VPC Management
An examination of the IaC features of the edge VPC using deployable architecture on IBM Cloud. Many organizations now find themselves forced to create a secure and customizable virtual private cloud (VPC) environment within a single region due to the constantly changing nature of cloud infrastructure. This need is met by the VPC landing zone deployable architectures, which provide a collection of initial templates that may be easily customized to meet your unique needs.
Utilizing Infrastructure as Code (IaC) concepts, the VPC Landing Zone deployable architecture enables you to describe your infrastructure in code and automate its deployment. This method facilitates updating and managing your edge VPC setup while also encouraging uniformity across deployments.
The adaptability of the VPC Landing Zone is one of its main advantages. The starting templates are simply customizable to meet the unique requirements of your organisation. This can entail making changes to security and network setups as well as adding more resources like load balancers or block volumes. You may immediately get started with the following patterns, which are starter templates.
Edge VPC setup
- Pattern of landing zone VPCs: Installs a basic IBM Cloud VPC architecture devoid of any computational resources, such as Red Hat OpenShift clusters or VSIs.
- QuickStart virtual server instances (VSI) pattern: In the management VPC, a jump server VSI is deployed alongside an edge VPC with one VSI.
- QuickStart ROKS pattern: One ROKS cluster with two worker nodes is deployed in a workload VPC using the Quick Start ROKS pattern.
- Virtual server (VSI) pattern: In every VPC, deploys the same virtual servers over the VSI subnet layer.
- Red Hat Open Shift pattern: Every VPC’s VSI subnet tier has an identical cluster deployed per the Red Hat Open Shift Kubernetes (ROKS) design.
VPC Patterns that adhere to recommended standards
- To arrange and oversee cloud services and VPCs, establish a resource group.
- Configure Cloud Object Storage instances to hold Activity Tracker data and flow logs.
- This makes it possible to store flow logs and Activity Tracker data for a long time and analyze them.
- Keep your encryption keys in situations of Key Protect or Hyper Protect Crypto Services. This gives the management of encryption keys a safe, convenient location.
- Establish a workload VPC for executing programmes and services, and a management VPC for monitoring and controlling network traffic.
- Using a transit gateway, link the workload and management VPCs.
- Install flow log collectors in every VPC to gather and examine information about network traffic. This offers visibility and insights on the performance and trends of network traffic.
- Put in place the appropriate networking rules to enable VPC, instance, and service connectivity.
- Route tables, network ACLs, and security groups are examples of these.
- Configure each VPC’s VPEs for Cloud Object Storage.
- This allows each VPC to have private and secure access to Cloud Object Storage.
- Activate the management VPC VPN gateway.
- This allows the management VPC and on-premises networks to communicate securely and encrypted.
Patterns of landing zones
To acquire a thorough grasp of the fundamental ideas and uses of the Landing Zone patterns, let’s investigate them.
First, the VPC Pattern
Being a modular solution that provides a strong base upon which to develop or deploy compute resources as needed, the VPC Pattern architecture stands out. This design gives you the ability to add more compute resources, such as Red Hat OpenShift clusters or virtual private islands (VSIs), to your cloud environment. This method not only makes the deployment process easier, but it also makes sure that your cloud infrastructure is safe and flexible enough to meet the changing demands of your projects.
The VSI pattern QuickStart with edge VPC
Deploying an edge VPC with a load balancer inside and one VSI in each of the three subnets is the Quickstart VSI pattern pattern. It also has a jump server VSI that exposes a public floating IP address in the management VPC. It’s vital to remember that this design, while helpful for getting started quickly, does not ensure high availability or validation within the IBM Cloud for Financial Services framework.
ROKS pattern QuickStart
A security group, an allow-all ACL, and a management VPC with a single subnet make up the Quickstart ROKS pattern pattern. The Workload VPC features a security group, an allow-all ACL, and two subnets located in two distinct availability zones. There is a Transit Gateway that connects the workload and management VPCs.
In the workload VPC, a single ROKS cluster with two worker nodes and an enabled public endpoint is also present. The cluster keys are encrypted using Key Protect for further protection, and a Cloud Object Storage instance is configured as a prerequisite for the ROKS cluster.
Pattern of virtual servers
Within the IBM Cloud environment, the VSI pattern architecture in question facilitates the establishment of a VSI on a VPC landing zone. One essential part of IBM Cloud’s secure infrastructure services is the VPC landing zone, which is made to offer a safe platform for workload deployment and management. For the purpose of building a secure infrastructure with virtual servers to perform workloads on a VPC network, the VSI on VPC landing zone architecture was created expressly.
Pattern of Red Hat OpenShift
- The architecture of the ROKS pattern facilitates the establishment and implementation of a Red Hat OpenShift Container Platform in a single-region configuration inside a VPC landing zone on IBM Cloud.
- This makes it possible to administer and run container apps in a safe, isolated environment that offers the tools and services required to maintain their functionality.
- Because all components are located inside the same geographic region, a single-region architecture lowers latency and boosts performance for applications deployed within this environment.
- It also makes the OpenShift platform easier to set up and operate.
- Organizations can rapidly and effectively deploy and manage their container apps in a safe and scalable environment by utilizing IBM Cloud’s VPC landing zone to set up and manage their container infrastructure.