VPC concepts

Regions, zones, and subnets

All VPCs exist in a single region. A regionA defined geographic territory. A region could be a specific postal code area, a town, a city, a state, a group of states, or even a group of countries. Each region can itself be a set of other regions or a set of postal codes that form the region. is an abstraction that is related to the geographic area in which a VPC is deployed. Each multizone region contains multiple zones. A zoneAn independent fault domain. A zone is an abstraction designed to assist with improved fault tolerance and decreased latency. is another an abstraction that refers to the physical data center that hosts the compute, network, and storage resources, as well as the related cooling and power, which provides services and applications.

VPCs that are created in a one of the multizone regions can span multiple zones to facilitate high availability. For IBM Cloud for Financial Services, it is recommended to use at least three zones in each VPC to help ensure resiliency.

Subnets consist of a specified IP address range (CIDR block). Subnets are bound to a single zone, and they cannot span multiple zones or regions. Subnets in the same VPC are connected to each other.

For more information, see About networking.

IBM Cloud for Financial Services that stuff in About networking like Public Gateway and Floating IPs should not generally be used. -->

Access control lists and security groups

Access control lists (ACLs) and security groups provide ways to control the traffic across the subnets and instances in your VPC by using rules that you specify. ACLs control traffic to and from a subnet, while security groups control the traffic at the virtual server instance (VSI) level.

For more information, see Security in your VPC.

Virtual Servers for VPC

Virtual Servers for VPC gives you access to all of the benefits of IBM Cloud VPC, including network isolation, security, and flexibility. When you provision an instance, you select a profile that matches the amount of memory and compute power that you need for the application that you plan to run on the instance. Instances are available on the x86 architecture.

See About virtual server instances for VPC for more details.

Dedicated hosts

Provision your virtual servers on a dedicated host. Dedicated hosts are used to carve out a single-tenant compute node, free from users outside of your organization. Within that dedicated space, you can create virtual server instances according to your needs. Additionally, you can create dedicated host groups that contain dedicated hosts for a specific purpose. Because a dedicated host is a single-tenant space, only users within your account that have the required permissions can create instances on the host.

See Creating dedicated hosts and groups for more details.

Red Hat OpenShift on IBM Cloud

You can also use Red Hat OpenShift on IBM Cloud to run applications. It is also backed by virtual server instances, but, in that case, the virtual service instances are managed by IBM.

See VPC reference architecture with Red Hat OpenShift on IBM Cloud for more details.