Market Insights, Inc., May 2022.

Virtual Private Cloud Market Outlook (2022 to 2032), Future Market Insights, Inc., May 2022.