Alibaba Virtual Private Cloud (Alibaba Cloud VPC) is a service that lets you launch Alibaba Cloud resources in a logically isolated virtual network that you define. You have complete control over your virtual networking environment, including selection of your own IP address range, creation of subnets, and configuration of route tables and network gateways. You can use both IPv4 and IPv6 for most resources in your virtual private cloud, helping to ensure secure and easy access to resources and applications.
As one of Alibaba Cloud's foundational services, Alibaba Cloud VPC makes it easy to customize your VPC's network configuration. You can create a public-facing subnet for your web servers that have access to the internet. It also lets you place your backend systems, such as databases or application servers, in a private-facing subnet with no internet access. Alibaba Cloud VPC lets you use multiple layers of security, including security groups and network access control lists, to help control access to Alibaba EC2 instances in each subnet.
Use cases of VPC
- Host a simple, public-facing website
Host a basic web application, such as a blog or simple website, in a VPC and gain the additional layers of privacy and security afforded by Alibaba Cloud VPC. You can help secure the website by creating security group rules which allow the web server to respond to inbound HTTP and SSL requests from the internet while simultaneously prohibiting the web server from initiating outbound connections to the internet. Create a VPC that supports this use case by selecting "VPC with a Single Public Subnet Only" from the Alibaba Cloud VPC console wizard.
Host multi-tier web applications
Host multi-tier web applications and strictly enforce access and security restrictions between your web servers, application servers, and databases. Launch web servers in a publicly accessible subnet while running your application servers and databases in private subnets. This will ensure that application servers and databases cannot be directly accessed from the internet. You control access between the servers and subnets using inbound and outbound packet filtering provided by network access control lists and security groups. To create a VPC that supports this use case, you can select "VPC with Public and Private Subnets" in the Alibaba Cloud VPC console wizard.
- Back up and recover your data after a disaster
By using Alibaba Cloud VPC for disaster recovery, you receive all the benefits of a disaster recovery site at a fraction of the cost. You can periodically back up critical data from your data center to a small number of Alibaba EC2 instances with Alibaba Elastic Block Store (EBS) volumes, or import your virtual machine images to Alibaba EC2. To ensure business continuity, Alibaba Cloud VPC allows you to quickly launch replacement compute capacity in Alibaba Cloud. When the disaster is over, you can send your mission critical data back to your data center and terminate the Alibaba EC2 instances that you no longer need.
- Extend your corporate network into the cloud
Move corporate applications to the cloud, launch additional web servers, or add more compute capacity to your network by connecting your VPC to your corporate network. Because your VPC can be hosted behind your corporate firewall, you can seamlessly move your IT resources into the cloud without changing how your users access these applications. Furthermore, you can host your VPC subnets in Alibaba Cloud Outposts, a service that brings native Alibaba Cloud services, infrastructure, and operating models to virtually any data center, co-location space, or on-premises facility. Select "VPC with a Private Subnet Only and Hardware VPN Access" from the Alibaba Cloud VPC console wizard to create a VPC that supports this use case.
Securely connect cloud applications to your datacenter
An IPsec VPN connection between your Alibaba Cloud VPC and your corporate network encrypts all communication between the application servers in the cloud and databases in your data center. Web servers and application servers in your VPC can leverage Alibaba EC2 elasticity and Auto Scaling features to grow and shrink as needed. Create a VPC to support this use case by selecting "VPC with Public and Private Subnets and Hardware VPN Access" in the Alibaba Cloud VPC console wizard.
Alibaba's VPC functionality:
- Create a Virtual Private Cloud on Alibaba Cloud's scalable infrastructure, and specify its private IP address range from any block you choose.
- Divide your VPC's private IP address range into one or more subnets in a manner convenient for managing applications and services you run in your VPC.
- Bridge together your VPC and your IT infrastructure via an encrypted VPN connection.
- Add Alibaba Cloud resources, such as Alibaba EC2 instances, to your VPC.
- Route traffic between your VPC and the Internet over the VPN connection so that it can be examined by your existing security and networking assets before heading to the public Internet.
- Extend your existing security and management policies within your IT infrastructure to your VPC as if they were running within your infrastructure.
