Virtual Private Cloud (VPC): Isolated Cloud Network in Security

Virtual Private Cloud (VPC)

A virtual private cloud service that provides an isolated cloud network to operate resources in a secure environment.

Console Contact Sales

Overview
Benefits
Features
Scenarios
Documentation

Overview

Overview
Benefits
Features
Scenarios
Documentation

VPC helps you build an isolated network environment based on Alibaba Cloud including customizing the IP address range, network segment, route table, and gateway. In addition, you can connect VPC and a traditional IDC through a leased line, VPN, or GRE to provide hybrid cloud services.

{"moduleinfo":{"benefits":"Benefits","outputBuyBtn4Partner":true,"os_count":[{"count_phone":0,"count":0}],"products_count":[{"count_phone":0,"count":0}],"benefits_count":[{"count_phone":4,"count":4}],"news_count":[{"count_phone":0,"count":0}],"floor":"floor1","outputNews4Partner":"false","regions_count":[{"count_phone":0,"count":0}]},"regions":[],"os":[],"products":[],"benefits":[{"icon":"https://img.alicdn.com/tfs/TB1BdmyXAL0gK0jSZFxXXXWHVXa-108-108.png_.webp","title":"Secure Isolation","content":"Builds an isolated network environment based on Alibaba Cloud. Layer-2 logical isolation is achieved between different VPC instances."},{"icon":"https://img.alicdn.com/tfs/TB1fV5xXET1gK0jSZFhXXaAtVXa-108-108.png_.webp","title":"Flexibility","content":"SDN configures the network as required, customizes the IP address range and route table."},{"icon":"https://img.alicdn.com/tfs/TB1Mu5wXAT2gK0jSZFkXXcIQFXa-108-108.png_.webp","title":"Scalability","content":"Works with multiple products and easily manages Internet portals to provide a hybrid cloud architecture."},{"icon":"https://img.alicdn.com/tfs/TB17FWuXp67gK0jSZPfXXahhFXa-108-108.png_.webp","title":"Free of Charge","content":"Achieve a fully isolated VPC environment for free on the Alibaba Cloud platform."}],"news":[],"$root":{"moduleinfo":{"benefits":"Benefits","outputBuyBtn4Partner":true,"os_count":[{"count_phone":0,"count":0}],"products_count":[{"count_phone":0,"count":0}],"benefits_count":[{"count_phone":4,"count":4}],"news_count":[{"count_phone":0,"count":0}],"floor":"floor1","outputNews4Partner":"false","regions_count":[{"count_phone":0,"count":0}]},"regions":[],"os":[],"products":[],"benefits":[{"icon":"https://img.alicdn.com/tfs/TB1BdmyXAL0gK0jSZFxXXXWHVXa-108-108.png_.webp","title":"Secure Isolation","content":"Builds an isolated network environment based on Alibaba Cloud. Layer-2 logical isolation is achieved between different VPC instances."},{"icon":"https://img.alicdn.com/tfs/TB1fV5xXET1gK0jSZFhXXaAtVXa-108-108.png_.webp","title":"Flexibility","content":"SDN configures the network as required, customizes the IP address range and route table."},{"icon":"https://img.alicdn.com/tfs/TB1Mu5wXAT2gK0jSZFkXXcIQFXa-108-108.png_.webp","title":"Scalability","content":"Works with multiple products and easily manages Internet portals to provide a hybrid cloud architecture."},{"icon":"https://img.alicdn.com/tfs/TB17FWuXp67gK0jSZPfXXahhFXa-108-108.png_.webp","title":"Free of Charge","content":"Achieve a fully isolated VPC environment for free on the Alibaba Cloud platform."}],"news":[]},"$moduleId":"7592743950"}

Benefits

: Secure Isolation
Builds an isolated network environment based on Alibaba Cloud. Layer-2 logical isolation is achieved between different VPC instances.

: Flexibility
SDN configures the network as required, customizes the IP address range and route table.

: Scalability
Works with multiple products and easily manages Internet portals to provide a hybrid cloud architecture.

: Free of Charge
Achieve a fully isolated VPC environment for free on the Alibaba Cloud platform.

