DigitalOcean VPC is a great addition to DO’s growing list of services, and this one is free! VPC (Virtual Private Cloud) allows you to create virtual network segments. This can be useful for project segmentation.

If you have a load balancer, several droplets, and a managed database, you can put them on a private network (network-1). This allows them to communicate using their private IP addresses. With this VPC configuration you could have a DigitalOcean Firewall only allowing HTTP and HTTPs to the Load Balancer. All the other communication would occur over the VPC network.

bastion host

Today I learned about bastion hosts. You can have several Droplets in a VPC, and have one Droplet listen for SSH connections, then tunnel through that bastion host to the other Droplets. With DigitalOcean Firewalls, it’s a breeze to setup.

agencies

In the blog post it mentions that agencies can use this to isolate different web applications and this is true! We’ll definitely be using DigitalOcean VPC to segment applications in their own networks.

conclusion

I’m excited to start using DigitalOcean VPC’s!

references