What is a Virtual Private Cloud (VPC)
A Virtual Private Cloud (VPC) allows you to virtually create a private and isolated network in the cloud. Just as a virtual private network (VPN) provides secure data transfer over the public Internet, a VPC provides secure data transfer between a private enterprise and a public cloud provider. This ensures that each customer's data remains isolated from other customer's data, both in transit and inside the cloud provider's network. This isolation can be accomplished using security policies that require some – or all – of the following elements: private IP addressing, tunneling, encryption, or allocating a unique VLAN to each customer.
You can choose to use a Virtual Private Cloud as it best suits your needs:
- Host your applications in a VPC and take advantage of its dedicated load balancer features
- Configure your own firewall rules to apply to your CloudHub workers.
- Connect your VPC to your corporate intranet––whether on-premises or in other clouds via a VPN connection as if they were all part of a single, private network.
- Set your private DNS server so the workers hosted in your VPC communicate with your internal network using your private hostnames
How does a VPC work?
In Virtual Private Clouds, a public cloud provider isolates a specific portion of their public cloud infrastructure to be provisioned for private use. The VPC infrastructure is managed by a public cloud vendor, but the resources allocated to a VPC are not shared with any other customer.
CloudHub is the cloud-based PaaS component of Anypoint Platform. In the default Cloudhub configuration, all CloudHub workers reside in a multi-tenant public cloud, balanced by a publicly accessible load balancer, Anypoint Virtual Private Cloud grants you a logically private and isolated network dedicated to host your CloudHub worker instances.
You can also choose to expose or block your custom ports using your own firewall rules, and even block requests to your apps coming from CloudHub’s publicly accessible load balancer so you balance your requests using your own dedicated load balancer.
Each VPC can host one or more dedicated load balancers with a DNS, which is a record that you can add to your own DNS CNAME record to point to. This way, you can configure your VPC’s load balancer to handle requests to your own domain.
Alternatively, you can connect this network to any other network via a secure VPN connection. This allows CloudHub workers to access resources behind your corporate firewall. You can leverage an IPSec gateway or Amazon Web Services (AWS) Direct Connect for VPN connectivity.
What are the advantages of Anypoint Virtual Private Cloud?
With Anypoint Virtual Private Cloud (VPC), you can securely connect your corporate data centers and on-premises applications to the cloud as if they were all part of a single, private network. You can choose from industry standard encryption standards IPSec or SSL, and secure your network at the hardware or software levels. This allows you to:
- Create secure virtual networks within CloudHub
- Connect CloudHub to assets behind your firewall
- Connect CloudHub to another public cloud
- Deploy Mule runtimes anywhere, securely
Take a look at more information about Anypoint Virtual Private Cloud.
The graphic below shows a default VPC architecture: