VIRTUAL PRIVATE NETWORKS

One of the most important skills any computer user should have is the ability to use a virtual private network (VPN) to protect their privacy. A VPN is typically a paid service that keeps your web browsing secure and private over public Wi-Fi hotspots. VPNs can also get past regional restrictions for video- and music-streaming sites and help you evade government censorship restrictions—though that last one is especially tricky.

How it works

The best way to think of a VPN is as a secure tunnel between your PC and destinations you visit on the internet. Your PC connects to a VPN server, which can be located in the United States or a foreign country like the United Kingdom, France, Sweden, or Thailand. Your web traffic then passes back and forth through that server. The end result: As far as most websites are concerned, you’re browsing from that server’s geographical location, not your computer’s location.

We’ll get to the implications of a VPN’s location in a moment, but first, let’s get back to our secure tunnel example. Once you’re connected to the VPN and are “inside the tunnel,” it becomes very difficult for anyone else to spy on your web-browsing activity. The only people who will know what you’re up to are you, the VPN provider (usually an HTTPS connection can mitigate this), and the website you’re visiting.

A VPN is like a secure tunnel for a web traffic.

When you’re on public Wi-Fi at an airport or café, that means hackers will have a harder time stealing your login credentials or redirecting your PC to a phony banking site. Your Internet service provider (ISP), or anyone else trying to spy on you, will also have a near impossible time figuring out which websites you’re visiting.

On top of all that, you get the benefits of spoofing your location. If you’re in Los Angeles, for example, and the VPN server is in the U.K., it will look to most websites that you’re browsing from there, not southern California.

This is why many regionally restricted websites and online services such as BBC’s iPlayer or Sling TV can be fooled by a VPN. I say “most” services because some, most notably Netflix, are fighting against VPN (ab)use to prevent people from getting access to, say, the American version of Netflix when they’re really in Australia.

For the most part, however, if you’re visiting Belgium and connect to a U.S. VPN server, you should get access to most American sites and services just as if you were sitting at a Starbucks in Chicago.

What a VPN can’t do

While VPNs are an important tool, they are far from foolproof. Let’s say you live in an oppressive country and want to evade censorship in order to access the unrestricted web. A VPN would have limited use. If you’re trying to evade government restrictions and access sites like Facebook and Twitter, a VPN might be useful. Even then, you’d have to be somewhat dependent on the government’s willingness to look the other way.

Anything more serious than that, such as mission-critical anonymity, is far more difficult to achieve—even with a VPN. Privacy against passive surveillance? No problem. Protection against an active and hostile government? Probably not.

HideMyAss

A VPN service provider such as HideMyAss can protect your privacy by ensuring your internet connection is encrypted.

The problem with anonymity is there are so many issues to consider—most of which are beyond the scope of this article. Has the government surreptitiously installed malware on your PC in order to monitor your activity, for example? Does the VPN you want to use have any issues with data leakage or weak encryption that could expose your web browsing? How much information does your VPN provider log about your activity, and would that information be accessible to the government? Are you using an anonymous identity online on a PC that you never use in conjunction with your actual identity?

Anonymity online is a very difficult goal to achieve. If, however, you are trying to remain private from prying eyes or evade NSA-style bulk data collection as a matter of principle, a reputable VPN will probably be good enough.

Beyond surveillance, a VPN also won’t do much to keep advertisers from tracking you online. Remember that the website you visit is aware of what you do on its site and that applies equally to advertisers serving ads on that site.

To prevent online tracking by advertisers and websites you’ll still need browser add-ons like Ghostery, Privacy Badger, and HTTPS Everywhere.

How to choose a VPN provider

There was a time when using a VPN required users to know about the built-in VPN client for Windows or universal open-source solutions such as OpenVPN. Nowadays, however, nearly every VPN provider has its own one-click client that gets you up and running in seconds. There are usually mobile apps as well to keep your Android or iOS device secure over public Wi-Fi.

