Cloud from Zero
by Sergey Okinchuk
Chapter 6: Networking and Content DeliveryConnecting It Up: Internet, VPN, Peering
Topic 24

Your Private Network in the Cloud

Concept

When you rent cloud resources, they don't float loose on the open internet. They sit inside your own private slice of the provider's network — a fenced-off area where your machines live and talk to each other, separate from every other customer and invisible to the public web by default.

Think of it like renting a suite of offices in a big building. The building has a public corridor that anyone can walk through, but your suite has a locked door. Inside, your staff can move freely between rooms. The reception desk at your door faces the corridor — that's the one public-facing point. The back rooms, where the files and the servers live, are staff-only. Your private cloud network works the same way.

The real term you'll hear is VPC — Virtual Private Cloud on AWS and Google Cloud, or Virtual Network (usually shortened to VNet) on Azure. The name differs; the idea is identical: your own isolated network inside the provider's infrastructure.

What Is a Network?

A network is simply the plumbing that lets computers talk to each other — the cables, wireless signals, and rules that carry information from one machine to another. Your home Wi-Fi is a small network; the internet is the largest one, connecting billions of devices worldwide. A network lets a web server send a page to your laptop, or a database reply to a query from a web server down the hall.

Your Private Network

Inside the cloud, your private network is a logically separated space — the provider creates a virtual boundary, and your machines live inside it. Other customers' machines, even if they run on the same physical hardware, cannot reach yours. You control the address ranges, the routing rules, and the gates in and out. It is yours to configure, and it comes with sensible defaults so you don't have to build it from nothing.

Public vs Private: What Do You Expose?

Within your private network, you choose what faces the internet and what stays hidden. A web server that visitors need to reach gets a public-facing configuration — it can receive and respond to internet traffic. A database that holds customer records stays on the private side, reachable only by your web servers inside the same network, invisible to everyone else. This distinction — public-facing versus private — is the first and most important choice in any cloud design.

Why Isolation Matters

Without a private network, every resource you created would be exposed to the entire internet by default. Any machine anywhere could try to reach your database, your internal admin tools, or anything else. The private network draws the line: exposure is opt-in, not the default. This single boundary is why cloud architectures can be both accessible to users and secure — you open exactly the doors you choose, and no others.

Public-facing side vs private side of your cloud network
Your private network (VPC / VNet)
InternetPublic traffic
Public-facingWeb server
Private (hidden)Database
Three cloudsAWS VPC (Virtual Private Cloud)Google Cloud VPC (Virtual Private Cloud)Azure Virtual Network (VNet)
Common Confusions
  • "Everything I put in the cloud is on the open internet." No — it's in your private network by default. You have to explicitly open a resource to the internet, and even then only the parts you choose are exposed.
  • "I have to build the private network from scratch." Every cloud provider creates a default network for you when you set up an account. You can customize it, but you don't start from nothing.
  • "A private network is the same as a VPN." Related but different. Your private network is the isolated space where your resources live. A VPN is a way to connect your office or your laptop into that space. The next topic covers this distinction.
  • "Private means only I can use it." Private here means isolated from other cloud customers and from the open internet — not locked to a single person. Your whole team can use resources inside your private network.
Why It Matters
  • The private network is the foundation of cloud security and architecture. Every design diagram shows it, and "VPC" appears in almost every cloud conversation.
  • Understanding public-facing versus private is what lets you read any architecture diagram and answer "which parts can the internet reach?"
  • Isolation from other tenants is one of the cloud's core guarantees — your workloads stay separated from every other customer's, even on shared hardware.

Knowledge Check

What is the main purpose of a private network in the cloud?

  • To isolate your resources and control what's reachable
  • To make all your resources publicly accessible on the internet
  • To share a network address space with other cloud customers
  • To replace the public internet with a faster, dedicated connection

A database holding customer records should live on which side of your private cloud network?

  • The private side, hidden from the internet
  • The public side, so users can query it directly from their browsers
  • Outside the private network — databases cannot be inside it
  • In a completely separate cloud account with no network connection

On AWS and Google Cloud, what is the term for a private cloud network?

  • VPC — Virtual Private Cloud
  • VNet — Virtual Network
  • Subnet — a subdivided address range
  • CDN — Content Delivery Network

You got correct