Learning Library

← Back to Library

IBM Virtual Private Cloud Overview

5m • Unknown Channel • devops • tutorial • intermediate • Watch on YouTube ↗

Key Points

IBM Virtual Private Cloud (VPC) lets you logically isolate cloud resources by defining network segments and routing rules, enabling fast deployment, cost savings, and agile rule changes without physical hardware.
A VPC is organized hierarchically: regions (geographic areas) contain zones (isolated infrastructure locations), which in turn hold subnets that partition IP spaces for different workloads.
When building a three‑tier architecture (web, app, database), you assign CIDR blocks (e.g., 10.10.0.0/24 for the web tier) and use security groups as virtual firewalls plus ACLs to tightly control inbound and outbound traffic for each tier.
High‑availability is achieved by replicating the same tiered resources across multiple zones, allowing automatic failover if a zone experiences a failure.

Sections

00:00:00 Understanding IBM Virtual Private Cloud - The speaker outlines IBM's VPC, its benefits, and key components such as regions, zones, subnets, and network design for a three-tier application.

Full Transcript

# IBM Virtual Private Cloud Overview **Source:** [https://www.youtube.com/watch?v=gffPD-mOBi8](https://www.youtube.com/watch?v=gffPD-mOBi8) **Duration:** 00:05:00 ## Summary - IBM Virtual Private Cloud (VPC) lets you logically isolate cloud resources by defining network segments and routing rules, enabling fast deployment, cost savings, and agile rule changes without physical hardware. - A VPC is organized hierarchically: regions (geographic areas) contain zones (isolated infrastructure locations), which in turn hold subnets that partition IP spaces for different workloads. - When building a three‑tier architecture (web, app, database), you assign CIDR blocks (e.g., 10.10.0.0/24 for the web tier) and use security groups as virtual firewalls plus ACLs to tightly control inbound and outbound traffic for each tier. - High‑availability is achieved by replicating the same tiered resources across multiple zones, allowing automatic failover if a zone experiences a failure. ## Sections - [00:00:00](https://www.youtube.com/watch?v=gffPD-mOBi8&t=0s) **Understanding IBM Virtual Private Cloud** - The speaker outlines IBM's VPC, its benefits, and key components such as regions, zones, subnets, and network design for a three-tier application. ## Full Transcript

0:00I am God Gingka dendron and I'm the 0:01asia-pacific CTO for cloud platform and 0:04I'd like to give you an understanding of 0:06IBM virtual private cloud or V PC at a 0:09very high level it is a mechanism to 0:11logically isolate cloud resources by 0:14defining Network segments and routing 0:16rules some of the key benefits of this 0:18virtual private cloud is speed to deploy 0:20network segments and rules quickly 0:23reducing costs without the need for 0:26physical network devices and the agility 0:29to modify network rules as needed so 0:31let's briefly discuss the key concepts 0:34behind IBM V PC it's within a V PC where 0:38we're going to create and design our 0:40network and workload architecture the 0:44first concept we need to be aware of is 0:46the notion of a region a region can be 0:50thought of as a separate geographic area 0:52within a region we can deploy a V PC a V 0:56PC can encapsulate zones which can be 0:59thought of as an isolated infrastructure 1:01location if we wanted to deploy service 1:04for high availability we would do so by 1:06deploying them across multiple zones 1:08within a region within each zone we can 1:13define subnets which logically divides 1:16IP networks by doing so we can place 1:19different compute resources depending on 1:22the routing rules for that subnet and 1:24govern traffic to those resources 1:27considering a three-tier architecture 1:29consisting of a web server app server 1:32and database server we're going to do is 1:36design our network segments according to 1:38those tiers first we have to pick an IP 1:41address range and define it using Saida 1:44block notation we'll assign for zone 1 1:47the 10.10 da-da-da-da-dah 16 IP address 1:51range so basically we'll need to define 1:53subnets within this IP address range for 1:57our web tier let's define 10.10 10.0 - 2:0024 as our IP address range this 2:02basically means we can assign 256 IP 2:05addresses however you have to take into 2:08consideration reserved IP addresses used 2:10by IBM with inside a block range which 2:13leaves us with 251 addresses that can be 2:16used for hosts within this subnet we can 2:19adjust the number of hosts by altering 2:21the netmask value next we can create our 2:25application tier and database tiers with 2:28IP address range 10 10 20 0 - 24 and 2:3210.10 - 24 respectively to restrict 2:36access to the subnets and to the 2:38specific compute resources within each 2:40subnet we can define security group and 2:42access control lists ACLs restrict 2:46inbound and outbound traffic to a subnet 2:49while security groups act like a virtual 2:51firewall and controls traffic to your 2:53virtual servers in our example we can 2:56define a security group for servers in 2:58our web tier that can accept traffic 3:01inbound from port 80 and all outbound 3:04traffic we can define similar security 3:07groups for our app tier and database 3:09tiers for added security we could also 3:13provide ACLs that allow for deny traffic 3:16inbound and outbound so to design an H a 3:19architecture to ensure that in the event 3:21of a resource failure in a particular 3:23zone you can failover to resources in 3:26another zone we can basically replicate 3:29the resource deployment in zone 2 in our 3:33example we will replicate the web app 3:35and database tiers in zone 2 using three 3:38additional subnets the dot 30-20 4.40 3:42dot 50 - 24 respectively we can then 3:45extend out the security groups and apply 3:47the same ACLs and attach this to the 3:49newly created subnets so we have similar 3:52firewall and accessed rules defined in 3:54zone 2 to support user traffic and scale 3:57our environment appropriately you can 3:59attach a public load balancer that will 4:02test back in connectivity to the web 4:04tier servers and we can apply load 4:06balancing rules such as round-robin to 4:09route traffic between each server based 4:13on inbound requests for restricted 4:15subnets we can also attach a private 4:18load balancer with similar load 4:20balancing rules without public facing 4:23accessibility in our example we have a 4:26public load 4:27attached to a web tier and a private 4:29load balancer situated between the web 4:31and application tiers and finally we 4:34have traffic from the application tier 4:36connected to a provisioned database 4:38instance called DB one we can set up 4:41replication policies in DB 1 2 DB 2 and 4:44failover using clustering capabilities 4:46but we have simplified this in the 4:48diagram so this is VP C in a nutshell 4:51for more information follow IBM cloud 4:54[Music]