The bad news for anyone used to free services is that it pays to pay when it comes to a VPN. There are tons of free options from reputable companies, but these are usually a poor substitute for the paid options. Free services usually allow a limited amount of bandwidth usage per month or offer a slower service. Tunnel Bear, for example, offers just 500MB of free bandwidth per month, while CyberGhost offers a free service that is significantly slower than its paid service.Of course that brings up another problem. Since there are so many services to choose from, how can you tell which ones are worth using? PCWorld has taken care of much of the legwork with its Best VPN services roundup. [Spoiler alert: It found Mullvad to be a great all-around VPN for its above-and-beyond commitment to user privacy, and NordVPN to be the current choice for watching U.S. Netflix from abroad.]

CyberGhost

Everybody loves free services; but when you want to use a VPN, the free version usually isn’t the best deal.

Then there are the free VPNs that use an ad-supported model, which in my experience usually aren’t worth using at all. Plus, free VPNs are usually anything but; in lieu of payment they may be harvesting your data (in anonymized form of course) and selling it as “marketing insights” to advertisers.

The good news is VPNs aren’t expensive. You can usually pay as little as $5 a month (billed annually or in blocks of several months) for VPN coverage.

What features to look for

Here are some issues to consider when shopping around for a VPN provider.

First, what kind of logging does your VPN provider do? In other words, what information do they keep about your VPN sessions and how long is it kept? Are they recording the IP addresses you use, the websites you visit, the amount of bandwidth used, or any other key details?

All VPNs have to do some kind of logging, but there are VPNs that collect as little data as possible and others that aren’t so minimalist. On top of that, some services discard their logs in a matter of hours or days while other companies hold onto them for months at a time. How much privacy you expect from your VPN-based browsing will greatly influence how long you can stand having your provider maintain your activity logs—and what those logs contain.

TunnelBear

TunnelBear is one of the author’s favorite VPNs, but there are many good choices on the market.

Second, what are the acceptable terms of use for your VPN provider? Thanks to the popularity of VPNs with torrent users, permissible activity on specific VPNs can vary. Some companies disallow torrents completely, some are totally fine with them, while others won’t stop torrents but officially disallow them. We aren’t here to advise pirates, but anyone looking to use a VPN should understand what is and is not okay to do on their provider’s network.

Finally, does the VPN provider offer their own application that you can download and install? Unless you’re a power user who wants to mess with OpenVPN, a customized VPN program is really the way to go. It’s simple to use and doesn’t require any great technical knowledge or the need to adjust any significant settings.

Using a VPN

You’ve done your due diligence, checked out your VPN’s logging policies, and found a service with a great price and a customized application. Now, for the easy part: connecting to the VPN.

Here’s a look at a few examples of VPN desktop applications.

TunnelBear (reviewed here) has a very simple interface. All you need to do is select the country you want to be virtually present in, click the slider to “on,” and wait for a connection-confirmation message.

SaferVPN (reviewed here) works similarly. From the left-hand side you select the country you’d like to use—the more common choices such as the U.S., Germany, and the U.K. are at the top. Once that’s done, hit the big Connect button and wait once again for the confirmation message.

SaferVPN

With SaferVPN, all you need to do is choose the country you wish to have a virtual presence in.

HMA Pro  is slightly more complicated, but it’s far from difficult to understand. If you want to select your desired virtual location click the Location mode tab, click on the location name, and then choose your preferred location from the list. Once that’s done, click the slider button that says Disconnected. Once it flips to Connected, you’re ready to roll.

There are numerous VPN services out there, and they all have different interfaces; but they are all similar enough that if you can successfully use one, you’ll be able to use the others.

That’s all there is to using a VPN. The hard part is figuring out which service to use. Once that’s done, connecting to a VPN for added privacy or to stream your favorite TV shows while abroad is just a click away.

VLAN
Virtual Local Area Networks, or VLANs, are a very simple concept that has been very poorly defined by the industry.

This article will explain VLANs from a practical perspective. It will be framed around the two major functions of VLANs, and then concluded with another equally poorly defined concept, the Native VLAN.

