2.3.2. Cloud Networking Components

Software-Defined Networking (SDN) foundations: Cloud networks separate the control plane (what to do) from the data plane (doing it). This enables programmable, automated network management.

Virtual Private Cloud (VPC): An isolated network segment within a public cloud. You control IP addressing, subnets, route tables, and security rules within your VPC—it's like having your own private network carved out of the provider's infrastructure.

Network Security Groups / Security Lists: Virtual firewalls that filter traffic to cloud resources. Stateful rules allow or deny based on source/destination IP, port, and protocol. Attached to subnets or individual resources.

Cloud Gateways:

• Internet Gateway: Connects VPC to the public internet (enables public IPs)
• NAT Gateway: Enables outbound internet for private instances (they can initiate connections but aren't reachable from outside)

Cloud Connectivity Options:

• VPN Gateway: Encrypted tunnel over the internet. Lower cost but variable performance due to internet routing.
• Direct Connect / ExpressRoute: Dedicated private connection to the cloud provider. Higher cost but consistent, predictable performance.

Key Cloud Characteristics:

• Scalability: Add capacity as needed (more VMs, more storage)
• Elasticity: Automatically scale up/down based on demand (auto-scaling groups)
• Multitenancy: Multiple customers share physical infrastructure, isolated virtually