Home Networking Create/Manage a Virtual Private Cloud Network

Create/Manage a Virtual Private Cloud Network

Last updated on Feb 28, 2025
  1. A VPC is a private, isolated section of a public cloud that provides a secure and customizable environment for deploying and managing resources. It allows you to control your network configuration, including IP address ranges, subnets, and security settings. VPCs are often used to create a private network within a public cloud, offering enhanced security and flexibility. Key features of a VPC include:

  • Isolation: VPCs are logically isolated from other networks in the public cloud, ensuring that your resources are private and secure.

  • Customization: You can define custom IP address ranges, create subnets, and set up network access control lists (ACLs) and security groups.

  • Scalability: VPCs can scale on demand, allowing you to add or remove resources as needed.

  • Connectivity: VPCs can be connected to on-premises data centers via secure connections like VPN or Direct Connect.

  • Security: VPCs offer robust security features, including network ACLs, security groups, and encryption.

This ability to subnet the primary VPC provides the flexibility to create as complex of a networking scheme as needed, with the same functionality and segmentation that a traditional subnetted design would provide.

Create The VPC

  1. Navigate to https://app.americancloud.com

  1. Select "Networking" from the left navigation pane.

  1. Select "+ CREATE VPC NETWORK"

  1. Determine the zone to create the VPC in. Keeping in mind the premium cluster resides in US-West-0 and only standard clusters reside within US-West-1.

  1. Select a project to create the VPC in.

    • Select the IP Address Range Prefix. This is a manual input based on your networking needs and design.

  • Determine the network size based off network design and planning. Take into consideration the number of networks necessary for your environment.

  • Name the VPC based off a naming convention of your choosing.

  • VPC description can be anything that supports the environmental design and navigation.

  • Lastly, choose the between monthly or hourly billing method. A VPC will cost a standard $12 a month.

  1. Select "CREATE VPC"

  1. "Hold on! Creating VPC network. Might take a few minutes..." will appear top of the screen while the VPC is being created.

Tip: A VPC will NOT delete itself. Therefore, if you wish to destroy and not pay for a VPC you must manually delete.

Create The Network

  1. Once the VPC is created we must add an internal network to being building our environment. Select "+ ADD NETWORK".

    • Enter a name based off your naming convention for networks within the VPC.

  • Select the desired Network Offering.

    • Source NAT - This service enables the virtual router's public IP address to be applied to outgoing network traffic. This is the standard for local nodes to access the internet.

    • External (Public) load-balancing - This service redirects all traffic to a public IP address of a virtual router to other network routers.

    • Internal (Private) load-balancing - This service enables traffic entering the network to be balanced across different VMs within the network itself.

  • Determine the gateway for the network based on the VPC settings and network design. This field is where to define the default-gateway that will be for the new network. This is what the internal IP address would be on a router or firewall in a traditional network. Typically this is the first- or last-usable address in an IP range (ex. in 10.10.20.0/24, first-usable would be 10.10.20.1; last-usable would be 10.10.20.254).

  • Establish the Netmask required for the network.

  • You can assign an external id for the network. This allows the creation of tags to the new network.

  • Select the default ACL. This field provides the ability to assign a default 'permit-all (default_allow)' or 'deny-all (default_deny)' rule for the new network. Individual exceptions can be configured within the VPC.

Select "CREATE NETWORK"

  1. An instance can quickly be added to the network by selecting the three dots on the corresponding network. Then selecting "Add Instance".

Tip: For more information on creating an instance Click Here.

  1. By selecting the drop-down arrow we can list the Instances running in the network.

Public IP Addresses

  1. Select "Public IP Addresses" from the top menu.

  1. Add a port forwarding rule by selecting "Add Port Forwarding Rule" on the corresponding IP Address and VM which can be identified in the far left. Already created or active PF rules will be listed below the IP table.

  1. Create a rule:

  • Select the VM to add the rule to.

  • Select the network for the rule.

  • Select between TCP or UDP protocols.

  • Add a start and end private port

  • Then select the start and end public port.