Finally, at the end of the article is a two question comprehension challenge – if you can successfully answer these two questions, then you can consider yourself to fully understand the concept of VLANs — the topic of configuring VLANs will be covered in another article.

Two Major Functions of VLANs

Below is a network with three different physical switches. The switches facilitate communication within networks, and the Routers facilitate communication between networks.

Each switch above independently performs the four functions of switch.

If each of these switches have 24 ports and only two are in use, then 22 ports are left wasted on each switch. Moreover, what if you need to replicate this network elsewhere and you do not have three physical switches to accommodate?

That is where the first major function of a VLAN comes into play: A VLAN allows you to take one physical switch, and break it up into smaller mini-switches.

Breaking up one Physical Switch into multiple Virtual Switches

Consider each circle on the switch below as its own mini-switch. Each of these mini-switches, or virtual switches, operate completely independent from the others — exactly as they would had there been three different physical switches.

Traffic flow through this topology operates exactly as it did in the topology above it (with three separate physical switches).

Each virtual switch, or VLAN, is simply a number assigned to each switch port. For example, the two switch ports in the red mini-switch might be assigned to VLAN #10. The two ports in the orange mini-switch might be assigned to VLAN #20. And lastly the two switch ports in the blue mini-switch might be assigned to VLAN #30.

If a port is not explicitly assigned a VLAN number, it resides in the default VLAN, which has a VLAN number of 1.

Traffic arriving on a switch port assigned to VLAN #10 will only ever be forwarded out another switch port that belongs to VLAN #10 – a switch will never allow traffic to cross a VLAN boundary. Again, each VLAN operates as if it were a completely separate physical switch.

In the first illustration, traffic from the red switch cannot magically appear on the orange switch without first passing through a router. Similarly, in the second illustration, traffic in VLAN #10 cannot magically appear on VLAN #20 without also passing through a router.

Each of the VLANs also maintain their own, independent, MAC address table. If Host A sends a frame with a destination MAC address of Host B, that frame would still be flooded solely within the switch ports in VLAN #10.

Ultimately, assigning different ports to different VLANs allows you to re-use a single physical switch for multiple purposes. This is the first major function of a VLAN.

But that isn’t all VLANs allow you to do. The second major function is VLANs allow you to extend the smaller Virtual switches across multiple Physical switches.

Extending Virtual Switches across multiple Physical Switches

To illustrate this point, we will expand the topology above with an additional physical switch and two additional hosts:

Notice how a VLAN# 10 and VLAN# 30 have been extended onto a second switch. This enables Host A and Host C to exist in the same VLAN, despite being connected to different physical switches located in potentially different areas.

The primary benefit of extending a VLAN to different physical switches is that the Layer 2 topology no longer has to be tied to the Physical Topology. A single VLAN can span across multiple rooms, floors, or office buildings.

Each connected switch port in the topology above is a member of only a single VLAN. This is referred to as an Access port. An Access port is a switch port that is a member of only one VLAN.

Whenever the switch receives any traffic on an Access port, it accepts the traffic onto the configured VLAN.

In order to extend a VLAN to the second switch, a connection is made between one Access port on both switches for each VLAN. While functional, this strategy does not scale. Imagine if our topology was using ten VLANs, on a 24 port switch nearly half of the ports would be taken up by the inter-switch links.

Instead, there is a mechanism which allows a single switch port to carry traffic from multiple VLANs. This is referred to as a Trunk port. A Trunk port is a switch port that carries traffic for multiple VLANs.

We can use Trunk ports to reduce the amount of switch ports required for the topology above. This enables us to leave more ports available to add hosts to the network in the future.

This physical topology operates (logically) identically to the illustration above it, but requires far fewer switch ports.

We were able to use a total of four Trunk ports (across both switches) to replace eight different Access ports in the prior illustration.

Typically, switch ports connected to end-host devices are configured as Access ports (e.g., workstations, printers, servers). Conversely, switch ports connected to other network devices are configured as Trunk ports (e.g., other switches, routers). We will uncover the reason for this later in this article.

