By Prashant Mishra, Alibaba Cloud MVP and CEO, Founder Click2Cloud Inc.
A Virtual Private Cloud (VPC) is an independent, private network that is built within a public cloud environment, You can use PrivateLink to establish a private connection between Alibaba Cloud services and VPCs. PrivateLink simplifies network architecture and provides secure data transmission.
Alibaba Cloud PrivateLink offers private connectivity between VPCs, Alibaba Cloud services, and on-premises networks without exposing your traffic to the public Internet. You must create endpoint services and endpoints via PrivateLink connections to share services between multiple VPCs that belong to the same account.
It simplifies the network architecture and secures the connection between endpoints in Alibaba Cloud by eliminating data exposure to the public Internet. The diagram below shows the architecture of PrivateLink and secure data transmission:
Figure Above: Alibaba Cloud PrivateLink
You have to create endpoint services and endpoints to use PrivateLink connections and share Alibaba Cloud services between different VPCs that connect with the same account. This is illustrated in the diagram above.
There are two VPCs created (VPC-1 and VPC-2) with the same Alibaba Cloud account. Application services are deployed in ECS at VPC-2. For security, VPC-1 accesses the services of VPC-2 through PrivateLink to avoid security risks over the Internet.
You can create a CLB instance that supports PrivateLink in VPC 2 and specify the ECS instances in VPC 2 as the backend servers of the CLB instance. Then, create an endpoint service, and specify the CLB instance as a service resource for the endpoint service. Create an endpoint for VPC 1. After the endpoint for VPC 1 is created, VPC 1 can access the services deployed in VPC 2.
Through PrivateLink, you can access endpoint services within a VPC through other VPCs. You must create endpoints for these VPCs to establish PrivateLink connections. Service providers create and manage the Endpoint services.
Endpoints can be associated with an endpoint service to generate PrivateLink connections. This will allow VPCs to access external services. Endpoints are managed and created by service customers.
1. Global Reach
PrivateLink can connect to services running in other regions privately. The consumer's virtual network can easily connect to services behind PrivateLink in any region.
2. Protection against Data Leakage
A private endpoint is mapped to a virtual machine of a PaaS resource instead of the entire service. Consumers can only connect to this specific resource. Access to any other resource in the service is blocked. This mechanism protects against data leakage risks.
3. Low Risks
PrivateLink connections help users access endpoint services. These requests are forwarded within Alibaba Cloud to avoid risks over the Internet.
4. High Security
When you use PrivateLink to access cloud services in a VPC, you can add rules to the security group of the elastic network interface (ENI) that is used to access the services. This ensures higher security and reliability.
5. Low Latency and High Quality
When you use PrivateLink to access cloud services, requests are forwarded within the same zone. This reduces the network latency significantly.
6. Simplified Management
PrivateLink allows you to access cloud services deployed in another VPC within the same account or services that belong to another account. This avoids complicated route settings and security configurations.
PrivateLink is a safe and secure way to build connections between different VPCs that connect to the same account region. This reduces effort, saves time and money, and provides a high level of security during data transfer.
Alibaba Clouder - April 19, 2021
Alibaba Clouder - February 7, 2020
Alibaba Clouder - February 25, 2020
Alibaba Clouder - January 26, 2021
Alibaba Clouder - December 15, 2017
Alibaba Clouder - June 18, 2020
Connect your VPCs to services in other VPCs through secure, reliable, and private connections.Learn More
A virtual private cloud service that provides an isolated cloud network to operate resources in a secure environment.Learn More
Alibaba Cloud DNS PrivateZone is a Virtual Private Cloud-based (VPC) domain name system (DNS) service for Alibaba Cloud users.Learn More
Deploy custom Alibaba Cloud solutions for business-critical scenarios with Quick Start templates.Learn More
More Posts by PM - C2C_Yuan