IBM Cloud VPC Solutions

vpc concept IBM Cloud® Virtual Private Cloud (VPC) is a highly resilient and highly secure software-defined network (SDN) for you to build isolated private clouds for your business operations while maintaining essential public cloud benefits.

Key business value

Reduce CapEx on traditional IT network devices (routers, switches, load balancers, firewalls, etc.)
IBM Cloud leads as a secure, trusted, and industry ready cloud
VPC is a purpose built cloud services platform for Power VS, VMware, SAP, IBM Z, and x86 leveraging IBM business process approach, domain knowledge and expertise
Focused on our client’s journey to hybrid IaaS, PaaS, and platform solutions

Support hybrid or multicloud platforms. Streamline workloads across the entire IBM Cloud stack with solutions for VMware, SAP, IBM Z and more.

IBM Cloud VPC is a privately owned software defined network (SDN) with built-in security, regulatory compliance standards, and multiple hardware and software solutions for confidential computing.

Built to spec for quick access, low-cost migration, low latency, and certified security.

Private network in the public cloud

A Virtual Private Cloud (VPC) is a private network in the public cloud.

Get the logical isolation and security of a private cloud
Get the availability, cost effectiveness, and scalability of the public cloud

Top use cases

Use cases

Host and scale web applications. Build your web presence in the cloud, leveraging best-in-class network performance and reliability.
Extending capacity to the cloud. Securely connect to existing data centers, and enable applications to take advantage of the elasticity, agility, and global reach of the public cloud, while leveraging existing IT investments.
Development and Testing. Leverage cloud capabilities to quickly setup and tear down environments on demand

Host and scale web applications

Host your mission critical web application in a global infrastructure with 9 MZRs distributed around the world, all connected via our secure Transit Gateway
Handle spikes in traffic with ease using autoscaling and load balancing
Host your app with the highest level of enterprise security using BYOK/KYOK technology and FIPS certification, (140-2 Level 4)

The following diagram shows a conceptual architecture for enterprise web hosting for production.

web app

Extend capacity to cloud

Seamlessly connect on-premises to IBM Cloud with up to 10Gbps port speed
Automate creating your environment with infrastructure as code and auto scaling rules
Virtual servers are created in seconds to make sure you have the compute capacity you need when you need it – scale to 5000 compute nodes on demand

The following diagram shows a conceptual architecture extending on-premises workloads into the cloud:

scale

IBM Spectrum Computing Suite for High Performance Analytics (HPA) includes capabilities to support hybrid cloud, enabling workloads to be forwarded to multiple clouds (that is, OpenStack, IBM Cloud, Microsoft Azure, Amazon EC2, and Google Compute). Additionally, data can be automatically staged to or from the cloud and the resources that are consumed on the cloud can be auto-scaled based on workload demands and scheduling policies.

Dev Test

DevOps teams can create automated CICD flows that kick off dev and test infrastructure that exists only if they need it. Which means you pay only for what you use.

Resource Groups separate assets across the IBM Cloud, so Dev, QA and Pre-Prod environments remain isolated.

Built-in integrations with Terraform allow Infrastructure as Code capabilities to be built into workflows

The following diagram summarizes the DevTest grouping using VPCs.

vpc devtest

Add compute, storage, networking

Choose your compute, storage and networking resources and we’ll provide maximum availability and scalability, plus a variety of cost-effective options for your workload demands. Such as:

For more information about how to combline compute, storage, and networking in your VPC, see VPC Architectures.

For deployment steps, see VPC Deployment.

Capabilities

Key capabilities

IBM Kubernetes Service (IKS) integration allowing for you to deploy and manage IKS worker nodes into your VPC networks
Developer-friendly API integrates to existing tooling
Terraform supported to easily define VPC-enabled solutions and manage the lifecycle of cloud resources in an automated fashion
VPC users and permissions are fully integrated into IAM and the IBM Cloud Platform
Bring your own IPs (BYOIP) greatly improved in VPC, especially for overlapping IP space
Bring your own Key (BYOK) to encrypt block volumes using a customer managed key for improved security
Block Storage access allowing volumes to mount and go, no need for clients to configure operating systems
Network Performance up to 80Gbps

Key features

Use a VPC to manage network services and to start instances as needed to support your mission-critical, cloud-tolerant, and cloud-native applications.