Tagged Ports and Untagged Ports

A Trunk port on a switch can receive traffic for more than one VLAN. For example, in the illustration above, the link between the two switches is carrying traffic for both VLAN 10 and VLAN 30.

But in both cases, the traffic is leaving one switch as a series of 1s and 0s, and arriving on the other switch as a series of 1s and 0s. Which begs the question, how will the receiving switch determine which 1s and 0s belong to VLAN #10, and which 1s and 0s belong to VLAN #30?

To account for this, whenever a Switch is forwarding traffic out a Trunk port, it adds to that traffic a tag to indicate to the other end what VLAN that traffic belongs to. This allows the receiving switch to read the VLAN tag in order to determine what VLAN the incoming traffic should be associated to.

An Access port, by comparison, can only ever carry or receive traffic for a single VLAN. Therefore, there is no need to add a VLAN Tag to traffic leaving an Access port.

Since VLANs are a Layer 2 technology, the VLAN Tag is inserted within the Layer 2 header. The standard Layer 2 header in modern networks is the Ethernet header, which has three fields: Destination MAC Address, Source MAC Address, and Type.

When an Ethernet frame is exiting a Trunk port, the switch will insert a VLAN Tag between the Source MAC address and the Type fields.

This allows the receiving switch to associate the frame with the appropriate VLAN.

To summarize, the final topology with traffic traveling between Host C and Host D through Access ports and Trunk ports will look like this:

The physical topology above will work exactly like the logical topology below. The hosts will not know whether they are going through two physical switches (or three or four), or what VLANs they are in. They operate exactly as they would in any situation which involves moving packets through a network.

Access Ports and End-Host Devices

Earlier we mentioned Access ports typically face end-host devices like workstations or printers or servers. Part of the reason for this is that switches do not add a VLAN tag when sending traffic out an Access port.

Most end-host devices do not understand the concepts of VLANs. In fact, if they received frames with a VLAN tag inserted in the middle of the Ethernet header, they are likely to drop them under the assumption that they were malformed frames.

Of course, understanding the concepts of VLANs is merely a matter of installing the right software or software patch, but imagine the overhead of requiring every user on your network to both install the software patch, and configure their devices to send the appropriate VLAN tag.

It is much better for the network administrator to configure and concern themselves with VLANs, and for the end-host devices to remain blissfully ignorant of what VLAN they are in, or even whether VLANs are being utilized at all.

Terminology

Finally, a quick note on terminology. The terms Access port and Trunk port are usually associated with the Cisco world. But VLANs are an open standard, therefore other vendors are able to implement VLANs as well.

What Cisco calls a Trunk port (i.e., a switch port that carries traffic for more than one VLAN), other vendors refer to as a Tagged port – referring to the addition of a VLAN tag to all traffic leaving such a port.

What Cisco calls an Access port (i.e., a switch port that carries traffic for only one VLAN), other vendors refer to as an Untagged port – referring to the traffic leaving the switch port without a VLAN tag.

These terms are not exhaustive, there are some vendors that may yet use other terminology, other vendors may even mix and match these terms. Regardless of the terminology used, all the concepts discussed above  still apply.

802.1q VLAN Tag

VLAN tags requires adding and removing bits to Ethernet frames. The specific sequence of bits to add is governed by an open standard, which allow any vendor to implement VLANs on their devices.

The exact format of the VLAN Tag is governed by the 802.1q standard. This is an open, IEEE standard which is the ubiquitous method of VLAN tagging in use today.

To demonstrate exactly how the VLAN Tag modifies a packet, take a look at the packet capture below of the same frame before and after it exits a Trunk port.

The portion of the frame highlighted in yellow is the added VLAN tag. Notice it is inserted between the Source MAC address and Type field of the original Ethernet header.

You can view this capture yourself in Cloudshark, or you can download the capture file and open it in Wireshark.

No other modification to the frame or its payload is made by the addition or removal of the VLAN tag. That said, since even the slight modification displayed above is made, adding and removing the VLAN tag also involves recalculating the CRC — which is a simple hash algorithm devised to detect transmissions errors on the wire.

