Private Networking Available at cloudscale.ch
You asked for it, here it is: cloudscale.ch now offers private networking. Interconnect your virtual servers in a more secure way using a dedicated interface separated from the public Internet. Let us quickly take you through the most relevant aspects of this new feature:
When you should use private networks
A well-known use case for private networks are "tiered architectures": Create a number of frontend servers (e.g. web workers) that directly serve your users over the Internet. Those servers then use a second, private network interface to connect to their backend servers (e.g. DB or business logic) which are not publicly accessible. This design minimizes the number of exposed services, increasing the overall security of your setup.
Thinking beyond common web services, you can now use our cloud for virtually any application that you previously operated on-premises. Be it email, file storage, your wiki, or your virtual PBX: Just use our "private network" feature. With a VM acting as a gateway, central firewall, and/or VPN endpoint, you are in full control over who has access to your (private) machines.
How to set up private networking
Private networking at cloudscale.ch works out of the box: Each server on your private network receives an IP address by DHCP; this address is also displayed in our cloud control panel. You may, of course, statically configure any IPv4 and/or IPv6 address you like – it is your network, after all.
In case of an already running server that has no private network interface yet, you can add one any time later. Config snippets will help you setting up the additional interface in the operating system you chose.
A peek behind the scenes
We allocate a separate VXLAN to each user, tunneling your private network's traffic between our compute nodes and thereby keeping it completely separated from other customers'. Using this setup, we also make sure that packets inside your private network never leave our backbone.
We assign a random /24 subnet out of the private 172.16.0.0/12 address block to each user. By doing so, we try to avoid confusion with private addresses that you might be using elsewhere. In case you prefer the DHCP servers to pick addresses from a different subnet, just let our support team know.
Our self-service cloud platform now offers a solid foundation for an even broader range of applications, thanks to the added support of tiered architectures. Use a private network to protect your valuable data, and only expose the services you actually want to be publicly accessible.
Happy (private) networking!
Your cloudscale.ch team