The best of two worlds: A virtual private cloud (VPC) offers you the flexibility and cost-efficiency of the public cloud together with the security of a private cloud. In the Open Telekom Cloud, the setup of a VPN is a key prerequisite as a fundamental security measure for the use of almost all cloud resources. Every user receives at least one VPC.
A VPC lets a company build its own private environment on a shared public cloud infrastructure. This approach gives it an area that is logically isolated from that of all other public cloud tenants – a private, secure place for data.
For security and privacy reasons, many companies do not want to store their data in public cloud environments where they must share resources with other users. Accordingly, they set up a private cloud on their own servers or in a leased data center, with only company employees having access. However, operating such a private cloud is sometimes expensive as well as a burden on IT management.
A virtual private cloud is an alternative to the private cloud. It provides an environment within a public cloud that is strictly separated from other users’ areas. As an example, imagine the infrastructure of a cloud provider as a restaurant with tables. In a public cloud, users share resources – in other words, they take a seat at the tables that are currently free. A virtual private cloud is like a reserved table where only certain guests are allowed to sit.
A Virtual Private Cloud operated by Open Telekom Cloud offers several advantages over a self-operated and managed private cloud.
- Agility: You can adapt the size of your virtual network to the needs of your business at any time and dynamically scale the resources used.
- Availability: Through redundant resources and highly fault-tolerant architectures, Deutsche Telekom can ensure availability for applications and workloads that most companies cannot manage.
- Affordability: VPC customers can take advantage of the cost-efficiency of a public cloud, such as savings on hardware costs, while reducing the burden on their IT management.
The Virtual Private Cloud of the Open Telekom Cloud consistently separates the virtual resources of different users in several ways.
- Reserved IP address range: The Open Telekom cloud reserves a cloud-internal IP address range for a tenant (contract), to which only the user in question has access. This prevents other users – even accidentally – from accessing the services there. The network configuration and the configuration of the Dynamic Host Configuration Protocol (DHCP) service enables the Virtual Private Cloud to connect to other networks, including the Internet, of course. Corresponding ports are released within the Open Telekom Cloud. Via IP VPN or Elastic IP, resources or services can be made available to specific user groups. The Open Telekom Cloud supports the IPv6 protocol and the Destination/Source Network Address Translation (DNAT/SNAT) procedure. With the latter, several private IP addresses on the Open Telekom Cloud can be addressed via a common public IP address. Static Network Address Translation (SNAT) is available via an integrated NAT gateway.
- Isolated network resources: Software-defined networking is also used on the Open Telekom Cloud. Among other things, this technology enables the virtualization of cloud-internal network resources, detached from the underlying network hardware. This way, it is possible to set up virtual network resources for each user and isolate them completely from those of other users.
- Multidimensional access protection: Within their own VPC, users can also set up multidimensional access protection by using security groups and firewalls and thus restrict access accordingly.
A stable and fast connection to users' networks is crucial for effective use of the VPC of the Open Telekom Cloud. By default, every user can access the Open Telekom Cloud via the public Internet – encrypted via a virtual private network (VPN), of course. However, users share the connection over the Internet with others, which can have a negative impact on stability and speed. Companies therefore often prefer a dedicated connection via Direct Connect or PLAS (Private Link Access Service).
Direct Connect is an individual communication channel to the Open Telekom Cloud, ordered in bandwidths between 1 MBit and 10 Gigabits per second (Gbit/s). However, it requires quite a high degree of configuration effort because Deutsche Telekom has had to install and configure additional hardware in the data center for this purpose.
PLAS, on the other hand, enables a connection with little effort via Ethernet Connect or IntraSelect using multi-protocol label switching (MPLS). This approach enables companies to connect their corporate network to the Open Telekom Cloud with even higher availability and stability at up to 100 Gbit/s.
Companies also often need to connect resources within the Open Telekom Cloud – for example, a data storage unit with an HPC cluster for big-data calculations. Connecting these solutions over the Internet would entail additional costs and performance sacrifices. For such cases, the Open Telekom Cloud therefore offers VPC endpoints (VPCEP) that efficiently connect services without the need for an Elastic IP, NAT gateway, VPN, or PLAS connection.