There is an older method of VLAN tagging which is a closed, Cisco proprietary method. This method was called Inter-Switch Link, or ISL. ISL fully encapsulated the L2 frame in a new header which included the VLAN identification number.

But these days, even newer Cisco products do not support ISL, as the entire industry has moved to the superior, open standard of 802.1q.

Native VLAN

There is one final concept associated with VLANs that often brings confusion. That is the concept of the Native VLAN.

The Native VLAN is the answer to how a switch processes traffic it receives on a Trunk port which does not contain a VLAN Tag.

Without the tag, the switch will not know what VLAN the traffic belongs to, therefore the switch associates the untagged traffic with what is configured as the Native VLAN. Essentially, the Native VLAN is the VLAN that any received untagged traffic gets assigned to on a Trunk port.

Additionally, any traffic the switch forwards out a Trunk port that is associated with the Native VLAN is forwarded without a VLAN Tag.

The Native VLAN can be configured on any Trunk port. If the Native VLAN is not explicitly designated on a Trunk port, the default configuration of VLAN #1 is used.

That being said, it is crucially important that both sides of a Trunk port are configured with the same Native VLAN. This illustration explains why:

Above we have four Hosts (A, B, C, D) all connected to Access Ports in VLAN #22 or VLAN #33, and Switch X and Switch Y connected to each other with a Trunk port.

Host A is attempting to send a frame to Host C. When it arrives on the switch, Switch X associates the traffic with VLAN #22. When the frame is forwarded out Switch X’s Trunk port, no tag is added since the Native VLAN for the Trunk Port on Switch X is also VLAN #22.

But when the frame arrives on Switch Y without a tag, Switch Y has no way of knowing the traffic should belong to VLAN #22. All it can do is associated the untagged traffic with what Switch Y’s Trunk port has configured as the Native VLAN, which in the case is VLAN #33.

Since Switch Y will never allow VLAN #33 traffic to exit a VLAN #22 port, Host C will never get this traffic. Even worse, due to a Switch’s flooding behavior, Host D might inadvertently get the traffic that was destined to Host C.

Finally, it should be noted that the Native VLAN is an 802.1q feature. The antiquated tagging mechanism of ISL simply dropped traffic receive on a Trunk port that did not include the ISL tag. Also, remember that the Native VLAN concept only applies to Trunk ports — traffic leaving and arriving on an Access port is always expected to be untagged.

VLAN Comprehension Challenge

To test yourself to see if you fully understand how VLANs work, there is a simple challenge we can offer.

Below is a (poorly) configured topology, featuring five switches and twelve hosts. Each switch port is configured as either an Access port in the displayed VLAN, or a Trunk Port with the Native VLAN displayed.

The challenge is to answer just these two simple questions:

Question #1: If Host A sends a frame to Host B, will Host B receive it?

Question #2: If Host A sends a Broadcast, which hosts will receive it?

The answers and an explanation are provided below.

Remember, the goal isn’t simply to get the answer right, but to be able to understand why. If you can explain the answers to both of these questions to someone else, then you know you will have mastered the concept of VLANs.

WHAT IS HYBRID CLOUD? 

A hybrid cloud is an integrated cloud service utilising both private and public clouds to perform distinct functions within the same organisation.


All cloud computing services should offer certain efficiencies to different degrees but public cloud services are likely to be more cost efficient and scalable that private clouds. With hybrid cloud, an organisation can maximise their efficiencies by employing public cloud services for all non-sensitive operations, only relying on a private cloud where they require it, with it ensuring that all platforms are seamlessly integrated.

Examples of how Hybrid Clouds can be used

Hybrid cloud models can be implemented in a number of ways:

• Separate cloud providers team up to provide both private and public services as an integrated service
• Individual cloud providers offer a complete hybrid package
• Organisations who manage their private clouds themselves sign up to a public cloud service, which they then integrate into their infrastructure

In practice, an enterprise could implement hybrid cloud hosting to host their e-commerce website within a private cloud, where it is secure and scalable, but their brochure site in a public cloud, where it is more cost effective (and security is less of a concern).

