In the 2024 Nutanix Enterprise Cloud Index (ECI), 90% of respondents said they were taking a “cloud smart” approach to their infrastructure strategy. That typically means a hybrid cloud IT approach as teams leverage the best public and private cloud environments for managing applications and data.
A major component of hybrid IT operations is the virtual private cloud (VPC), which allows organizations to utilize the public cloud with the benefits of private cloud computing.
What is a Virtual Private Cloud (VPC?)
A VPC is a private cloud computing model contained entirely within a public cloud. A set of the public cloud’s resources is logically isolated and reserved for only one client. Compute, storage, networking, and software operations are kept separate from all the other tenants of the public cloud.
Users can store data, run applications and code, host websites and do anything possible in a private cloud. A unique, private IP subnet is assigned to each client, enabling the use of virtualized hardware and software resources as if they are part of an on-prem environment. These subnets let VPCs use a separate, secure network to connect to the Internet and an optional dedicated circuit to the public cloud vendor. Like the public cloud, all VPC resources are available and scalable on demand.
The Private Cloud vs the Public Cloud
A VPC is a dedicated cloud computing environment that sits on-premises, is hosted by an IT services provider or runs from within a public cloud.
Private clouds utilize privately shared virtualized resources. It serves a cluster of dedicated customers — usually all within one organization — and offers Internet, fiber, and private network connectivity. Private cloud environments best suit secure, confidential information and core systems.
Companies can host private clouds on-prem within their own data centers, or they may enlist the help of a third party. Though there’s often a significant upfront cost, the ongoing expenses are usually far less than with the public cloud.
“On-premises systems are generally cheaper, can be more secure, and feel like they provide more control,” analyst David Linthicum told Fierce Network.
The public cloud shares virtualized resources publicly and supports multiple customers at once. Connectivity is only over the Internet, making the public cloud suitable for less confidential information.
The public cloud can be a great option for companies that need to scale their operations quickly. There’s minimal (and sometimes no) initial investment in buying, setting up and maintaining infrastructure, and the usage flexibility means companies can manage their investments accordingly during peak and low-demand times.
However, organizations should be mindful of costs, as they can quickly add up when scaling. There’s also less visibility into security and how data is stored and managed.
VPCs offer access to both worlds, giving scalability and easier management of the public cloud with the more secure private cloud computing environment. Additionally, they can function as a development site for new cloud-native apps, allowing them to run on both private and public cloud platforms.
What’s a VPC vs a VPN?
A VPC shares some similarities with a virtual private network (VPN), though some critical differences exist.
A VPC gives users a private space for their data and resources within a public cloud infrastructure. VPNs create a secure connection to remote servers, encrypting any data between the servers and user devices.
Despite the name, VPCs are also networks and can work with VPNs, adding an extra layer of security for organizations.
The VPC is the secure space and the VPN is the secure pathway to access the applications and data residing in the secure space.
How Does a VPC Actually Work?
In cloud service delivery models, the VPC could be classified as Infrastructure-as-a-Service (IaaS), where one vendor provides the underlying infrastructure, and others supply or manage VPC services. However, the public cloud infrastructure provider is responsible for ensuring data security and integrity for the client organization.
Here’s how all the components of a VPC come together:
The public cloud provider uses encryption to create a VPN within its network. While VPN traffic passes through publicly accessible routers and switches connected to the Internet, it’s scrambled and invisible to other users.
A subnet with a unique range of private IP addresses is reserved for the client using the VPN. These IPs are not accessible to the public via the Internet. The VPC admin can then create their three-tier architecture — web tier that handles requests from browsers, application tier where the business logic resides and processing takes place, and database tier where data processed in the application tier is stored — by assigning a subnet to each tier. These subnets can be secured with an access control list (ACL).
A unique virtual local area network (VLAN) — a group of devices connected to each other outside of the Internet — is also assigned to the client organization. The VLAN partitions the network at the data link layer (layer 2) of the OSI model.
Virtual server instances (VSIs) are presented to end users as virtual CPUs (vCPUs), each allocated a predefined amount of compute and memory resources.
VPC clients get a block storage quota, which they can scale up on a subscription basis.
Networking functions such as load balancers (to distribute traffic across multiple VSIs), Internet gateways (for communication with the regular Internet), dedicated routers (for direct links between segments within the VPC), carrier gateways (for traffic to and from the carrier network), network address translation (NAT) devices and software (for connections to on-prem networks, other VPCs and private subnets on the internet), dedicated DHCP and DNS support, and prefix lists (classless inter-domain routing (CIDR) blocks of frequently-used IP addresses that can be referenced as a set by route tables and security groups) can be set up and managed by users.
Are VPCs Secure?