{"moduleinfo":{"title":"Features","li_count":[{"count_phone":5,"count":5}]},"li":[{"spm":"a","img":"https://img.alicdn.com/tfs/TB1HoCIXxv1gK0jSZFFXXb0sXXa-108-108.png_.webp","more":[{"p":"Builds an isolated network environment based on Alibaba Cloud. Layer-2 logical isolation is achieved between different VPC instances.","tce_rule_count":"1","title":""},{"p":"Network virtualization","tce_rule_count":"1","title":"Virtual networks are built on a physical network based on the OverLay technology."},{"p":"Full isolation among VPC instances","tce_rule_count":"1","title":"VPC instances are isolated using Vxlan. Layer-2 logical isolation is achieved between different VPC instances to prevent them from communication."}],"h1":"Layer-2 logical isolation","imgAction":"https://img.alicdn.com/tfs/TB1469JXrj1gK0jSZFOXXc7GpXa-108-108.png_.webp"},{"spm":"a","img":"https://img.alicdn.com/tfs/TB1TFWuXp67gK0jSZPfXXahhFXa-108-108.png_.webp","more":[{"p":"You can customize the IP address range, network segment, route table, and gateway. You can also plan and manage the network as needed.","tce_rule_count":"1","title":""},{"p":"You can divide the private IP address of VPC into one or several subnets using VSwitches and deploy applications and other services under the corresponding VSwitch as needed.","tce_rule_count":"1","title":"Subnet division"},{"p":"The route rules of VRouters are configured based on business needs to manage the forwarding routes of VPC traffic.","tce_rule_count":"1","title":"Custom route rules"}],"h1":"Custom network environment","imgAction":"https://img.alicdn.com/tfs/TB1NvCIXuL2gK0jSZFmXXc7iXXa-108-108.png_.webp"},{"spm":"a","img":"https://img.alicdn.com/tfs/TB1b.uxXrj1gK0jSZFOXXc7GpXa-108-108.png_.webp","more":[{"p":"Flexible access control rules are compliant with the secure isolation regulations for government and financial users","tce_rule_count":"1","title":""},{"p":"With the help of the security group function, product instances in VPC can be classified into different security domains and each security domain can have custom access control rules.","tce_rule_count":"1","title":"Security group"},{"p":"RAM can be used to manage network permissions.","tce_rule_count":"1","title":"RAM"}],"h1":"Access control","imgAction":"https://img.alicdn.com/tfs/TB1_v5IXuL2gK0jSZFmXXc7iXXa-108-108.png_.webp"},{"spm":"A","img":"https://img.alicdn.com/tfs/TB16V1xXET1gK0jSZFhXXaAtVXa-108-108.png_.webp","more":[{"p":"Meets the requirement for VPC resources to actively access the Internet and provide external services.","tce_rule_count":"1","title":""},{"p":"EIPs can be bound to cloud product instances of the VPC type in the same region as needed to allow the instances to access the Internet.","tce_rule_count":"1","title":"Internet access"},{"p":"NAT Gateway supports SNAT configuration to meet the needs of VPC resources to actively access the Internet. It also supports DNAT configuration and provides IP address mapping, port mapping, and 10 Gbit/s forwarding capabilities to enable multiple services to share the bandwidth so as to save costs.","tce_rule_count":"1","title":"Internet portal management"}],"h1":"Internet portal management","imgAction":"https://img.alicdn.com/tfs/TB1cEeJXBv0gK0jSZKbXXbK2FXa-108-108.png_.webp"},{"spm":"A","img":"https://img.alicdn.com/tfs/TB13ZayXAH0gK0jSZPiXXavapXa-108-108.png_.webp","more":[{"p":"VPC can be connected to a traditional IDC through leased lines or VPN to build a hybrid cloud.","tce_rule_count":"1","title":""},{"p":"Express Connect can be used to establish an intranet connection between VPC instances in different regions and of different users, to achieve interconnection of user networks on Alibaba Cloud.","tce_rule_count":"1","title":"VPC intranet communication"},{"p":"Through leased lines, VPC can communicate with intranets of an IDC with excellent communication quality to easily build a hybrid cloud.","tce_rule_count":"1","title":"Hybrid cloud architecture"}],"h1":"Hybrid cloud architecture","imgAction":"https://img.alicdn.com/tfs/TB1q_5IXEY1gK0jSZFCXXcwqXXa-108-108.png_.webp"}],"$root":{"moduleinfo":{"title":"Features","li_count":[{"count_phone":5,"count":5}]},"li":[{"spm":"a","img":"https://img.alicdn.com/tfs/TB1HoCIXxv1gK0jSZFFXXb0sXXa-108-108.png_.webp","more":[{"p":"Builds an isolated network environment based on Alibaba Cloud. Layer-2 logical isolation is achieved between different VPC instances.","tce_rule_count":"1","title":""},{"p":"Network virtualization","tce_rule_count":"1","title":"Virtual networks are built on a physical network based on the OverLay technology."