Alternatively, an Infrastructure as a Service (IaaS) offering, for example, could follow the hybrid cloud model and provide a financial business with storage for client data within a private cloud, but then allow collaboration on project planning documents in the public cloud – where they can be accessed by multiple users from a convenient location. 

Features

1. SCALABILITY
   Whilst private clouds do offer a certain level of scalability depending on their configurations (whether they are hosted internally or externally for example), public cloud services will offer scalability with fewer boundaries because resource is pulled from the larger cloud infrastructure. By moving as many non-sensitive functions as possible to the public cloud, it allows an organisation to benefit from public cloud scalability whilst reducing the demands on a private cloud
2. COST EFFICIENCIES
   Again, public clouds are likely to offer more significant economies of scale (such as centralised management), and so greater cost efficiencies, than private clouds. Hybrid clouds, therefore, allow organisations to access these savings for as many business functions as possible whilst still keeping sensitive operations secure.
3. SECURITY
   The private cloud element of the hybrid cloud model not only provides the security where it is needed for sensitive operations, but can also satisfy regulatory requirements for data handling and storage where it is applicable
4. FLEXIBILITY
   The availability of both secure resource and scalable cost effective public resource can provide organisations with more opportunities to explore different operational avenues

For example, an enterprise can deploy an on-premises private cloud to host sensitive or critical workloads, but use a third-party public cloud provider, such as Google Compute Engine, to host less-critical resources, such as test and development workloads. To hold customer-facing archival and backup data, a hybrid cloud could also use Amazon Simple Storage Service (Amazon S3). A software layer, such as Eucalyptus, can facilitate private cloud connections to public clouds, such as Amazon Web Services (AWS).

Hybrid cloud is particularly valuable for dynamic or highly changeable workloads. For example, a transactional order entry system that experiences significant demand spikes around the holiday season is a good hybrid cloud candidate. The application could run in private cloud, but use cloud bursting to access additional computing resources from a public cloud when computing demands spike. To connect private and public cloud resources, this model requires a hybrid cloud environment.

Another hybrid cloud use case is big data processing. A company, for example, could use hybrid cloud storage to retain its accumulated business, sales, test and other data, and then run analytical queries in the public cloud, which can scale to support demanding distributed computing task

Public cloud vs. private cloud and hybrid cloud

The term public cloud arose to differentiate between the standard cloud computing model and the private cloud, which is a proprietary cloud computing architecture dedicated to a single organization. Private cloud differs from public cloud, as it serves as an extension of a company's existing data center and is accessible only by that company.

A third model, the hybrid cloud, is maintained by both internal and external providers. In effect, a hybrid cloud is a combination of public and private cloud services, with orchestration between the two. In some cases, this model is attractive because it enables organizations to tap into the benefits of the public cloud, while maintaining their own private cloud for sensitive, critical or highly regulated data and applications.

Conclusion

Hybrid cloud can be an effective solution for a businesses with a tight focus on security or unique physical presence demands. Although there's seemingly less risk in a hybrid cloud model, a connection to the public cloud does have data security implications. This, however, is true of almost any public network communication.

And while the upfront cost of server hardware for the private end of the hybrid cloud is high, the control that IT departments can wield over hardware selection and system design for the private component offers an invaluable way of properly tailoring resources to the business's needs. Assembling a private cloud to handle a standard workload, with burst compute offloaded to the public cloud, can be a long-term budget-friendly arrangement.

Ultimately, hybrid cloud allows organizations to leverage public cloud pservices without offloading the entirety of their data to a third-party data center. This provides a great deal of flexibility in computing tasks, while keeping vital components within the company firewall.

WHAT IS PUBLIC CLOUD? 

The most recognisable model of cloud computing to many consumers is the public cloud model, under which cloud services are provided in a virtualised environment, constructed using pooled shared physical resources, and accessible over a public network such as the internet.

