Last updated: 2019-07-30 18:51:21PDF
The Virtual Private Cloud is a customizable logically isolated network space. In a VPC, you can customize network segmentation, IP address and routing policy, and deploy Cloud Virtual Machine, Cloud Load Balance, Cloud Database and other cloud service resources. The VPC on Tencent Cloud provides easy access to the Internet and a variety of connection methods to connect to your data center, allowing you to quickly deploy the hybrid cloud. Also, Tencent Cloud VPC Peering Connection and Classiclink can enable you to easily connect private network resources, helping you achieve "one server covering the globe" and disaster recovery at "two regions, three centers". In addition, the Network ACL and Security Group on Tencent Cloud VPC help you ensure the network security in a multi-dimensional and all-round manner.
Customizing the Network
You can customize VPC network segment, subnet network segment, and routing policy through the console or API. You can also further divide your network into multiple subnets and deploy applications and services across subnets. In addition, you can flexibly manage the network forwarding traffic of resources in VPC, public network, and hybrid cloud by setting a reasonable routing policy.
Flexible and High-performance Internet Access
Tencent Cloud VPC provides you with flexible and high-performance Internet connection methods, including elastic IP, NAT gateway and public network gateway.
|Elastic IP (EIP)||Elastic IP (EIP) is a public IP address that can be applied for independently. It supports dynamic binding and unbinding to instances (such as CVMs and NAT gateways). Typical application scenarios include:
|NAT Gateway||NAT gateway is a way for VPC to access the Internet, which is able to translate private and public IP addresses within a VPC when the private and public networks are isolated. Typical application scenarios include:
|Public Network Gateway||Public network gateway is a type of CVM which is able to forward the traffic between the Internet and VPCs. A CVM without a public IP can access the Internet via public network gateway.|
Stable and Reliable User Data Center Connection
If you want to build your enterprise's hybrid cloud deployment, namely, to connect your cloud computing resources and local data centers, you can use public network VPN/Direct Connect.
- VPN Connection is a method to connect your IDC and Tencent Cloud VPC through public network encrypted tunnels. You can create VPN gateways of your VPC, peer gateways for your IDC and VPN tunnels supporting IPsec encryption protocols on the console to realize the secure communication between VPC and your local data center, thus completing the hybrid cloud deployment quickly.
- Direct Connect is a service used to connect your data center and Tencent Cloud computing resources located in multiple regions through physical Direct Connect, which can help you build a flexible and reliable hybrid cloud network connection. Direct Connect supports master/slave hot backup, SLA service assurance and interconnection across regions at home and abroad, which can fully meet high-quality network interconnection requirements of fields such as finance.
Flexible Resource Interconnection on Tencent Cloud
The interconnection between resources in a VPC and other cloud resources can be achieved through peering connection and Classiclink.
- Peering Connection is a service that connects two VPCs and makes them combined into one VPC in a sense. It can help you achieve "one server covering the globe" and disaster recovery deployment at "two regions, three centers" easily.
- Classiclink is a service that associates CVMs in the basic network with specified VPCs to allow them to communicate with each other, thus achieving the smooth connection of private network resources.
Multi-dimensional and Comprehensive Security Protection
The resource access control for port and instance dimensions can be achieved through network ACLs and security groups, which can help you improve the security of CVMs.
- Access Control List (ACL) is a stateless optional layer of security at the subnet level which can be used as a firewall to control the traffic in and out of subnets (accuracy up to protocol and port dimensions).
- Security Group is an instance-level virtual firewall with packet filtering function, which is used to set network access control for one or more instances. You can add CVM instances with the same network security isolation requirements in the same region to the same security group, to securely filter the outbound and inbound traffic of the CVM through the network policy.