Hi All, I am quite unexperienced in networks so I would like to ask someone who has more knowledge on this topic.
When DO introduced private networking back then there were some criticism that communication through the private network is not private at all while others can intercept the traffic within the same network (datacenter). So if you wanted to use the private network securely you had to configure a VPN for example to encrypt the communication.
Now I saw the announcement stating: “As of July 18, 2018, DigitalOcean private networking isolates communication at the account or team level between Droplets located in the same datacenter region.” and I was wondering whether this means that configuring a VPN is no longer necessary or others still have to possibility to sniff or even modify my traffic? I have searched DO support and other resources on the internet but I haven’t been able to find any reliable answer for this question.
It would be very nice if DO could clarify this, while misusing the private network could bring a huge security risk which could really bite unexperienced users like me.
Thank you very much for your help in advance!
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
Accepted Answer
Hello friend!
Excellent question. Your private networking is isolated and, in theory, no one can sniff your traffic. The reason I say “in theory” is because I’m afraid I’ve seen a bit too much in my time in the industry thus far, not that we haven’t taken the appropriate measures to protect you.
I believe that the security measures you take should be equivalent to the data you need to protect. You should assume that every layer of security might one day be found to not be as secure as once thought. We never thought we’d see the day that CPUs themselves were not secure, but here we are after the fact, just a bit more paranoid than ever before. Trust that we’re going to be paranoid and put forth every effort to protect you, but supplement that with your own security measures because you never know what is around the corner.
I suppose the shorter version of this is to say I expect you to be secure without that VPN, but if your data is of value I think you should use that VPN anyway.
Kind Regards, Jarland
All this is cool, but DO really should allow private networking within the same account/team, and NOT limit it by data centers, especially if several of their data centers are unavailable from time to time.
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and SMBs
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.