},{"p":"Full isolation among VPC instances","tce_rule_count":"1","title":"VPC instances are isolated using Vxlan. Layer-2 logical isolation is achieved between different VPC instances to prevent them from communication."}],"h1":"Layer-2 logical isolation","imgAction":"https://img.alicdn.com/tfs/TB1469JXrj1gK0jSZFOXXc7GpXa-108-108.png_.webp"},{"spm":"a","img":"https://img.alicdn.com/tfs/TB1TFWuXp67gK0jSZPfXXahhFXa-108-108.png_.webp","more":[{"p":"You can customize the IP address range, network segment, route table, and gateway. You can also plan and manage the network as needed.","tce_rule_count":"1","title":""},{"p":"You can divide the private IP address of VPC into one or several subnets using VSwitches and deploy applications and other services under the corresponding VSwitch as needed.","tce_rule_count":"1","title":"Subnet division"},{"p":"The route rules of VRouters are configured based on business needs to manage the forwarding routes of VPC traffic.","tce_rule_count":"1","title":"Custom route rules"}],"h1":"Custom network environment","imgAction":"https://img.alicdn.com/tfs/TB1NvCIXuL2gK0jSZFmXXc7iXXa-108-108.png_.webp"},{"spm":"a","img":"https://img.alicdn.com/tfs/TB1b.uxXrj1gK0jSZFOXXc7GpXa-108-108.png_.webp","more":[{"p":"Flexible access control rules are compliant with the secure isolation regulations for government and financial users","tce_rule_count":"1","title":""},{"p":"With the help of the security group function, product instances in VPC can be classified into different security domains and each security domain can have custom access control rules.","tce_rule_count":"1","title":"Security group"},{"p":"RAM can be used to manage network permissions.","tce_rule_count":"1","title":"RAM"}],"h1":"Access control","imgAction":"https://img.alicdn.com/tfs/TB1_v5IXuL2gK0jSZFmXXc7iXXa-108-108.png_.webp"},{"spm":"A","img":"https://img.alicdn.com/tfs/TB16V1xXET1gK0jSZFhXXaAtVXa-108-108.png_.webp","more":[{"p":"Meets the requirement for VPC resources to actively access the Internet and provide external services.","tce_rule_count":"1","title":""},{"p":"EIPs can be bound to cloud product instances of the VPC type in the same region as needed to allow the instances to access the Internet.","tce_rule_count":"1","title":"Internet access"},{"p":"NAT Gateway supports SNAT configuration to meet the needs of VPC resources to actively access the Internet. It also supports DNAT configuration and provides IP address mapping, port mapping, and 10 Gbit/s forwarding capabilities to enable multiple services to share the bandwidth so as to save costs.","tce_rule_count":"1","title":"Internet portal management"}],"h1":"Internet portal management","imgAction":"https://img.alicdn.com/tfs/TB1cEeJXBv0gK0jSZKbXXbK2FXa-108-108.png_.webp"},{"spm":"A","img":"https://img.alicdn.com/tfs/TB13ZayXAH0gK0jSZPiXXavapXa-108-108.png_.webp","more":[{"p":"VPC can be connected to a traditional IDC through leased lines or VPN to build a hybrid cloud.","tce_rule_count":"1","title":""},{"p":"Express Connect can be used to establish an intranet connection between VPC instances in different regions and of different users, to achieve interconnection of user networks on Alibaba Cloud.","tce_rule_count":"1","title":"VPC intranet communication"},{"p":"Through leased lines, VPC can communicate with intranets of an IDC with excellent communication quality to easily build a hybrid cloud.","tce_rule_count":"1","title":"Hybrid cloud architecture"}],"h1":"Hybrid cloud architecture","imgAction":"https://img.alicdn.com/tfs/TB1q_5IXEY1gK0jSZFCXXcwqXXa-108-108.png_.webp"}]},"$moduleId":"8645396000"}

