What Are VPCs and Subnets in Cloud Computing & How Do They Work?
Cloud computing has brought significant changes to how we imagine computing resources.
Cloud providers have removed the need to worry about expensive hardware or the maintenance of complex infrastructures and have made it possible to access and set up low- to high-end computing resources on demand at affordable costs.
In the world of cloud computing, you may encounter the termsVPCsandsubnets. So, what do they mean, and how do they work?
What Is a VPC?
VPC is the acronym forvirtual private cloud. A VPC, as the term implies, is a virtual private environment you can create in the cloud.
A VPC is usually offered as a service in public clouds by cloud providers, but with a VPC, you get a secure and isolated network within the provider’s infrastructure in which you can create and manage resources.
A VPC can be likened to on-premise infrastructure, where you set up and configure all your computing resources in one place because you own them all. The only difference here is that you don’t own or maintain the hardware, and you could easily scale your infrastructure up or down based on your requirements.
To find the VPC service on top cloud platforms, search for the VPC service on AWS, Google Cloud, and IBM Cloud; on Azure, it’s called virtual network; and on Oracle, it’s called virtual cloud network.
How Does a VPC Work?
Having learned that a VPC allows you to create a network of resources in a logically isolated section of the cloud, it is important to understand the important points about how VPCs work.
When creating a VPC, you get to define a range of IP addresses for it. This IP address range divides the VPC intosubnets, which can be further divided into smaller subnets as needed.
Each subnet is associated with a specificavailability zone, which is a distinct physical location within a cloud provider’s infrastructure. You also configuresecurity groups (firewall),access control lists, androute tablesto control network access and traffic flow within the network.
A VPC usually spans all available zones in the region it is created. For example, the image below shows an Amazon VPC created in a region with only two availability zones.
It is also noteworthy that, with the use of virtual private networks (VPNs), it is possible to create multiple isolated environments within a single VPC. This is useful for organizing resources and providing different levels of network access to different users.
The idea ofVPNsand other networking concepts becomes clearer when youlearn more about how networking works.
What Is a Subnet?
“Subnet” is short for “subnetwork.” A subnet is a smaller network found within a larger network. When you create a VPC on a cloud platform, you assign a range of unique IP addresses to it. Each distinct IP address serves to identify a subnet of the VPC.
Resources within the same subnet can exchange data with one another without the need for routing through a larger network. For example, aLinux server deployedin a subnet would have direct access to aPostgres database deployedwithin the same subnet.
Types of Subnets in the Cloud
There are mainly two types of subnets in cloud computing:
Apublic subnetis directly accessible from the internet. Resources deployed in public subnets are usually assigned public addresses, which can be used to communicate directly with the internet.
Public subnets are used to deploy resources that need to be publicly accessible on the internet, such as load balancers and public APIs.
Aprivate subnetis a subnet that is not directly accessible from the internet (doesn’t have a public IP address). Private subnets can only be accessed from within the VPC (only resources within the VPC can communicate with them).
Resources deployed in private subnets are usually only accessible within the network through a NAT (Network Address Translation) gateway. Private subnets are used to deploy resources that don’t need public access, such as application servers and databases, which improves network security by limiting the exposure of resources to the internet.
In addition to public and private subnets, there are also shared subnets and isolated subnets. Shared subnets can be accessed by multiple VPCs, while isolated subnets are only accessible within a single VPC.
How Do Subnets Work?
Subnets allow you to segment your cloud resources into isolated networks with separate IP address ranges. This segmentation provides a way to control network traffic flow between resources, improve network performance, and enhance security.
Each subnet in the cloud has its own set of network access control rules, which can be used to restrict inbound (incoming) and outbound (outgoing) traffic to specific IP addresses or ranges. This provides an additional layer of security to your cloud resources, helping to prevent unauthorized access.
The following image shows a complete infrastructure within the VPC visualized above. Note the four subnets, two private and two public, the route tables to regulate traffic within the VPC, the NAT gateway, the internet gateway, and the other resources such as the load balancer and EC2 instances.
Understanding VPCs and Subnets in the Cloud
VPCs and subnets are essential components of cloud computing infrastructure. With a VPC, you can create an isolated network within a cloud provider’s infrastructure, and with subnets, you can divide your IP address range into smaller and more manageable segments.
It is also recommended to always have all your application’s resources, such as virtual machines (e.g., EC2 instances) and databases (e.g., Amazon RDS instances), deployed within a VPC rather than randomly deploying them across different defaults as provided by the cloud provider.
The cloud consists of countless servers, and malware can target those computers just like any other. How do we keep the machines in the cloud safe?
Your phone is a better editor than you give it credit for.
Sometimes the smallest cleaning habit makes the biggest mess.
Flagship price, mid-range phone.
My foolproof plan is to use Windows 10 until 2030, with the latest security updates.
Free AI tools are legitimately powerful; you just need to know how to stack them.
