Enrollment No.

1906018

Practical No. 3
 Study of Networking in Cloud:
 Cloud networking, or cloud-based networking, is when some or
all of an organization’s networking resources are hosted in the
cloud. This may refer to either a public cloud or private cloud.
 The technology is based on cloud computing, which is the
centralization of computing resources that are shared between
users.
 Improved internet access and more reliable WAN bandwidth
have made it easier to push more networking management
functions into the cloud. This has been one of the drivers
of cloud computing services as well as enterprise cloud
software. This, in turn, has spurred demand for cloud
networking as well, as customers look for easier ways to access
and build networks using cloud-based services.

 Cloud networking is the use of the cloud to manage and direct

traffic traversing a wide area network (WAN).It is based on
cloud computing where centralized compute resources are

1|Page
Enrollment No. 1906018

shared among users. With this technology

connectivity, security, management, and control all are cloud-
based and are offered as services.

 Virtual Private Cloud:

 A VPC is a public cloud offering that lets an enterprise establish

its own private cloud-like computing environment on
shared public cloud infrastructure. A VPC gives an enterprise
the ability to define and control a virtual network that is
logically isolated from all other public cloud tenants, creating a
private, secure place on the public cloud.
 Imagine that a cloud provider’s infrastructure is a residential
apartment building with multiple families living inside. Being a
public cloud tenant is akin to sharing an apartment with a few
roommates.
 In contrast, having a VPC is like having your own private
condominium—no one else has the key, and no one can enter
the space without your permission.

2|Page
Enrollment No. 1906018

 Features:

1. Agility: Control the size of your virtual network and deploy

cloud resources whenever your business needs them. You
can scale these resources dynamically and in real-time.
2. Availability: Redundant resources and highly fault-tolerant
availability zone architectures mean your applications and
workloads are highly available.
3. Security: Because the VPC is a logically isolated network,
your data and applications won’t share space or mix with
those of the cloud provider’s other customers. You have full
control over how resources and workloads are accessed,
and by whom.
4. Affordability: VPC customers can take advantage of the
public cloud’s cost-effectiveness, such as saving on
hardware costs, labor times, and other resources.

 Benefits:
1. Flexible business growth: Because cloud infrastructure
resources—including virtual servers, storage,
and networking—can be deployed dynamically, VPC
customers can easily adapt to changes in business needs.
2. Satisfied customers: In today’s “always-on” digital business
environments, customers expect uptime ratios of nearly
100%. The high availability of VPC environments enables
reliable online experiences that build customer loyalty and
increase trust in your brand.
3. Reduced risk across the entire data lifecycle: VPCs enjoy
high levels of security at the instance or subnet level, or
both. This gives you peace of mind and further increases the
trust of your customers.
3|Page
Enrollment No. 1906018

4. More resources to channel toward business

innovation: With reduced costs and fewer demands on your
internal IT team, you can focus your efforts on achieving key
business goals and exercising core competencies.

 Three-tier architecture in VPC:

1. The web or presentation tier, which takes requests from
web browsers and presents information created by, or
stored within, the other layers to end users.
2. The application tier, which houses the business logic and is
where most processing takes place.
3. The database tier, comprised of database servers that store
the data processed in the application tier.
4. To create a three-tier application architecture on a VPC, you
assign each tier its own subnet, which will give it its own IP
address range. Each layer is automatically assigned its own
unique ACL.

 Architecture:
1. Compute: Virtual server instances (VSIs, also known as
virtual servers) are presented to the user as virtual CPUs
(vCPUs) with a predetermined amount of computing power,
memory, etc.
2. Storage: VPC customers are typically allocated a
certain block storage quota per account, with the ability to
purchase more. It is akin to purchasing additional hard
drive space. Recommendations for storage are based on
the nature of your workload.
3. Networking: You can deploy virtual versions of various
networking functions into your virtual private cloud
account to enable or restrict access to its resources. These
4|Page
Enrollment No. 1906018

include public gateways, which are deployed so that all or

some areas of your VPC environment can be made available
on the public-facing Internet; load balancers, which
distribute traffic across multiple VSIs to optimize availability
and performance; and routers, which direct traffic and
enable communication between network segments. Direct
or dedicated links enable rapid and secure communications
between your on-premises enterprise IT environment or
your private cloud and your VPC resources on public cloud.

 Security:
Two types of network access controls comprise the layers of VPC
security:

1. Access control lists (ACLs): An ACL is a list of rules that limit

who can access a particular subnet within your VPC. A
subnet is a portion or subdivision of your VPC; the ACL
defines the set of IP addresses or applications granted
access to it.
2. Security group: With a security group, you can create
groups of resources (which may be situated in more than
one subnet) and assign uniform access rules to them. For
example, if you have three applications in three different
subnets, and you want them all to be public Internet-facing,
you can place them in the same security group. Security
groups act like virtual firewalls, controlling the flow of traffic
to your virtual servers, no matter which subnet they are in.

 Pricing:
1. The various cloud providers may offer different pricing
models in their VPC offerings. It is common for individual VPC

5|Page
Enrollment No. 1906018

resources—such as load balancers, VSIs, or storage—to be

priced separately.
2. It is also common for data transfer charges to be applied
based on volume, but there are some cloud providers do not
charge for data transfers over private networks.

 Example of VPC:
Amazon Virtual Private Cloud:
1. Amazon Virtual Private Cloud (VPC) is a commercial cloud
computing service that provides users a virtual private
cloud, by "provision[ing] a logically isolated section
of Amazon Web Services (AWS) Cloud".
2. Enterprise customers are able to access the Amazon Elastic
Compute Cloud (EC2) over an IPsec based virtual private
network.
3. Unlike traditional EC2 instances which are allocated internal
and external IP numbers by Amazon, the customer can
assign IP numbers of their choosing from one or more
subnets.
4. By giving the user the option of selecting which AWS
resources are public facing and which are not, VPC provides
much more granular control over security. For Amazon it is
"an endorsement of the hybrid approach, but it's also
meant to combat the growing interest in private clouds".

6|Page
Enrollment No. 1906018

5. AWS VPC allows users to connect to the Internet, a user's

corporate data center, and other users' VPCs. Users are able
to connect to the Internet by adding an Internet Gateway to
their VPC, which assigns the VPC a public IPv4 Address.
6. Users are able to connect to a data center by setting up a
Hardware Virtual Private Network connection between the
data center and the VPC. This connection allows the user to
"interact with Amazon EC2 instances within a VPC as if they
were within [the user's] existing network."
7. Users are able to route traffic from one VPC to another VPC
using private IP addresses, and are able to communicate as
if they were on the same network. Peering can be achieved
by connecting a route between two VPC's on the same
account or two VPC's on different accounts in the same
region. VPC Peering is a one-to-one connection, but users
are able to connect to more than one VPC at a time.
7|Page
Enrollment No. 1906018

8. To achieve one-to-many connections between VPCs, you

can deploy a transit gateway (TGW).In addition, you can
connect your VPCs to your on premise systems by
employing the transit gateway.
9. AWS VPC's security is two-fold: firstly, AWS VPC uses
security groups as a firewall to control traffic at the instance
level, while it also uses network access control lists as a
firewall to control traffic at the subnet level. As another
measure of privacy, AWS VPC provides users with ability to
create "dedicated instances" on hardware, physically
isolating the dedicated instances from non-dedicated
instances and instances owned by other accounts.
10. AWS VPC is free, with users only paying for the
consumption of EC2 resources. However, if choosing to
access VPC via a Virtual Private Network (VPN), there is a
charge.
__________________________________________________________

8|Page