Topic 25

Connecting It Up: Internet, VPN, Peering

Concept

A private cloud network is isolated by design — but it rarely needs to be completely sealed off. Most of the time it needs to reach at least a few things outside itself: the public internet (so users can visit your website), your company's physical offices (so employees can securely access internal tools), and sometimes other networks entirely.

There are four standard connection types, each suited to a different need. Think of them as the connection choices available to your office building: a public front door anyone can walk through, a secure courier route to company headquarters, a dedicated underground tunnel for sensitive cargo, and a skybridge connecting you directly to the building next door.

In cloud terms, these become: an internet gateway, a VPN, a dedicated line, and network peering.

Reaching the Internet: The Gateway

An internet gateway is the controlled opening that lets chosen resources in your private network communicate with the public internet — and lets internet traffic reach those resources back. Without a gateway, nothing inside your network can reach out, and nothing outside can come in. With one attached to specific resources (like your web server), those resources become internet-accessible while everything else stays private. The gateway is how you let exactly the right doors open.

Connecting to Your Office: A VPN

A VPN — Virtual Private Network — is an encrypted tunnel over the internet that links two networks securely. In a home or privacy context, people use VPNs to mask their browsing. In cloud networking, the use is different: a company configures a VPN between its physical office and its cloud network, so employees in the building can reach internal cloud resources as if they were on the same local network. The traffic travels over the public internet, but it's scrambled end-to-end, so it's safe from prying. It's the secure courier route — the courier travels public roads, but the package is locked.

A Dedicated Line: Private and Predictable

For heavy, sensitive, or steady traffic, a dedicated line is a physical connection from your premises directly into the cloud provider's network — bypassing the public internet entirely. No traffic from other internet users shares the wire. The result is more predictable performance and no internet outage risk. AWS calls this Direct Connect; Google Cloud calls it Cloud Interconnect; Azure calls it ExpressRoute. A dedicated line costs significantly more than a VPN and takes time to set up, but for financial institutions, large enterprises, or workloads that can't tolerate variability, it's the right tool.

Peering: Connecting Two Cloud Networks

Network peering links two private cloud networks directly so their resources can talk to each other privately, without traffic traveling through the public internet. A company might peer two of its own networks in different regions, or peer with a partner company's network. The networks stay separate — they don't merge — but they gain a private route between them. Think of the skybridge: two buildings stay independent, but a covered walkway connects them for direct, private movement.

Four ways to connect your private cloud network

Your private network (VPC / VNet)

Internet (public)Internet gateway

Your officesVPN tunnel

Direct (physical)Dedicated line

Another networkPeering

Three cloudsAWS internet gateway, VPN, Direct Connect, VPC peeringGoogle Cloud internet gateway, Cloud VPN, Cloud Interconnect, VPC peeringAzure (built-in routing), VPN Gateway, ExpressRoute, VNet peering

Common Confusions

"A VPN is only for hiding your browsing on public Wi-Fi." That's one use. In cloud networking, a VPN is for linking two networks — your office and your cloud network — over an encrypted tunnel, so they behave as one private space.
"A dedicated line is just a faster internet plan." No — it's a separate physical connection that doesn't share infrastructure with the public internet. It offers more predictable performance and is not affected by internet congestion or outages.
"Peering merges two networks together." The two networks stay separate and independently administered. Peering only creates a private route between them; it doesn't combine their address spaces or management.

Why It Matters

Hybrid setups — where a company runs some workloads in its own building and some in the cloud — depend entirely on these connections. Understanding them explains how "on-premise and cloud together" actually works.
The terms Direct Connect, ExpressRoute, and VPN Gateway recur in any architecture discussion about secure or high-volume data transfer. Knowing what each is prevents confusion.
The choice between a VPN and a dedicated line is a real cost-and-reliability trade-off that teams make regularly — understanding it helps you follow (and contribute to) that conversation.

Knowledge Check

What does an internet gateway do for your private cloud network?

Lets chosen resources send and receive public internet traffic
Creates an encrypted tunnel between your office and your cloud network
Connects two private cloud networks so they can communicate directly
Replaces your internet connection with a private physical cable

How does a dedicated line (like AWS Direct Connect or Azure ExpressRoute) differ from a VPN?

It's a physical connection that bypasses the public internet
It does the same job as a VPN — both are encrypted software tunnels
It is simply a higher-bandwidth version of a regular internet plan
It is only available to the very largest enterprises, not smaller teams

What happens to two networks after they are peered?

They stay separate but gain a private route between them
They merge into one combined network with a shared address space
They communicate only through the public internet, encrypted end-to-end
One network loses its internet access and routes everything through the other

You got correct