How to configure Virtual Private Cloud (VPC)

A Virtual Private Cloud (VPC) is a private network interface which makes the server practical, maximizing users' data privacy and security with true isolated instances.

Due to the public disconnection of VPC, users cannot access the server & simply upload or download data via the public network (E.g. SSH), hence they can be benefited from optimized data protection by placing sensitive data and works in isolated server.

See the instructions for configuring Gateway VM in Linux server and Backend VM in both Linux & Windows server below.

To configure Gateway VM for accessing both Public Network & Private Network (ONLY SUPPORTED IN LINUX CENTOS)

Setting up Gateway VM so that the VM acts as a router and forward packets to other Backend VMs through the private networking. This allows the gateway to route traffic between your Gateway VM & Backend VM.

Linux OS (CentOS)

1. Make sure to enable Private Networking from LayerPanel for your Gateway VM.

   

2. Access your Linux server by using either SSH network protocol (E.g Using PuTTY) or Console option in LayerPanel.

3. Input following command to run LayerStack's script for setting up VPC.

   # ./vpc-gateway.sh  
   

4. A prompt message will be shown asking if the Private Network has already been enabled in panel, input Yes.

   NOTE: The message “Your Private Network is not enabled” will be displayed if you did not do the first step.

   

5. Enter VPC subnet prefix here. For example, input 192.168.3.1 or 192.168.4.1 or 192.168.5.1 etc. and press Enter. After this process, your VPC gateway setup should be completed now.

   

6. Now you may input the following command to check gateway status.

   # ip a
   

   

To configure Backend VM which ONLY accessing Private Network

Setting up Backend VM that accesses the internet via the gateway to only accept traffic from the gateway. Logging in the VM using Console is recommended in this case, since the SSH public connection will be dropped during following configuration.

Linux OS (E.g. CentOS, Debian, Ubuntu)

1. Enable Private Networking from LayerPanel for your Backend VM.

   

2. Access your Linux server by using Console option in LayerPanel.

3. Input following command to configure the existing network card.

   # vi /etc/sysconfig/network-scripts/ifcfg-eth0  
   

   

4. For the option of ONBOOT in CentOS server, change the status from yes into no in order to disabling public network, and save it.

   NOTE: Your SSH connection will be disabled after processed this step.

   NOTE: Do not need to process this step for Debian & Ubuntu server.

   

5. Now input following command to continue configuring private network interface.

   # vi /etc/sysconfig/network-scripts/ifcfg-eth1 (CentOS7/8)  
   

   

   # vi /etc/network/interfaces (Ubuntu/Debian)
   

   

   # vi /etc/netplan/50-cloud-init.yaml (Ubuntu 17 and higher using netplan)
   

   

6. Inside interfaces, update your private IP address (E.g. 192.168.3.2) and gateway (E.g 192.168.3.1), and save it.

   The following IP ranges are suggested for use as private IP addresses:

   10.0.0.0/8

   172.16.0.0/16

   192.168.0.0/24

   NOTE: For the gateway setting, this IP is same as another Gateway VM which you need to connect.

   
   CentOS:

   

   Ubuntu/Debian:

   

   Ubuntu 17 and higher using netplan:

   

7. Input following command and update default routing.

   # vi /etc/sysconfig/network  
   

   

8. In the network configuration settings, remove the option for gateway GATEWAYDEV=eth0 for CentOS server and save it.

   CentOS:

   

9. Then reboot the server for refreshing setting.

   # reboot  
   

   

10. Lastly, you may input following command to confirm that this VM is connecting with your required VM.

    # host myip.opendns.com resolver1.opendns.com  
    

    

    NOTE: You may repeat this setup on each of your backend VM.

Windows OS

1. Enable Private Networking from LayerPanel for your Backend VM.

   

2. Access your Windows server by using Console option in LayerPanel.

3. Click Start Menu, then click Control Panel option.
4. Click Network & Sharing Center option.
5. Click Change adapter settings in the left panel.
6. Right click adapter with name Ethernet 2 and select Properties.
7. In the properties window, select Internet Protocol Version 4 (TCP/IPv4) and click Properties button.

8. Select Use the following IP address: option and configure the private IP address.
   
   

   The following IP ranges are suggested for use as private IP addresses:

   10.0.0.0/8
   172.16.0.0/16
   192.168.0.0/24

   
   Example for 192.168.3.2:

   IP address: 192.168.3.2 Subnet mask: 255.255.255.0 Default gateway: 192.168.3.1

   

   NOTE: The netmask of LayerStack private IP range is /24 subnet (255.255.255.0).

9. Once IP and Subnet entered check the box Validate Settings upon exit, click OK and then close the Ethernet 2 property window.

10. Windows Network Diagnostic tool will run to check to see any issues, close this window.

11. Now disable the public network for the server by right clicking on the adapter with name Ethernet and then click disable.

    NOTE: Your Remote Desktop connection will be disabled after processed this step.

12. To check if the private IP address is configured properly, right click Start Menu, then click Command Prompt.

13. Execute the following command for checking network configuration.

    # ipconfig
    

Related Tutorials

• How to configure Private Networking for Cloud Servers

Related LayerStack Product

• Private Networking