Public Cloud – Flexible Engine
Virtual Private Cloud – Isolate cloud resources with configurable VPNs
[Features – Network]
Virtual Private Cloud (VPC) enables you to provision a logically isolated, configurable, and manageable virtual network environment
Virtual Private Cloud (VPC) enables you to provision a logically isolated, configurable, and manageable virtual network environment, improving security of resources in a public cloud and simplifying network deployment.
You have complete control over your virtual network environment, including network creation and DHCP configuration. You can use security groups to improve security of your network environments. Additionally, you can apply for a public IP address for a VPC to connect the VPC to the public network. You can also connect a VPC to your physical data center using a virtual private network (VPN), implementing smooth application migration to the cloud.
A VPC provides the following functions
- Private network customization
- Tenants can customize private subnets in their VPCs and deploy applications and other services in the subnets accordingly.
- Flexible security policy configuration
- Tenants can use security groups to divide ECSs in a VPC into different security zones and then configure different access control rules for each security zone.
- An inbound security group rule enables external access to ECSs in a security group, and an outbound security group rule enables ECSs in a security group to access external networks. If a security group has no access rules after an ECS is added to the security group, the communication between the ECS and the external network is blocked. The default inbound rule enables an ECS to be accessed by other ECSs in the same security group, and the default outbound rule enables ECSs in the security group to access external networks. The security group function cannot resolve the problems caused by network faults or incorrect network configuration. For example, when two ECSs cannot communicate with each other due to the network configuration, they still cannot communicate with each other even if you configure a security group rule to allow the communication between them.
- EIP binding
Tenants can assign independent EIPs in their VPCs. The EIPs can be bound to or unbound from ECSs as required. The binding and unbinding operations take effect immediately after the operations are performed.
- VPN access
By default, ECSs in a VPC cannot communicate with your physical data center or private network. To enable communication between them, tenants can enable the VPN function.
- A VPN connects a physical data center or private network to a VPC, enabling tenants to migrate their applications to the cloud.
Host a simple, public-facing website
You can host a basic web application, such as a simple website, in a VPC. The VPC provides you with an independent network and allows you to gain the privacy and security afforded by VPC. This configuration allows the web server to respond to inbound HTTP and SSL requests from the Internet while simultaneously prohibiting the web server from initiating outbound connections to the Internet.
Host multi-tier web applications
You can use VPC to host multi-tier web applications and strictly enforce access and security restrictions between your web servers, application servers, and databases. You can launch web servers in a publicly accessible subnet and application servers and databases in non-publicly accessible subnets.
Extend your corporate network into the cloud
You can move corporate applications to the cloud, launch additional web servers, or add more computing capacity to your network by connecting your VPC to your corporate network.
Specifications of the features provided by the VPC service
- IP address range: 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16
- Bandwidth range for EIPs: 1 Mbit/s to 1000 Mbit/s
- VPN subnets: 1000