You can host web applications and websites in a VPC and use the VPC as a common network. You can also create a subnet in the VPC, add ECSs to the subnet, and then assign EIPs to the ECSs to enable the ECSs to communicate with the Internet for running web applications on the ECSs. The VPN gateway is used to establish a VPN channel between the web applications and the service system in the cloud, ensuring high-speed interconnection between the website and the service system.
You can place multi-tier web applications into different security groups, and configure access control rules for each security group as required. In a VPC, you can add the web servers and database servers to different security groups. The subnet to which the web servers belong allows access from the Internet, but the subnet to which the databases belong allows only internal access. This method ensures database server security, meeting high security requirements.
You can connect a VPC to your private cloud using a VPN. With the VPN between the VPC and your traditional data center, you can easily use the ECSs and block storage resources provided by the public cloud system. Applications can be migrated to the cloud and additional web servers can be created to increase the computing capacity on a network. In this way, a hybrid cloud is built, which reduces IT O&M costs and protects enterprise core data from being leaked. VPCs can be deployed across availability zones (AZs), improving high availability (HA) for e-commerce systems.