A public cloud is one based on the standard cloud computing model, in which a service provider makes resources, such as virtual machines (VMs), applications or storage, available to the general public over the internet. Public cloud services may be free or offered on a pay-per-usage model.

The main benefits of using a public cloud service are:

• it reduces the need for organizations to invest in and maintain their own on-premises IT resources;

• it enables scalability to meet workload and user demands; and

• there are fewer wasted resources because customers only pay for the resources they use.

Public cloud architecture

Public cloud is a fully virtualized environment. In addition, providers have a multi-tenant architecture that enables users -- or tenants -- to share computing resources. Each tenant's data in the public cloud, however, remains isolated from other tenants. Public cloud also relies on high-bandwidth network connectivity to rapidly transmit data.

Public cloud storage is typically redundant, using multiple data centers and careful replication of file versions. This characteristic has given it a reputation for resiliency.

Public cloud architecture can be further categorized by service model. Common service models include:

• software as a service (SaaS), in which a third-party provider hosts applications and makes them available to customers over the internet;

• platform as a service (PaaS), in which a third-party provider delivers hardware and software tools -- usually those needed for application development -- to its users as a service; and

• infrastructure as a service (IaaS), in which a third-party provider offers virtualized computing resources, such as VMs and storage, over the internet.

Public cloud pros and cons

In general, the public cloud is seen as a way for enterprises to scale IT resources on demand, without having to maintain as many infrastructure components, applications or development resources in house.
The pay-per-usage pricing structure offered by most public cloud providers is also seen by some enterprises as an attractive and more flexible financial model. For example, organizations account for their public cloud service as an operational or variable cost rather than as a capital or fixed cost. In some cases, this means organizations do not require lengthy reviews or advanced budget planning for public cloud decisions.
However, because users typically deploy public cloud services in a self-service model, some companies find it difficult to accurately track cloud service usage, and potentially end up paying for more cloud resources than they actually need. Some organizations also just prefer to directly supervise and manage their own on-premises IT resources, including servers.
In addition, because of the multi-tenant nature of public cloud, security is an ongoing concern for some enterprises evaluating the cloud. While public cloud providers offer security technologies, such as encryption and identity and access management tools, some organizations -- especially those with strict regulatory or governance requirements -- choose to keep workloads on premises.

Public cloud providers and adoption

The public cloud market is led by a few key players, including Amazon Web Services (AWS), Microsoft Azure and Google Cloud Platform. These providers deliver their services over the internet and use a fundamental pay-per-usage approach. Each provider offers a range of offerings oriented toward different workloads and enterprise needs

Examples of Public Cloud

The most salient examples of cloud computing tend to fall into the public cloud model because they are, by definition, publicly available. Examples include: 

• Cloud storage services
• Online software applications
• Cloud hosting, including website hosting
• Cloud based development environments 

To some extent they can be defined in contract to private clouds which ring-fence the pool of underlying computing resources, creating a distinct cloud platform to which only a single organisation has access. Public clouds, on the other hand, provide services to multiple clients using the same shared infrastructure. Public clouds are used extensively in offerings for private individuals who are less likely to need the level of infrastructure and security offered by private clouds. However, enterprises can still utilise public clouds to make their operations significantly more efficient, for example, with the storage of non-sensitive content, online document collaboration and webmail.

WHAT IS PRIVATE CLOUD? 

A private cloud is a particular model of cloud computing that involves a distinct and secure cloud based environment in which only the specified client can operate.

Private cloud refers to a model of cloud computing where IT services are provisioned over private IT infrastructure for the dedicated use of a single organization. A private cloud is usually managed via internal resources.

The terms private cloud and virtual private cloud (VPC) are often used interchangeably. Technically speaking, a VPC is a private cloud using a third-party cloud provider's infrastructure, while a private cloud is implemented over internal infrastructure.
Private clouds may also be referred to as enterprise clouds. 

