Virtual private clouds (VPCs) are virtual networks that are isolated from each other. VPCs support flexible configurations to meet requirements of different scenarios.
Deploy applications in a safe manner
Applications deployed in a VPC can provide services to the outside. To control access to the applications over the Internet, you can create security group rules and configure whitelists. You can also isolate application servers from databases to implement access control. For example, you can deploy web servers in a subnet that can access the Internet, and deploy databases in another subnet that cannot access the Internet.
Deploy applications that require access to the Internet
You can deploy applications that require access to the Internet in a subnet of a VPC and use an Internet NAT gateway to route network traffic. You can configure SNAT entries to allow instances in the subnet to access the Internet without the need to expose the private IP addresses. In addition, you can change the elastic IP addresses (EIPs) specified in the SNAT entries to prevent attacks from the Internet.
Implement cross-zone disaster recovery
You can create one or more vSwitches to create one or more subnets for the VPC. vSwitches within the same VPC can communicate with each other. To implement cross-zone disaster recovery, you can deploy resources across vSwitches in different zones.
Isolate business systems
VPCs are logically isolated from each other. You can use multiple VPCs to isolate business systems in different environments such as production and test environments. If you want to enable a VPC to communicate with another one, you can attach the VPCs to a Cloud Enterprise Network (CEN) instance. For more information, see What is CEN?.
Build a hybrid cloud
To expand your on-premises network, you can establish a dedicated connection between a VPC and your data center. This allows you to seamlessly migrate the applications in your data center to the cloud. You do not need to change the access method for the applications.