VPC networking on digital ocean
-
I have a little cloudron with a couple of undemanding apps running (very nicely thank you!) over at Digital Ocean and got this email the other day.
Re-reading it, I am still uncertain whether "No action" is required and whether acting would break anything important (assuming not)!
Any guidance or thoughts appreciated ...
No Action Required — New Droplets will require a VPC starting October 1
Hi there,
Back in April we introduced VPC (Virtual Private Cloud), an evolution of our Private Network feature. It provides private connectivity for Droplets and gives you more control over the network’s configurations, including IP range and size, while also allowing you to have multiple networks.
Beginning October 1 2020, we will make VPC selection a standard part of the creation process of new Droplets. You don't need to create a VPC if you don't want to; we’ll assign an automatically created default VPC if you don't specify which one you want to use. This behavior is already in place for all other resources; we’re just aligning them all to keep things simple.
On October 1, we’ll disable the feature that allows the addition of VPCs to existing Droplets that don't already have one. Going forward, you’ll be able to do it using the documented migration process that is already in place. Until, then you can use the current process.
The standardization and streamlining of our features and processes is important to keep things simple and to allow us to provide even more features and a greater user experience going forward.
Feel free to open a Support ticket if you need more information. As always, we’re on standby to help.
-
I don't think any action is required, existing servers will continue to work without requiring any action.
To give a small explanation: VPC is essentially a private network. Practically speaking, let's say you have 4 droplets - app server 1+ db server 1 and another app server 2 + db server 2. If you put them all without a VPC and if app server 2 let's say becomes compromised, then an attacker can also access db server 1 since they are all in the same network. With a VPC, you will create 2 private network and put each app server + db server combo in it's own VPC. This way, app server 2 has no "network" access to db server 1. You can also setup firewall rules flexibly. For example, db server 1 does not even need a public IP anymore, so it will not even be reachable from the internet. Of course, all this can also be done without a VPC and just lots of firewall rules. VPC is a way to make those rules more manageable.
-
Thank you so much, and for the explanation in simple lay terms.
I kind of had assumed that they would continue working, if I did nothing. But would they stop working if I enable VPC?
Presumably if I setup a new cloudron it would be automatically wrapped in the VPC by default, but there would be no particular advantages.
Hopefully that is not a daft question ...
I'm not going to do anything for now ...
Many thanks
-
@greycloud said in VPC networking on digital ocean:
I kind of had assumed that they would continue working, if I did nothing. But would they stop working if I enable VPC?
My understanding is there is nothing to enable. The existing droplets simply get assigned a pre-built default VPC.
Presumably if I setup a new cloudron it would be automatically wrapped in the VPC by default, but there would be no particular advantages.
Yes, I think so as well.