Create and manage isolated application environments through an API
Define your own networking policies that are designed for security and convenient access
Design network topologies with bring your own IP (BYOIP)
Provision your resources and connect them to each other or isolate them from one another
Cover multiple regions for disaster recovery and resilience
Use availability zones that allow high-speed and low-latency connections across regions, with high availability
Use high-speed networking and storage devices
Allow always-on services (control plane)
Provide and use core services: Pluggable Authentication Module (PAM), virtual private network (VPN), firewalls, Secure Shell (SSH), domain name servers (DNS), and L4 load balancing

For more details on each of the key features, see Virtual Public Cloud Overview

See VPC solutions in the IBM Cloud catalog.

Key technical advantages

Some key advantages of using VPCs:

Hyperscale rapid provisioning, 1000 VM’s in less than 4 minutes consistently
Best in class networking performance between VPC servers – up to 100 Gbps for Bare Metal on VPC and up to 80 Gbps for general purpose Virtual Server profiles
Deploy SAP and VMware workloads using VPC BareMetal and take advantage of the power of a software defined network.
Integrate with Cloud Object Storage to import custom images and redeploy them on VPC.
Developer friendly, REST-based API aligned to industry norms and easily integrate with existing tools
Security – Support for KYOK/BYOK data protection, & with the highest level of FIPS certification, 140-2 Level 4
Resiliency – 99.99% SLA availability across 9 Multizone Region (MZRs) to handle outages.
Connect your Classic infrastructure and the scalability of VPC using Transit Gateway.
Easily migrate Classic VSI’s over to VPC using VPC+ migration tool.
Ensure your data is safe by setting up backup policies and retention using VPC’s Backup as a Service.
VPC is the only cloud that allows you to bring your own Windows Licenses on a Public shared environment without buying a duplicate license.

Logical isolation

A VPC’s logical isolation is implemented using virtual network functions and security features that give an enterprise customer granular control over which IP addresses or applications can access particular resources.

Security

VPCs achieve high levels of security by creating virtualized replicas of the security features used to control access to resources housed in traditional data centers. These security features enable you to define virtual networks in logically isolated parts of the public cloud and control which IP addresses have access to which resources.

Use the following access controls:

Access control lists (ACLs). An ACL lists rules to limit who can access a particular subnet within your VPC.
Security group. With a security group, you can create groups of resources (which may be situated in more than one subnet) and assign uniform access rules to them.

Observability

The IBM Cloud Log Analysis service allows you to collect troubleshoot, search, issue alert, view and monitor system and application logs & export JSON. You can manage, view and analyze. See Logging for VPC to enable platform logs to view and analyze VPC logs.

IBM Cloud Flow Log for VPC service allows you to collect, store, and present information about Internet Protocol (IP) traffic going to and from networks of your VPC. See About IBM Cloud Flow Logs for VPC.

IBM Cloud Monitoring is a platform level regionally deployed service instance. One instance per region. Monitoring allows VPC service monitoring via cloud dashboards. See IBM Cloud VPC monitoring dashboards.

Using IBM Cloud Activity Tracker service, capture, store, view, search and monitor API activity

on how users and applications interact with IBM Cloud VPC
on user-initiated activities that change the state of a service
be alerted as actions happen
insure Cloud Auditing Data Federation (CADF) standard compliance, as well as internal policy compliance
view and search events using the web UI or CLI for that region’s tracker

See Activity Tracker events

VPC Journey

With IBM Cloud Virtual Private Cloud(VPC), establish your own virtual private cloud by defining a virtual network that is logically isolated from all other public cloud tenants. Quickly establish the network constructs and on-prem connectivity needed to run your workload underlying software defined networking (SDN) and virtual network functions.

The steps:

Getting started

For each of the tutorials and code examples, you will need:

Getting started with Terraform on IBM Cloud

Tutorials

The IBM Virtual private cloud architecture Center provides tutorials for several use cases.

Course

For a step-by-step course, see:

Advanced networking for IBM Cloud VPC

Code examples

Architecture center

Virtual private cloud architecture
Decision guide Container workload hybrid cloud
Blog post Virtual Private Cloud: The Tech and the Test

Behind the curtain

For a detailed conceptual picture of what's happening "behind the curtain" in VPC networking, see VPC behind the curtain.