By Shantanu Kaushik
The continuous development and expansion of cloud computing technologies have led to a significant increase in demands for virtual networks to evolve and operate with more refinements, such as
Alibaba Cloud created virtualization network technologies to achieve this, including the Virtual Private Cloud (VPC) solution.
Traditionally, the network solutions used to work as a combination of virtual and physical networks to generate a consistent network architecture with a data-centric approach. These network systems had to go through the evolution cycle as the enterprise’s scale grew. The scale of virtual networks grew and evolved with the growth of enterprises.
Traditionally, the solutions faced serious problems, such as:
A host of network isolation technologies emerged to overcome these issues. These technologies focused on isolating the physical networks from the virtual networks. However, there were multiple dependencies and restrictions that made the deployment of these technologies limited to a small fraction.
A prime example was the usage of VLAN to isolate users. A restriction surfaced as VLAN could support only up to 4096 users, making the service useless if a larger number of active users accessed the system in isolation. This was not feasible in the current cloud computing scenario.
Alibaba Cloud Virtual Private Cloud helps you build an isolated network environment with the following tools:
Alibaba Cloud enables you to connect your VPC with a traditional IDC using:
Instead of sharing resources in a public infrastructure, Virtual Private Clouds (VPCs) create an isolation practice between entities. This security and isolation practice is why it is called a virtual private network.
VPCs offer enormous advantages and the benefits of cloud computing in a highly secure way. Alibaba Cloud Virtual Private Cloud (VPC) gives you full control, so you do not have to depend on any physical infrastructure or resource orchestration. Alibaba Cloud VPC uses Express Connect and IPsec tunnel to connect to on-premises data centers.
Alibaba Cloud VPC provides an isolated virtual network to manage cloud resources in a secure environment. Alibaba Cloud VPC is based on tunneling technology, and each VPC is identified with a unique tunnel ID. Whenever there is a transfer, the data packets are encapsulated with a unique tunnel ID and transmitted over the network.
These transfers are typically between the Elastic Compute Service (ECS) instances in a VPC. Remember, if you are dealing with different VPCs, they will be using Alibaba Cloud ECS instances with different tunnel IDs. These ECS instances may be located on two different routing planes and cannot communicate with each other. Alibaba Cloud introduced newer tunneling and Software Defined Network (SDN) technologies to overcome this communication challenge. This way, the VPCs can be integrated with gateways and vSwitches to provide smoother communication.
While adapting to the cloud model, organizations generally have concerns related to security, privacy, and sensitive data discovery and protection. Keeping that in mind, the Virtual Private Cloud solution was designed to keep all these concerns at bay. As a user, you should be in control, with operations and management in-house.
With VPC architecture, cloud providers ensure that the public infrastructure is well-isolated and tenants of the system can never access anything they are not supposed to access. Security policies to ensure isolation are implemented for the VPC components. Some of the practices VPC follows are listed below:
A Virtual Private Cloud (VPC) is a private network for your use. You have full control over your VPC. For example, you can specify the CIDR block and configure route tables and gateways. You can also deploy Alibaba Cloud resources in a VPC, such as:
You can seamlessly connect your VPC to other VPCs or on-premises networks to create a custom network environment. This way, you can migrate applications to the cloud and extend data centers.
Virtual Private Cloud (VPC) provides an isolated virtual network that allows you to manage cloud resources in a secure environment based on tunneling technology. Let’s take a look at the architectural flow depicted above. Here, the VPC consists of:
The steps the Alibaba Cloud Virtual Private Cloud (VPC) architecture follows are listed below:
Alibaba Cloud VPC separates the configuration path and the data path from each other efficiently, as shown on the architectural flow above.
The vSwitches work as the distributed nodes within the Alibaba Cloud VPC architecture, where the gateway and controller are deployed in multiple clusters. Multiple data centers are established to facilitate better backup and recovery scenarios. These data centers also account for redundant links for disaster recovery scenarios. This deployment mode improves the overall availability of the VPC.
When we talk about network layer isolation within this architecture, all the ECS instances within the Alibaba Cloud VPC use security groups, such as Cloud Firewall and Web Application Firewall (WAF), to control traffic going to and from ECS instances. This enables a far better security structure.
Alibaba Clouder - April 13, 2021
Alibaba Clouder - April 14, 2021
Alibaba Clouder - April 1, 2021
Alibaba Clouder - February 21, 2020
Alibaba Clouder - April 8, 2021
Alibaba Clouder - April 6, 2021
Respond to sudden traffic spikes and minimize response time with Server Load BalancerLearn More
Deploy custom Alibaba Cloud solutions for business-critical scenarios with Quick Start templates.Learn More
High-performance virtual machines with data transfer plan, starting from $2.50 per monthLearn More
Alibaba Cloud offers an accelerated global networking solution that makes distance learning just the same as in-class teaching.Learn More
More Posts by Alibaba Clouder