VPCs are, in effect, virtualized replicas of private clouds hosted on-prem when it comes to security, so they offer similar levels of protection.
A VPC is logically isolated from all other networks inside or outside the underlying public cloud environment. While public cloud security is automatically applied, it remains a shared responsibility between the client organization and the cloud provider.
Organizations must still take proper security cautions, as potential attackers today tend to focus on data within a company. Using access controls, strong asset management practices and regular testing and training can help mitigate some of the human errors that lead to data breaches.
Other Benefits of a VPC
Beyond security, VPCs can help companies reach new levels of efficiency and productivity. Some of the more notable benefits include:
Agility and Scalability – Each component of the VPC can be scaled up and down — in an automated, dynamic and real-time fashion — as needed. The client organization has complete and granular control over the network, storage and compute resources used by the VPC.
Availability – The underlying public cloud infrastructure provides redundant and highly fault-tolerant zone architectures. Business-critical workloads rarely face downtime because the cloud provider is constantly acquiring and upgrading the hardware that powers the VPC.
Performance – The inherent performance advantage of cloud-hosted websites and cloud-native applications over on-premise deployments is undeniable. VPCs take full advantage of these optimized and constantly upgraded cloud resources.
Integration with Hybrid Cloud – A VPC is technically already connected to the underlying public cloud infrastructure. It needs just one more hop to connect to another public or private cloud or on-prem data center. Doing so easily integrates a VPC into a hybrid, multicloud environment.
Access to AI Technology – As AI adoption becomes more prevalent, organizations can deploy models within the VPC, seamlessly incorporating AI tools into team workflows. “The on-demand and pay-as-you-go tenets of cloud infrastructure facilitate access to the latest AI technology without large upfront investments or supply chain delays," IDC’s Dave McCarthy told ITPro.
Build on the HCI Advantage – Hyperconverged infrastructure (HCI) is the ideal foundation for hosting private clouds because it combines universal data center hardware elements with intelligent, purpose-built software. It’s a step between legacy IT infrastructures and the private cloud. It “converges” on-premise assets such as servers, storage networks, and storage arrays (such as NAS or SAN) into a streamlined infrastructure, presenting strong growth potential into a hybrid IT infrastructure or hybrid/multi-cloud environment.
What Info is Needed to Create a VPC
Before building a virtual private cloud, gather some basic information. Each VPC needs a name, region for use (typically created as a subnet), and IP address range, which is defined by CIDR blocks. VPCs can also have elements like firewall rules to manage traffic between network resources.
It’s a good idea to go beyond the basics, though. Align on goals for the VPC and how it will fit into the existing tech stack. Knowing what it will be used for makes any future updates more straightforward.
Ideally, a VPC will continue operating and expanding alongside changes in the business. Automating, updating, scaling, and connecting a VPC to other modern platforms and services is a recipe for successful growth.
How to Build A Virtual Private Cloud
Deploying a virtual private cloud for an organization can be complex without a plan. IT teams should consider their goals and existing resources to accurately estimate outcomes. What services, application dependencies and workload affinity are involved? For example, many teams choose the private cloud for database, disaster recovery, HR, ERP and big data applications.
It’s also crucial to have leadership on board before building a VPC. This process is a team effort, and having the support and buy-in of company stakeholders will make everything more efficient.
Once those factors are addressed, take the following steps to build a virtual private cloud infrastructure:
Set up compute, network and storage resources with clusters. Typically, a private cloud starts with at least two machines or clusters that can be loaded with all the resources a VM needs.
Install management software for the hardware. Usually, the software is specific to the stack, but Nutanix installations combine hardware and software, so admins can skip this step.
Choose and configure a backup solution (on a per-VM or full-cloud basis) and set up servers for redundancy.
Configure private and public network addresses and NAT if the workload specifications require it.
Define admin roles and add users. Set up security policies and authentication methods.
Install applications, provision VMs and create storage containers. Create VM templates and configure licensing where necessary.
Publish application blueprints and make them available to developers for self-service provisioning.
“Whether it be because of AI, sustainability, or security imperatives, IT organizations are facing ever-increasing pressure to modernize their IT infrastructure quickly,” Caswell said.
That modernization will continue to be crucial. VPCs can play an important role in an organization’s digital transformation.
This is an update to original article published on January 25, 2023
Dipti Parmar is a marketing consultant and contributing writer to Nutanix. She’s a columnist for major tech and business publications such as IDG’s CIO.com, Adobe’s CMO.com, Entrepreneur Mag, and Inc. Follow Dipti on Twitter @dipTparmar or connect with her on LinkedIn for little specks of gold-dust-insights.
Joey Held contributed to this story.
© 2024 Nutanix, Inc. All rights reserved. For additional information and important legal disclaimers, please go here.