Click "Submit"

  1. The newly created rule will be listed in the active rule table as depicted below.

  1. To delete a PF rule simply select "Delete Rule". A warning block/last chance block will be presented. To proceed with the deletion select "Delete Port Forwarding Rule".

  1. If another IP Addresses is needed select "+ Acquire New IP".

  1. Select the Network to add the ip to. A additional ip will cost $1 a month. Select "Add IP"

  1. The newly acquired ip will be listed in the ip table. To enable the ip as a static nat for a VM select "Enable Static NAT".

  1. Select the network and vm to assign static nat to. Select "Enable Static Nat".

  1. By listing the instances within the Network, you can see the static nat for the IP has been enabled.

  1. To disable static nat for the vm select "Disable Static NAT". A warning/last chance block will appear select "Disable Static NAT" to proceed.

  1. After disabling static nat, if the IP is no longer required, you can release the IP by selecting "Release IP". A warning/last chance block will appear select "Release IP" to proceed.

  1. The table will update and show the IP no longer present. This will end your $1 a month requirement for the IP.

Manage ACL

  1. From the top menu tree select "ACL Lists".

  1. To create and manage a custom ACL List select "+Add network ACL list".

  1. Provide a name for the list and brief description of your choosing then select "Add ACL"

  1. The newly created list will be added to the Network ACL Lists table.

  1. Once the ACL is created we can add rules by selecting "+ Add ACL Rule".

    • Rule Number: Rule numbers are used to prioritize and order the rules within an Access Control List, with lower numbers taking precedence over higher numbers.

  • CIDR List: Is a method used to specify a range of IP addresses in a concise manner to control access to network resources.

  • Action: Action is used to define whether the ACL rule is allowing or denying connection.

    • Allow

    • Deny

  • Protocols: Protocol is referring to network protocols which can be used to define the type of connection being allowed or denied in the ACL rule. Choosing the different protocol options will expand other fields to be filled out. See the additional fields under the below protocols.

    • All

      Choosing 'All' will allow or deny all network protocols for the ACL rule.

    • TCP

      TCP is a communication protocol that provides reliable, ordered, and error-checked delivery of data between applications over IP networks.

      • Start Port: This is where the network traffic originates.

      • End Port: This is the destination of the network traffic.

    • UDP

      UDP is a connectionless communication protocol that allows for the exchange of datagrams between applications over IP networks without requiring a dedicated connection.

      • Start Port: This is where the network traffic originates.

      • End Port: This is the destination of the network traffic.

    • ICMP

      ICMP is a network protocol used to send error messages and operational information about network conditions between hosts on an IP network.

      • ICMP Type

      • ICMP Code

  • Protocol Number: Protocol numbers are numerical values that identify the specific network protocol being used for communication, such as TCP, UDP, or ICMP.

    • End Port

    • Start Port

    • End Port

    • ICMP Type

    • ICMP Code

Select "Add ACL"

  1. Click here.

  1. To delete the rule simply select the trash can icon associated with the rule. A warning/last chance block will present itself. Select "Delete" to proceed with the deletion.

  1. The rule will be removed from the rule table.

  1. To delete the ACL List simply select the corresponding trash can icon. A warning/last chance block will present itself. Select "Delete" to proceed.

  1. The ACL list will be removed from the table.

Remote Access VPN

  1. Remote access VPN's enables individual users to connect to a private network from various locations. Remote access VPNs require setup on each client and each user must initiate the tunnel setup. Remote access VPNs are ideal for remote employees needing secure access to a corporate network

  2. From the top menu select "Remote Access VPN"

  1. Select the slider bar to activate the VPN connection.

  1. Once activated the VPN status will read "Running" and display the IPSec pre-shared key needed for connection.

  1. Next users must be added. Select "+ Add New User"

  1. Provide a Username and Password for the user. Then store in a secure location for sharing. Select "Add User"

  1. The user will be added and show an active state.

  1. If that user is no longer needed. Remove it by selecting the trashcan icon associated with the user and select delete in the warning/last chance block.

  1. If the VPN connection is no longer required, simply select the slider bar. This will deactivate the VPN connection.

Tip: For further information creating a VPN on the local host Click Here.