virtual private cloud (VPC)

What is virtual private cloud (VPC)?

A virtual private cloud (VPC) is the division of a service provider's public cloud multi-tenant architecture to support private cloud computing. VPCs are, therefore, a private cloud hosted within a public cloud architecture. This model enables an enterprise to achieve the benefits of private clouds (such as more granular control over virtual networks and an isolated environment) while using public cloud resources.

Before fully understanding a VPC, an understanding of both public and private cloud architectures is needed.

  • Public clouds are a third-party managed platform that uses the standard cloud computing model to make resources and services available to remote users. Public cloud customers share resources with other public cloud tenants, and public cloud resources typically include virtual machines (VMs), applications or storage. Services can include databases, firewalls, load balancers, management tools and other platform as a service (PaaS) or software as a service (SaaS) elements.
  • Private clouds are a type of cloud computing that delivers similar advantages to a public cloud, but through a proprietary architecture. A private cloud is a single-tenant computing infrastructure and environment, meaning the organization using it doesn't share resources with other users.

VPCs are a public cloud offering that lets an organization establish its own private cloud-like computing environment on shared public cloud infrastructure. A VPC runs on shared infrastructure like a public cloud does but isolates customers from each other. VPC resources are then reserved for use for each specific customer. The isolation creates a private and more secure public cloud.

Virtual private cloud vs. on-premises private cloud.
While a private cloud is a proprietary architecture reserved for one party, a virtual private cloud (VPC) is hosted on a public cloud service while acting as a private cloud.

The terms private cloud and virtual private cloud are sometimes used incorrectly as synonyms. There is a distinct difference -- in a traditional, on-premises private cloud model, an enterprise's internal IT department acts as a service provider and the individual business units act as tenants. With a VPC, a public cloud provider acts as the service provider, and the cloud's subscribers are the tenants.

How a virtual private cloud works

In a virtual private cloud model, the public VPC provider is responsible for ensuring that each cloud customer's data remains isolated from every other customer's data both in transit and inside the cloud provider's network. This is accomplished through the use of security policies requiring some -- or all -- of the following elements: by allocating a unique virtual local area network (VLAN) to each customer, by providing a subnet or a virtual private network (VPN).

  • VLAN is a type of local area network. VLANs are a logical overlay network that groups together devices that share a physical LAN and isolates the traffic for each group. In a VPC, a VLAN divides the network for private use.
  • Subnet is a segmented piece of a larger network. Subnets are logical partitions of an IP network into multiple, smaller network segments. In a VPC, these act as private IP addresses that are not publicly accessible through the internet.
  • VPNs provide both encryption and tunneling to a virtual private cloud. VPNs are typically used in VPCs to keep tenant data private while that data passes in and out of the VPC.

A virtual private cloud user can define and directly manage network components, including IP addresses, subnets, network gateways and access control policies.

Deployable cloud resources in an isolated virtual network include compute, storage and networking resources.

Virtual private cloud features

The most notable features that come with VPCs include the following:

  • Availability. Availability is provided by redundancy and an architecture that supports fault-tolerant availability zones.
  • Connectivity options. VPCs can also connect to resources such as on-premises data centers, the internet and other VPCs.
  • IP addressing. This feature, enabled by some providers, can create IPv4 and IPv6 subnets. Users may also have different options to assign public IP addresses to an instance.
  • Scaling. Resources are scalable when needed. Tenants control the size of their virtual network whenever there is a need to scale up or down.
  • Security. VPCs are logically isolated networks, meaning data and applications are separated from other tenants.

Benefits and challenges of virtual private clouds

Using a VPC includes some of the following benefits:

  • VPCs enable an enterprise to tap into some of the benefits of private clouds (like more granular network control) while still using off-premises public cloud resources in a pay-as-you-go model.
  • Another benefit of VPCs is enabling a hybrid cloud deployment. An organization can use a VPC as an extension of its own data center without dealing with the complexities of building an on-premises private cloud.
  • Security measures are commonly taken to isolate VPC tenants from one another, like using VPNs, VLANs and subnets.
  • VPCs are scalable since they are hosted by a public cloud provider.
Physical view of an optimal hybrid cloud network.
A benefit of virtual private clouds is they enable a hybrid cloud deployment.

Despite the benefits of VPCs, they can also introduce some challenges, such as the following:

  • Configuring, managing and monitoring a VPN might be complex for an organization using a VPC.
  • Businesses in highly regulated industries with strict compliance requirements might face limitations on which kinds of applications and data they can place in a VPC.
  • While VPCs operate on a pay-as-you-go model, they still normally cost more to operate than standard cloud hosting.

Virtual private cloud providers

Most leading public infrastructure as a service (IaaS) providers provide a VPC, including, for example, Amazon Web Services (AWS), IBM and Google.

  • Amazon Virtual Private Cloud is AWS's VPC. The service enables a developer to create a virtual network for resources in an isolated section of the Amazon Web Services cloud.
  • Google Cloud Platform is part of Google's cloud service. Google Cloud Platform is a suite of cloud computing services, including computing, storage, data analytics and machine learning. Resources from Google Cloud can be provisioned, connected and isolated as a VPC.
  • IBM Cloud VPC is IBM's VPC service that was designed for cloud-native workloads. IBM Cloud VPC builds on the controls and features found in the IBM Cloud platform. As such, Cloud VPC offers connectivity options and integration with all of IBM's Cloud platform capabilities.

Before it commits to a VPC, an organization should also verify that all of the resources and services it wants to use from its chosen public cloud provider are available via that provider's VPC.

Learn more about VPC services, including AWS VPC and how it compares to Microsoft Azure's VNet.

This was last updated in March 2023

Continue Reading About virtual private cloud (VPC)

Dig Deeper on Cloud infrastructure design and management

Data Center