Understanding VPC and how to operate securely on the cloud (Part 1 — Introduction)

VPC stands for Virtual Private Cloud, which is a public cloud capability that provides you with the ability to define and control isolated virtual networks and then deploys cloud resources into those networks.

VPC is an essential skill you need to possess in your public cloud journey

Some of the concept to understand when working with VPC includes

1. Projects, Networks & Subnetworks
2. Regions & Zones
3. IP addresses
4. Routes & Firewall rules

For this course, all explanation will be demonstrated using the Google Cloud Platform, nevertheless, the concept learned here applies across all cloud service providers (AWS, Microsoft Azure, IBM & others)

In this course, we will focus on setting up virtual machines (VMs) from a network perspective, hence given us a clear understanding of how the VPC networks secure VM from external attacks.

Here is a quick high-level overview of the above concepts

Projects encompass every single service been used including networks. This associates objects and services with billing and contains a default quota 5 networks that can be shared with other projects or peered with networks in other projects.
NB The number of network quota be increased based on request

Networks this comes in 3 different mode default, auto & custom mode. Networks don’t exist with an IP address range and it’s global and spans across all available regions. All networks can be segregated using regional subnetworks.
Let's explore the different mode of the network in more details

VPC Network types

The image above shows a detail description of the difference between the different types of network
On the network level, it's easy to switch from an auto mode network to custom mode network but not the other way round

Next, we will be looking at how the isolation of virtual networks works across projects and regions.

Network Isolate System

The diagram above shows a project with 5 different networks, running 4 different VMs in different regions. This diagram is descriptive and lets us understand the following;
1. VMs on the same network can communicate over an internal IP even if they are in different regions
2. VMs on the same regions and different network can only communicate via an external IP address

Subnetworks: This works on a regional scale because a region contains several zones, subnetworks works across zones. The subnet is simply an IP address range which can be used by the various resource in the network.
All subnet usually have 4 reserved IP address range, these are the first and last 2 IP address range which make the other range available for the resources on the cloud.

This diagram is descriptive and lets us understand the following;
1. VMs or resources can be on the same subnet but in different zones
2. IP address 10.0.0.0 & 10.0.0.1 are reserved for the subnet gateway making 10.0.0.2 & 10.0.0.3 available for use by the resources
3. Resource on the same network communicate using the same subnet IP address, thus making it possible to apply a single firewall rule to both resources (VMs) even though they are on different zones

Congratulations for reading this far.
Understanding VPC and how to operate securely on the cloud (Part 2— Introductory Demo)