What is a VPC?
A VPC is an on demand configurable pool of resources within a public cloud environment. It is generally isolated in some way from the public internet and perhaps other such private clouds and generally hosted by a public cloud provider like AWS, Google Cloud and so on.
It allows organisations to better control their resources with additional security controls while benefitting from the scalability of the public cloud. You can then run a private network from your on-premises infrastructure to this Virtual Private Cloud and work as if you’ve just scaled your on-premises resources!
Still don’t get it?
Let’s explain with a real world analogy.
If a cul-de-sac is a public cloud with shared infrastructure, then each house in there is a virtual private cloud. Only people who own a specific house there have full rights over that house. Imagine barging into your neighbours house at odd times! You might end up in prison or get shot - depends on where you live.
Some essential terminology
Public cloud is another name for the shared cloud infrastructure that is available to you for consumption via large cloud vendors! Although you cannot see who else is using the infrastructure on the cloud, the cloud vendor decides how resources are managed, and you may choose to reserve a part of this for yourself.
Private cloud 0 the part that you have reserved for your private use is the virtual private cloud.
How is this possible? Are different VPCs hard-wired into different routers?
There are some technology that helps with this. You probably have heard of them and might even know them.
VPN
A virtual private network - sounds very similar to VPC. This concept helps create an encrypted tunnel between two different nodes on the public internet, creating the illusion of having a private network between the two nodes.
VLAN
You guessed the V and the LAN already. If a LAN is a local area network, then VLAN has got to be virtual local area network. This is essentially a technique of partitioning a network at the layer 2 - Data Link Layer of the OSI Model.
Subnet
This is just a range of IP Addresses within a network that are reserved for use for a group of users. In essence, it is a network inside a network. This partitions a larger network into smaller ones.
Putting them together to make a VPC
A dedicated subnet and a VLAN that’s private to the VPC user. No one from the public domain internet can access resources within this VPC. The user connects to the VPC using a VPN, ensuring all data from the source to destination is encrypted and not visible to those not on the public cloud.
Why use a VPC? Why not just create on-premise network?
The reasons are similar to why one would use the cloud in the first place. You don’t have to spend all the money to buy all the network infrastructure up front. You are pretty much getting the benefits of scaling without having to shell out a large sum upfront on networking resources.
Furthermore, you could still mix and match some of your existing on-premises hardware with the virtual private cloud.
VPCs are managed services. This means you don’t have to spend your time patching infrastructure. Cloud providers often have the money and the people to do this for you.