Introduction

Here, in this Read it will be addressed the concepts of Virtual Private Cloud, Private Cloud and Public Cloud.

What is a virtual private cloud (VPC) ?

A virtual private cloud (VPC) is a secure, isolated private cloud hosted within a public cloud. VPC customers can run code, store data, host websites, and do anything else they could do in an ordinary private cloud, but the private cloud is hosted remotely by a public cloud provider. VPCs combine the scalability and convenience of public cloud computing with the data isolation of private cloud computing.

What is a public cloud? What is a private cloud?

A public cloud is a shared cloud infrastructure. Multiple customers of the cloud vendor access that same infrastructure, although their data is not shared - just like every person in a restaurant orders from the same kitchen, but they get different dishes. Public cloud service providers include AWS, Google Cloud Platform, and Microsoft Azure, among others.

A private cloud, however, is a single-tenant. A private cloud is a cloud service that is exclusively offered to one organization.

How is a VPC isolated within a public cloud ?

A VPC isolates computing resources from other computing resources available in the public cloud. The key technologies for isolating a VPC from the rest of the public cloud are:

Subnets

A subnet is a range of IP addresses within a network that are reserved so that they're not available to everyone within the network, essencialy dividing part of the network for private use. In a VPC these are private IP addresses that are not accessible via the public Internet, unlike typical IP addresses, which are publicity visible.

VLAN

A LAN is a local area network, or a group of computing devices that are all connected to each other without the use of the Internet. A VLAN is a virtual LAN. Like subnet, a VLAN is a way of partitioning a network, but the partitioning takes place at a different layer within the OSI model.

VPN

A virtual private network (VPN) uses encrytion to create a private network over the top of the public network. VPN traffic passes through publicly shared Internet infrastructure - routers, switches, etc.. - but the traffic is scrambled and not visible to anyone.

The VPC customer connects via VPN to their VPC, so that data passing into and out of the VPC is not visible to other public cloud users.

Questions

• How can one host within a VPC any services that need to be public?

If you have a service running on a host within a VPC that needs to be publicly accessible, you can expose it to the internet by setting up a public-facing load balancer or an internet gateway.

It's important to note that exposing a service to the internet can introduce security risks, so it's important to ensure that the service is properly secured and that appropriate security controls are in place. Additionally, it's a good practice to monitor the service and network traffic to identify any potential security issues or performance problems.

• What are examples of services that would live in the publicly-accessible part of the VPC? The privately-accessible part?

Publicly accessible services typically include those that need to be accessible from the internet, such as web servers and email servers. These services are usually placed in the public subnet of the VPC, which is connected to the internet through a public-facing gateway, such as an internet gateway. Examples of publicly accessible services in a VPC include:

Web servers hosting public-facing websites or web applications

Email servers that allow users to send and receive emails from the internet

On the other hand, services that are not intended to be accessed from the internet, such as databases and application servers are typically placed in the private subnet of the VPC. The private subnet is not directly accessible from the internet and can only be accessed through the public subnet using a VPN connection. Examples of services in the private subnet of a VPC include:

Databases that store sensitive data, such as customer information or financial data

• What are the trade-offs of using a VPC vs traditional infrastructure?

A VPC, or Virtual Private Cloud, is a type of cloud computing infrastructure that provides a virtualized network environment to customers, allowing them to launch and manage their own resources in a private, isolated section of the cloud. In contrast, traditional infrastructure typically involves the use of physical servers, switches, and other hardware that are owned and managed by the organization itself.

Cost: VPCs may be more cost-effective than traditional infrastructure, since customers only pay for the resources they use. With traditional infrastructure, organizations often have to purchase and maintain their own hardware, which can be expensive.

Scalability: VPCs are generally more scalable than traditional infrastructure, since they allow customers to rapidly provision and de-provision resources as needed. With traditional infrastructure, scaling up typically involves purchasing and installing additional hardware, which can be time-consuming and costly.

Control: Traditional infrastructure provides customers with greater control over their environment, since they own and manage their own hardware. With VPCs, customers may be limited in their ability to customize their environment or may have to rely on the cloud provider for certain functionality.

Complexity: VPCs can be more complex than traditional infrastructure, since they involve the use of virtualized networks and resources. This can require additional expertise and resources to manage effectively. With traditional infrastructure, organizations may have more control over their environment, but may also face greater complexity in terms of hardware maintenance and management.

REFERENCES

1 - https://www.cloudflare.com/learning/cloud/what-is-a-virtual-private-cloud/