IBM Cloud Docs
Overview

Overview

Use IBM Cloud® Virtual Private Cloud to create your own space in IBM Cloud®. A virtual private cloud (VPC) is a secure, isolated virtual network that combines the security of a private cloud with the availability and scalability of IBM's public cloud.

Logical isolation

VPC gives your applications logical isolation from other networks, while providing scalability and security. To make this logical isolation possible, the VPC is divided into subnets that use a range of private IP addresses. You can create subnets in suggested prefix ranges, or bring your own public IP address range (BYOIP) to your IBM Cloud account. By default, all resources within the same VPC can communicate with each other over the private network, regardless of their subnet.

Quick instance provisioning with high network performance

You can quickly provision scalable compute resources in your VPC by creating virtual server instances with the core and RAM configuration that's best for your workload. You can select from the supported stock images or custom images that were imported from IBM Cloud Object Storage. All images are cloud-init enabled. You can connect to your instance without using a password by adding SSH keys.

You can create instances with up to 80 Gbps network bandwidth per instance. Each instance can be multi-homed, that is, you can create multiple network interfaces per instance.

Multi-architecture images

You can choose to create virtual server instances with different operating systems on x86_64 or s390x processor architecture. For more information, see Images.

Storage capabilities

When you create an instance, a 100 GB Block Storage volume is automatically attached as a primary boot volume. You can increase the capacity of the boot volume to 250 GB. To add secondary data volumes to your instance, create Block Storage for VPC volumes or File Storage for VPC shares.

You can use Block Storage for VPC snapshots to create point-in-time copies of your boot or data volumes, create copies of the snapshots in other regions, and create volumes from the snapshots. You can automate the creation of the snapshots with the IBM Cloud® Backup for VPC service.

External connectivity

Several options are available for enabling your instances to communicate with the public internet:

  • To enable all instances in a subnet to send outgoing traffic, attach a public gateway to the subnet.
  • To enable communication to and from a specific instance, independent of whether the subnet is attached to a public gateway, associate the instance with a floating IP.
  • To enable secure connectivity, use the Virtual Private Network (VPN) service.

Security

For instance-level protection, use security groups that act as virtual firewalls to restrict traffic for one or more instances. For subnet-level protection, use access control lists (ACLs) to limit a subnet's inbound and outbound traffic.

High availability

A region is the geographical location where you deploy the VPC's services, resources, and applications. Each region contains zones, which are logically isolated zones with independent infrastructures. You can deploy resources in multiple zones to achieve fault tolerance and high availability.

Use load balancers to distribute your network traffic across a set of virtual server instances to improve performance and availability. You can set up a load balancer to distribute incoming application traffic across instances in a single zone or across multiple zones within a region.

Interconnectivity

IBM has the following offerings that can help you interconnect VPCs:

Classic access

You can set up access from a VPC to your IBM Cloud classic infrastructure, including Direct Link connectivity. One VPC per region can communicate with classic resources. For more information, see Setting up access to classic infrastructure.

Next steps

To get started with the API and CLI, set up your environment. To learn how to create VPC resources, see these tutorials:

For a list of features not yet supported in VPC, see Limitations.