A logically isolated network environment that belongs entirely to you. Define your own IP space, divide into subnets across availability zones, control every traffic flow with ACLs and Security Groups — and pay nothing for the network layer itself.
A complete, production-ready VPC network takes under 5 minutes to configure. Start from scratch or adapt the planning guide for enterprise architectures.
Define your private network by choosing a CIDR block. Three segment types freely combinable — adjust the range at any time. One VPC per project, or multiple for environment isolation.
Divide your VPC into public and private subnets. Subnets can span any availability zone within the region — place public-facing resources in one, backend and database resources in another.
Launch VPS instances, databases, load balancers, and other services directly into your subnets. All resources inherit the network isolation, routing, and security rules you've defined.
Add a NAT Gateway for outbound internet access from private subnets. Bind Network ACLs to control subnet-level traffic. Apply Security Groups to individual instances for fine-grained access control.
Each component is independently configurable. All core components are free — use exactly what your architecture requires.
Subnet-level stateless firewall. Precise inbound and outbound rules for IP ranges, protocols, and ports — the first line of defence before traffic reaches resources.
Stateful instance-level firewall. Define allowed inbound/outbound rules per resource — allowed inbound automatically permits the response. Fine-grained per-instance control.
Control network traffic paths for all resources. Multiple routing rules bound to subnets — for VPC peering, dedicated line connections, and internet gateway routing.
Floating private IP between resources. Binds to a primary instance and auto-fails over to standby — no DNS delay, no application reconnection, transparent to clients.
Web tier, application tier, and database tier — each isolated in private subnets across two availability zones. The pattern behind the majority of enterprise cloud deployments on NubexCloud.
Unlike other cloud providers who charge for VPC endpoints, NAT gateways by the hour, and data transfer within the VPC — NubexCloud's core networking is entirely free. You only pay for the elastic IP that connects your NAT Gateway to the internet.
VPC, subnets, routing, security groups, ACLs, internal VIP — all of the infrastructure that defines and protects your network is permanently free. There is no minimum commit, no per-AZ charge, and no data transfer fee for traffic that stays inside your VPC.
The only billable component is the Elastic IP (EIP) that you bind to your NAT Gateway when private subnet resources need outbound internet access. EIP pricing is per-hour and per-traffic, visible in the console.
View EIP Pricing →VPC is the networking layer underneath every serious cloud deployment — from a two-tier startup app to a globally distributed enterprise platform.
We migrated our entire three-tier application stack to NubexCloud and built the VPC architecture in under an hour. The subnet isolation and Security Groups replaced months of firewall configuration we maintained on-premises. And the network layer cost us nothing.
Our PCI compliance required strict network isolation between payment processing and customer-facing API. NubexCloud VPC let us define exact CIDR ranges, apply ACLs at subnet boundaries, and Security Groups per instance. The auditors passed our network segmentation on first review.
We use NubexCloud VPC connected to our on-premises data centre via dedicated line and UDPN. Our legacy systems communicate with cloud workloads over the private backbone as if on the same LAN. Cross-region peering means Dubai and Riyadh share internal services without any public internet exposure.
VPC, Subnets, Security Groups, NAT Gateway, ACLs, Routing Table, and Internal VIP — all free. Define your network, deploy your resources, and control every traffic flow from day one.