VPC (Virtual Private Cloud)

A VPC is a secure, isolated private cloud hosted within a public cloud. You can run code, store data, host websites, and do anything else they could do in an ordinary private cloud, but the private cloud is hosted remotely by a public cloud provider. A private cloud can either be inside an organization or remotely managed by a third party and accessed over the Internet

Private cloud

A private cloud is a cloud service that is exclusively offered to one organization. By using a private cloud, an organization can experience the benefits of cloud computing without sharing resources with other organizations.

Private cloud vs Public cloud

In a public cloud, multiple customers of the cloud vendor access that same infrastructure, although their data is not shared. A private cloud, however, is individual. A private cloud is a cloud service that is exclusively offered to one organization.

VPC Isolation

The key technologies for isolating a VPC from the rest of the public cloud are:

1. Subnets in a VPC these are private IP addresses that are not accessible via the public Internet, unlike typical IP addresses, which are publicly visible.
2. VLAN is a way of partitioning a network, but the partitioning takes place at a different layer within the OSI model (layer 2 instead of layer 3).
3. VPN traffic passes through publicly shared Internet infrastructure – routers, switches, etc. – but the traffic is scrambled and not visible to anyone.

Some VPC providers offer additional customization with NAT that matches private IP addresses to a public IP address for connections with the public Internet, and BGP route configuration that some providers allow customers to customize BGP routing tables for connecting their VPC with their other infrastructure.

Advantages of using VPC over a private cloud

• Scalability
• Easy hybrid cloud deployment (Easy connection via VPN)
• Better performance (Than local hosted servers)
• Better security (It takes away the physical part, one less to hack. And related to updates and maintenance)

Questions

How can one host within a VPC any services that need to be public?

It can be done with an Internet Gateway configured to the instance. This allows the instances to communicate with the public internet. Once you do this, you associate a IP public address with an instance in the VPC to make it accessible publicly.

What are examples of services that would live in the publicly-accessible part of the VPC? The privately-accessible part?

In the publicly-accessible part the examples could be the game servers that need to be in contact with external players. And in the privately-accessible a good example is a company Database server that has no need to be externally accessible and only the internal employees have access.

What are the trade-offs of using a VPC vs traditional infrastructure?

The advantage of using a VPC over a public cloud or an on-premises private cloud is better performance, cloud-hosted websites and applications typically perform better than those hosted on local on-premises servers. Better security, the public cloud providers that offer VPCs often have more resources for updating and maintaining the infrastructure, especially for small and mid-market businesses. But VPC generally costs more to operate than standard cloud hosting.