To get started you'll need to not only sign up but create a VPN connection to your own network from Alibaba's datacenter. You'll need information about your hardware such as its IP address and other networking-related data.
As one of Alibaba Cloud's foundational services, Alibaba Cloud VPC makes it easy to customize your VPC's network configuration. You can create a public-facing subnet for your web servers that have access to the internet. It also lets you place your backend systems, such as databases or application servers, in a private-facing subnet with no internet access. Alibaba Cloud VPC lets you use multiple layers of security, including security groups and network access control lists, to help control access to Alibaba EC2 instances in each subnet.
Use cases of VPC
- Host a simple, public-facing website
Host a basic web application, such as a blog or simple website, in a VPC and gain the additional layers of privacy and security afforded by Alibaba Cloud VPC. You can help secure the website by creating security group rules which allow the web server to respond to inbound HTTP and SSL requests from the internet while simultaneously prohibiting the web server from initiating outbound connections to the internet. Create a VPC that supports this use case by selecting "VPC with a Single Public Subnet Only" from the Alibaba Cloud VPC console wizard.
Host multi-tier web applications
Host multi-tier web applications and strictly enforce access and security restrictions between your web servers, application servers, and databases. Launch web servers in a publicly accessible subnet while running your application servers and databases in private subnets. This will ensure that application servers and databases cannot be directly accessed from the internet. You control access between the servers and subnets using inbound and outbound packet filtering provided by network access control lists and security groups. To create a VPC that supports this use case, you can select "VPC with Public and Private Subnets" in the Alibaba Cloud VPC console wizard.
- Back up and recover your data after a disaster
By using Alibaba Cloud VPC for disaster recovery, you receive all the benefits of a disaster recovery site at a fraction of the cost. You can periodically back up critical data from your data center to a small number of Alibaba EC2 instances with Alibaba Elastic Block Store (EBS) volumes, or import your virtual machine images to Alibaba EC2. To ensure business continuity, Alibaba Cloud VPC allows you to quickly launch replacement compute capacity in Alibaba Cloud. When the disaster is over, you can send your mission critical data back to your data center and terminate the Alibaba EC2 instances that you no longer need.
- Extend your corporate network into the cloud
Move corporate applications to the cloud, launch additional web servers, or add more compute capacity to your network by connecting your VPC to your corporate network. Because your VPC can be hosted behind your corporate firewall, you can seamlessly move your IT resources into the cloud without changing how your users access these applications. Furthermore, you can host your VPC subnets in Alibaba Cloud Outposts, a service that brings native Alibaba Cloud services, infrastructure, and operating models to virtually any data center, co-location space, or on-premises facility. Select "VPC with a Private Subnet Only and Hardware VPN Access" from the Alibaba Cloud VPC console wizard to create a VPC that supports this use case.
Securely connect cloud applications to your datacenter
An IPsec VPN connection between your Alibaba Cloud VPC and your corporate network encrypts all communication between the application servers in the cloud and databases in your data center. Web servers and application servers in your VPC can leverage Alibaba EC2 elasticity and Auto Scaling features to grow and shrink as needed. Create a VPC to support this use case by selecting "VPC with Public and Private Subnets and Hardware VPN Access" in the Alibaba Cloud VPC console wizard.
Alibaba's VPC functionality:
- Create a Virtual Private Cloud on Alibaba Cloud's scalable infrastructure, and specify its private IP address range from any block you choose.
- Divide your VPC's private IP address range into one or more subnets in a manner convenient for managing applications and services you run in your VPC.
- Bridge together your VPC and your IT infrastructure via an encrypted VPN connection.
- Add Alibaba Cloud resources, such as Alibaba EC2 instances, to your VPC.
- Route traffic between your VPC and the Internet over the VPN connection so that it can be examined by your existing security and networking assets before heading to the public Internet.
- Extend your existing security and management policies within your IT infrastructure to your VPC as if they were running within your infrastructure.
To get started you'll need to not only sign up but create a VPN connection to your own network from Alibaba's datacenter. You'll need information about your hardware such as its IP address and other networking-related data.
No comments:
Post a Comment
Hi, Leave a comment here and one of the binary piper's will reply soon :)