We do not offer multiple public IP addresses on the same virtual server but if there is a particular application that you would like to run we can help you troubleshoot/configure how to optimize it for a single IP.

We will be rolling out private networking for all virtual servers so that you will be able to communicate between virtual servers via the private network in the future.

Is there an ETA for the private net IPs? I'm not sure who asked this question, but I need either multiple external IPs, or at the very least an internal network. I need multiple SSL sites and I can not use SNI since it's not supported widely enough.

Instead of multiple externals I was going to use a proxy/balancer to do the SSL termination and then send unencrypted to the back end servers, but I can only do that on a private network.

We are looking to roll out a beta of private IPs in the next 1-2 months and let customers test. This will be a beta which means customers should not trust production systems to it, but if they want to test it and help us work through bugs.

Then we would be looking to finalize it and put it into production as part of the fully supported platform in about 3 months time total.

Bad this rolled out yet?

We haven't yet rolled out private IPs as we've been focused on our core infrastructure the past couple months to announce double RAM and SSD-only virtual servers today.

But its next on the list.

Any estimation when could it be released? Is a VPN a good substitute for private networks for now? How would you set up a cluster of several droplets?

We are hopeful that we will have it deployed in the next couple of months.

In regards to your specific question it depends on what you are looking to accomplish. If you want to secure your virtual servers the best route is to employ firewall rules. If you have a completely segregated private network it reduces the need for this, however you still want to employ firewall rules because that completely limits exactly which hosts can connect where and on what ports.

With a private network you will still have public servers, if one of those is compromised that user can then attempt to login to backend servers. If however you have firewall rules that restrict access even on top of the internal network you can limit the type of communication the servers have.

Essentially it's more work but it is more secure because instead of assuming that all private network communications are secure, you are instead assuming all communications are by default not secure and then opening up communication ports accordingly.

Thanks. What I want to accomplish is safe communication between droplets. For example one of them would be data machine (elasticsearch and/or mongo) while the other would serve http requests. I was thinking how to configure firewall so the machines will be able to communicate. Should I allow traffic from explicit ip numbers of my droplets? Normally if they were in a private network I would allow some traffic from LAN.

You would restrict it based on the IPs of the other servers that you want to communicate with the DB servers and only allow explicit access to the ports on which those services run on.

Then you may want to have a bastion host that you use to login to those servers to administer them.

Note that the mentioned article on using multiple certs on a single IP is now here: https://www.digitalocean.com/community/articles/how-to-set-up-multiple-ssl-certificates-on-one-ip-with-apache-on-ubuntu-12-04