Overview
Virtual Private Cloud (VPC) is a technology that allows you to create your own virtual network within Unity Solutions, isolating your cloud servers on their own private network.
Single-tiered Application
In this use case, all cloud servers are deployed into the VPC with their own external IP addresses, with the router providing internet access. We recommend this configuration if you want to run a simple, public-facing web application on a small number of servers.
This scenario includes:
A VPC with a CIDR block of 10.240.0.0/16
A cloud server with an external IP address (43.229.60.15), enabling internet access
A virtual router with a default routing table
When multiple servers are deployed in the VPC, the internal IP addresses are used for secure communication between the servers.
Multi-tiered Application
In this use case, the application is divided into two or more tiers: an internet-accessible public tier (e.g., web servers) and a private tier accessible only within the VPC (e.g., database servers). We recommend this configuration for public web applications where you want to provide additional protection to your backend datastore.
This scenario includes:
A VPC with a CIDR block of 10.240.0.0/16
A web server with a private IP address (10.240.0.4) and an external IP address (43.229.60.15) forwarded by the router, enabling internet access
A database server with a private IP address (10.240.0.5) and no external IP address, making it accessible only within the VPC
To provide outgoing internet access to the database server, the route table is configured to pass internet traffic (0.0.0.0/0) to the web server.
The web server is configured to provide NAT for the database server, or in a larger deployment, a dedicated NAT server may be used.
Multi-tiered Application with VPN
This use case enhances a multi-tiered application by adding a VPN connection to your company network. The backend tier is directly accessible from your own network and can optionally connect to your in-house servers. We recommend this configuration for migrating your existing web applications to the cloud.
This scenario includes:
A VPC with a CIDR block of 10.240.0.0/16
A web server with a private IP address (10.240.0.4) and an external IP address (43.229.60.15)
A database server with a private IP address (10.240.0.6) and no external IP address
A VPN server with a private IP address (10.240.0.5) and an external IP address (43.229.60.16), serving as the remote VPN endpoint
Your own VPN gateway, acting as the local VPN endpoint, providing access for your company network (192.168.1.0/24)
The route table is configured to send outgoing internet traffic (0.0.0.0/0) through the web server and your company network traffic (192.168.1.0/24) through the VPN server. The web server is set up to provide NAT for the database server, or in larger deployments, a dedicated NAT server may be used.
Private Application with VPN
This use case establishes a private network accessible only via a VPN connection to your company network. The servers are not accessible from the internet, and outgoing internet access is provided through your company network. We recommend this configuration for migrating your in-house applications to the cloud.
This scenario includes:
A VPC with a CIDR block of 10.240.0.0/16
A cloud server with a private IP address (10.240.0.6) and no external IP address
A VPN server with a private IP address (10.240.0.5) and an external IP address (43.229.60.15), serving as the remote VPN endpoint
Your own VPN gateway, acting as the local VPN endpoint, providing access for your company network (192.168.1.0/24)
The route table is configured to send all traffic (0.0.0.0/0) to your company network via the VPN server. The private server has no outgoing internet access other than through your company network, allowing you to leverage the security controls already in place for your existing in-house deployment.
Comments