Home
Topics
VPC
Published: 17 June 2024
Contributors: Stephanie Susnjara, Ian Smalley
A virtual private cloud (VPC) is a public cloud offering that lets an enterprise establish its own private cloud-like computing environment on shared public cloud infrastructure.
A VPC allows an enterprise to define and control a virtual network that is logically isolated from all other public cloud tenants, creating a private, secure space on the public cloud.
Imagine that a cloud provider's infrastructure is a residential apartment building with multiple families living inside. Being a public cloud tenant is akin to sharing an apartment with a few roommates. In contrast, having a VPC is like having your own private condominium—no one else has the key, and no one can enter the space without your permission.
A VPC's logical isolation is implemented by using virtual network functions and security features that give an enterprise customer granular control over which IP addresses or cloud applications can access particular resources. This function is analogous to the "friends-only" or "public/private" controls on social media accounts that restrict who can or can't see your otherwise public posts.
VPC falls under the infrastructure as a service (IaaS) category, one of the four most popular cloud service offerings, along with platform as a service (PaaS), software as a service (SaaS) and serverless. All top cloud service providers offer VPC solutions, including Amazon Web Services (AWS), Microsoft Azure, Google Cloud, IBM Cloud®, Oracle Cloud Platform, VMware and more.
Industries that require high levels of security, privacy and control over their data, including healthcare, finance and government, often favor VPCs. According to a Future Market Insights, Inc. report, the virtual private cloud (VPC) market share is predicted to grow from USD 38.8 billion in 2022 to USD 129.6 billion in 2032.1 The drivers behind this growth include the rising demand for simple installation and low-cost disaster recovery (DR) solutions and the growing adoption of virtual private cloud among small and medium businesses.2
Check out this video with Ryan Sumner from IBM Cloud for a deeper dive into VPC, its architecture and its benefits.
Strategic application modernization is one key to transformational success that can boost annual revenue and lower maintenance and running costs.
VPCs are a "best of both worlds" approach to cloud computing. They give customers many advantages of private clouds while using public cloud resources and savings. The following are some key features of the VPC model.
Control the size of your virtual network and deploy cloud resources whenever your business needs them. You can scale these resources dynamically and in real time.
Redundant resources and highly fault-tolerant availability zone architectures mean that your applications and workloads are highly available.
Because a VPC is a logically isolated network, your data and applications won't share space or mix with those of the cloud provider's other customers. You have complete control over how resources and workloads are accessed and by whom.
VPC customers can take advantage of the public cloud's cost-effectiveness, such as saving on hardware costs, labor times and other resources.
Each VPC's main features readily translate into benefits that help your business achieve agility, increased innovation and faster growth:
A virtual private network (VPN) makes a connection to the public Internet as secure as a connection to a private network by creating an encrypted tunnel through which the information travels. You can deploy a VPN as a Service (VPNaaS) on your VPC to establish a secure site-to-site communication channel between your VPC and on-premises environment or other location. By using a VPN, you can connect subnets in multiple VPCs so that they function as if they were on a single network.
Private cloud and virtual private cloud are sometimes—and mistakenly—used interchangeably. A VPC is actually a public cloud offering. A private cloud is a single-tenant cloud environment owned, operated and managed by the enterprise. It is hosted most commonly on premises or in a dedicated space or facility. By contrast, a VPC is hosted on multi-tenant architecture, but each customer's data and workloads are logically separate from those of all other tenants. The cloud provider is responsible for ensuring this logical isolation.
A VPC is a single-tenant concept that allows you to create a private space within the public cloud's architecture. A VPC offers greater security than traditional multi-tenant public cloud offerings but still lets customers take advantage of the public cloud's high availability, flexibility and cost-effectiveness. Sometimes, there might be different ways to scale a VPC and a public cloud account. For instance, extra storage volumes might only be available in blocks of a specific size for VPCs. Not all public cloud features are supported in all VPC offerings.
In a VPC, you can deploy cloud resources—referred to as logical instances—into your own isolated virtual network. These cloud resources fall into three categories:
Most of today's software applications are designed with a three-tier architecture composed of the following interconnected tiers.
The web or presentation tier takes requests from web browsers and presents information created by, or stored within, the other layers to end users. This top-level tier can run on a web browser (as a desktop application) or a graphical user interface (GUI).
The application tier, sometimes called the middle tier, houses the business logic and is where most processing occurs.
The database tier comprises cloud servers that store the data processed in the application tier.
In a three-tier application, all communication goes through the application tier. The presentation and data tiers cannot communicate directly with one another. The application tier communicates with the presentation and data tiers using application programming interface (API) calls.
To create a three-tier application architecture on a VPC, you assign each tier its own subnet, giving it its own IP address range. Each layer is automatically assigned its own unique ACL.
In a virtual private cloud (VPC) model, the VPC provider ensures that each customer's data remains isolated and secure. They accomplish this through cloud security procedures and technologies, including network isolation—subnets, virtual private networks (VPNs), virtual local area networks (VLANs) and so on—that help improve security and control network traffic.
Also, VPCs achieve high levels of security by creating virtualized replicas of the security features used to control access to resources housed in traditional data centers. These security features enable customers to define virtual networks in logically isolated parts of the public cloud and control which IP addresses can access which resources.
Two types of network access controls comprise the layers of VPC security:
The various cloud providers can offer different pricing models in their VPC offerings. It is common for individual VPC resources—such as load balancers, VSIs or storage—to be priced separately. Data transfer charges are also common based on volume, but some cloud providers do not charge for data transfers over private networks.
Determining the best VPC and pricing model to meet your business needs starts with considering the requirements of the applications you are planning to deploy. Are they compute-intensive? Will they require large amounts of memory and CPU? Or are they more balanced regarding their CPU, storage and memory requirements? Answering these questions will help predict your usage needs, allowing you to estimate the potential costs when comparing options.
IBM Cloud Virtual Private Cloud (VPC) is a highly resilient and highly secure software-defined network (SDN) on which you can build isolated private clouds for your business operations while maintaining essential public cloud benefits.
IBM Cloud with Red Hat offers market-leading security, enterprise scalability and open innovation to unlock the full potential of cloud and AI.
IBM Cloud Direct Link is a cloud service that is designed to secure and accelerate data transfer between private infrastructure and IBM Cloud®.
Cloud computing lets you "plug into" infrastructure via the Internet and use computing resources without installing and maintaining them on premises.
Learn how computer networks work, the architecture used to design networks and how to keep them secure.
Virtualization is a process that allows for more efficient utilization of physical computer hardware and is the foundation of cloud computing.
Answers to some of the most commonly asked questions about virtual private clouds.
A virtual machine (VM) is a virtual representation or emulation of a physical computer that uses software instead of hardware to run programs and deploy applications.
Machine learning (ML) is a branch of artificial intelligence (AI) and computer science that focuses on using data and algorithms to enable AI to imitate how humans learn, gradually improving its accuracy.
All links reside outside ibm.com
1 Virtual Private Cloud Market Outlook (2022 to 2032), Future Market Insights, Inc., May 2022.
2 Virtual Private Cloud Market Outlook (2022 to 2032), Future Market Insights, Inc., May 2022.