Features

Layer-2 logical isolation

Builds an isolated network environment based on Alibaba Cloud. Layer-2 logical isolation is achieved between different VPC instances.

Virtual networks are built on a physical network based on the OverLay technology.

Network virtualization

VPC instances are isolated using Vxlan. Layer-2 logical isolation is achieved between different VPC instances to prevent them from communication.

Full isolation among VPC instances
Custom network environment

You can customize the IP address range, network segment, route table, and gateway. You can also plan and manage the network as needed.

Subnet division

You can divide the private IP address of VPC into one or several subnets using VSwitches and deploy applications and other services under the corresponding VSwitch as needed.

Custom route rules

The route rules of VRouters are configured based on business needs to manage the forwarding routes of VPC traffic.
Access control

Flexible access control rules are compliant with the secure isolation regulations for government and financial users

Security group

With the help of the security group function, product instances in VPC can be classified into different security domains and each security domain can have custom access control rules.

RAM

RAM can be used to manage network permissions.
Internet portal management

Meets the requirement for VPC resources to actively access the Internet and provide external services.

Internet access

EIPs can be bound to cloud product instances of the VPC type in the same region as needed to allow the instances to access the Internet.

Internet portal management

NAT Gateway supports SNAT configuration to meet the needs of VPC resources to actively access the Internet. It also supports DNAT configuration and provides IP address mapping, port mapping, and 10 Gbit/s forwarding capabilities to enable multiple services to share the bandwidth so as to save costs.
Hybrid cloud architecture

VPC can be connected to a traditional IDC through leased lines or VPN to build a hybrid cloud.

VPC intranet communication

Express Connect can be used to establish an intranet connection between VPC instances in different regions and of different users, to achieve interconnection of user networks on Alibaba Cloud.

Hybrid cloud architecture

Through leased lines, VPC can communicate with intranets of an IDC with excellent communication quality to easily build a hybrid cloud.

Common Scenarios

On-cloud Intranet
Hybrid Cloud Architecture
External Service Provision
Multi-region High-speed Interconnection

On-cloud Intranet

Fully isolated network environment

The service system can be deployed in both local and on-cloud IDCs. Different service modules are built on Alibaba Cloud VPC to create fully isolated on-cloud environments. On-cloud and off-cloud services are interacted with each other through the Internet.

Advantages

Flexible Configuration

VPC is an SDN that enables you to customize network settings as required. Management operations take effect in real time.
Secure Isolation

VPC instances of different users are fully isolated from each other and do not share the Internet.

Products

Hybrid Cloud Architecture

High-speed data interconnection on and off the cloud

An on-cloud IDC is built on Alibaba Cloud VPC and connected to the off-cloud IDC over a leased line. This protects the user's core data, perfectly copes with service surges and fast data synchronization, and implements a hybrid cloud solution.

Advantages

Enhanced Data Security

Core data is stored in the off-cloud IDC to ensure security.
Service Surge Protection

The on-cloud IDC is used to handle surge of real-time service access.
Fast Data Synchronization

By using leased lines, on-cloud and off-cloud data can be fast synchronized in batches.

Products

External Service Provision

Multiple services share Internet bandwidth

If you create multiple applications based on Alibaba Cloud VPC, where each application must provide external services and their traffic fluctuations are inconsistent, you can share bandwidth among multiple IP addresses to minimize the effect of these fluctuations and reduce costs.

Advantages

External Service Provisioning

Port mapping and IP address mapping are provided, allowing VPC ECS instances to provide external services.
Low-cost

Multiple VPC ECS instances can share Internet bandwidth to optimize costs.
High-performance

NAT Gateway provides the large-bandwidth throughput and a large number of connections.

Products

Multi-region High-speed Interconnection

Widely spread services and high-speed data interconnection

On-cloud services can be built fully based on VPC with users spread across all regions. To speed up user access, networks of the service systems in different nodes must be interconnected with each other at high speed.

Advantages

Secure Isolation

Services are deployed on Alibaba Cloud VPC, which is secure and reliable.
High Reliability

Express Connect is used to connect different VPC instances, ensuring the quality of cross-region interconnection.
High-performance

VPC with Express Connect provides the maximum interconnection bandwidth of 10 Gbit/s, easily meeting the needs of massive applications.

Products

{"moduleinfo":{"category_count":[{"count_phone":3,"count":3}]},"category":[{"link":"/help/product/27706.htm","description":"VPC product documentation","output4Partner":"true","title":"Documentation","target":"_blank"},{"link":"support/developer-resources","description":"API & SDKs for developers","output4Partner":"true","title":"Resources","target":"_blank"},{"link":"product","description":"See more Alibaba Cloud products","output4Partner":"true","title":"Products","target":"_blank"}],"$root":{"moduleinfo":{"category_count":[{"count_phone":3,"count":3}]},"category":[{"link":"/help/product/27706.htm","description":"VPC product documentation","output4Partner":"true","title":"Documentation","target":"_blank"},{"link":"support/developer-resources","description":"API & SDKs for developers","output4Partner":"true","title":"Resources","target":"_blank"},{"link":"product","description":"See more Alibaba Cloud products","output4Partner":"true","title":"Products","target":"_blank"}]},"$moduleId":"5029825140"}