IBM Cloud Docs
VPC concepts

VPC concepts

Now that you've seen the high-level VPC reference architecture for IBM Cloud for Financial Services, there are a number of important VPC concepts that will help you understand the components within the management and workload VPCs as we dive into lower-level details. Each VPC is a virtual network that is linked to your customer account. It gives you cloud security, with the ability to scale dynamically, by providing fine-grained control over your virtual infrastructure and your network traffic segmentation.

Network

Regions, zones, and subnets

All VPCs exist in a single region. A regionAn independent geographic territory that consists of one or more zones. is an abstraction that is related to the geographic area in which a VPC is deployed. Each multizone region contains multiple zones. A zoneA location within a region that acts as an independent fault domain. is another an abstraction that refers to the physical data center that hosts the compute, network, and storage resources, as well as the related cooling and power, which provides services and applications.

VPCs that are created in a one of the multizone regions can span multiple zones to facilitate high availability. For IBM Cloud for Financial Services, it is recommended to use at least three zones in each VPC to help ensure resiliency.

Subnets consist of a specified IP address range (CIDR block). Subnets are bound to a single zone, and they cannot span multiple zones or regions. Subnets in the same VPC are connected to each other.

For more information, see About networking.

IBM Cloud for Financial Services that stuff in About networking like Public Gateway and Floating IPs should not generally be used. -->

Access control lists and security groups

Access control lists (ACLs) and security groups provide ways to control the traffic across the subnets and instances in your VPC by using rules that you specify. ACLs control traffic to and from a subnet, while security groups control the traffic at the virtual server instance (VSI) level.

For more information, see Security in your VPC.

Compute

Virtual Servers for VPC

Virtual Servers for VPC gives you access to all of the benefits of IBM Cloud VPC, including network isolation, security, and flexibility. When you provision an instance, you select a profile that matches the amount of memory and compute power that you need for the application that you plan to run on the instance. Instances are available on the x86 architecture.

See About virtual server instances for VPC for more details.

Dedicated hosts

Provision your virtual servers on a dedicated host. Dedicated hosts are used to carve out a single-tenant compute node, free from users outside of your organization. Within that dedicated space, you can create virtual server instances according to your needs. Additionally, you can create dedicated host groups that contain dedicated hosts for a specific purpose. Because a dedicated host is a single-tenant space, only users within your account that have the required permissions can create instances on the host.

See Creating dedicated hosts and groups for more details.

Red Hat OpenShift on IBM Cloud

You can also use Red Hat OpenShift on IBM Cloud to run applications. It is also backed by virtual server instances, but, in that case, the virtual service instances are managed by IBM.

See VPC reference architecture with Red Hat OpenShift on IBM Cloud for more details.

Storage

Block Storage for VPC provides hypervisor-mounted, high-performance data storage for your virtual server instances that you can provision within a VPC. The VPC infrastructure provides rapid scaling across zones and extra performance and security.

Block Storage for VPC is used for both primary boot volumes and secondary data volumes. Boot volumes are automatically created and attached during instance provisioning. Data volumes can be created and attached during instance provisioning as well, or as stand-alone volumes that you can later attach to an instance. To protect your data, you should use KYOK encryption with Hyper Protect Crypto Services.

See About Block Storage for VPC for more details.

Next steps