A virtual private cloud (VPC) is an on-demand configurable pool of shared computing resources allocated within a public cloud environment, providing a certain level of isolation between the different organizations (denoted as users hereafter) using the resources. The isolation between one VPC user and all other users of the same cloud (other VPC users as well as other public cloud users) is achieved normally through allocation of a private IP subnet and a virtual communication construct (such as a VLAN or a set of encrypted communication channels) per user. In a VPC, the previously described mechanism, providing isolation within the cloud, is accompanied with a VPN function (again, allocated per VPC user) that secures, by means of authentication and encryption, the remote access of the organization to its VPC cloud resources. With the introduction of the described isolation levels, an organization using this service is in effect working on a 'virtually private' cloud (that is, as if the cloud infrastructure is not shared with other users), and hence the name VPC.

VPC is most commonly used in the context of cloud infrastructure as a service. In this context, the infrastructure provider, providing the underlying public cloud infrastructure, and the provider realizing the VPC service over this infrastructure, may be different vendors.

Techopedia explains Private Cloud

There is some controversy around the very idea of a private cloud. The central idea of cloud computing is an organization should not need to build out and manage computing infrastructure itself. By utilizing cloud vendors, an organization should lower costs while receiving services and applications that are on par or better than what could be done in-house. Given this, a private cloud would seem to be going backwards. An organization would still need to build out and manage the private cloud infrastructure and not get any benefits from the economies of scale that should come with cloud computing.

The flip side of this argument is that not all organizations can give up control to third-party vendors. A proponent of private clouds would argue there are still significant benefits to private clouds in the sense that a private cloud is a way to centralize large installations of IT infrastructure in a highly virtualized manner while avoiding exposure to the unknowns of an outside cloud vendor.

As with other cloud models, private clouds will provide computing power as a service within a virtualised environment using an underlying pool of physical computing resource. However, under the private cloud model, the cloud (the pool of resource) is only accessible by a single organisation, therefore providing that organisation with greater control and privacy.


Features and Benefits of Private Clouds:

1. HIGHER SECURITY AND PRIVACY
   While public cloud services offer a certain level of security, private clouds are the more secure option. This is achieved using distinct pools of resource with access restricted to connections made from one organisation’s firewall, dedicated leased lines and on-site internal hosting
2. MORE CONTROL
    As a private cloud is only accessible by a single organisation, that organisation will have the ability to configure and manage it inline with their needs to achieve a tailored network solution
3. COST AND ENERGY EFFICIENCY
    Implementing a private cloud model can improve the allocation of resources within an organisation by ensuring that the availability of resources to individual departments/business functions can directly and flexibly respond to their demand. They make more efficient use of the computing resource than traditional LANs and can also reduce an organisation’s carbon footprint
4. IMPROVED RELIABILITY
   Even where resources (servers, networks etc.) are hosted internally, the creation of virtualised operating environments means that the network is more resilient to individual failures across the physical infrastructure. Virtual partitions can, for example, pull their resource from the remaining unaffected servers
5. CLOUD BURSTING
   Some providers may offer the opportunity to employ cloud bursting, within a private cloud offering, in the event of spikes in demand. This service allows the provider to switch certain non-sensitive functions to a public cloud to free up more space in the private cloud for the sensitive functions that require it 

Private Cloud Characteristics

Private cloud services can vary considerably and so it is hard to define what constitutes a private cloud from a technical aspect. Instead such services are usually categorised by the features that they offer to their client. Traits that characterise private clouds include:

• Ring fencing of a cloud which has multiple clients accessing virtualised services, which all draw their resource from a distinct pool of physical computing. These may be hosted internally or externally and may be accessed across private leased lines or secure encrypted connections via public networks
• Additional security, which is ideal for enterprises that need to store and process private data or carry out sensitive tasks. For example, a private cloud service could be utilised by a financial company that is required to store sensitive data internally and who will still want to benefit from some of the advantages of cloud computing, such as on-demand resource allocation

Have you ever watched this typical B-grade summer blockbuster flick or neverending CSI-like detective series where they show you a really skillful hacker "breaking" through the mainframe?

Well, apparently, there is no such thing and the mainframe would not succumb to hacker attacks.
Linus clears out this situation for us in the new Techquickie video: