Multi-Tier Networks in an On-Demand Cloud

Want a customized & versatile cloud?

Here at Voonami, we understand that our clients and prospective clients have a wide variety of use cases and concerns. One such case was brought to my attention in a recent conversation with a client who was expressing some frustrations over previous experiences on other cloud environments. All of their cloud machines were assigned public IP addresses,  prohibiting them from structuring their network the way they wanted, specifically, with all traffic passing through a PF Sense firewall. After discussing this case with some of the Voonami team members, we decided to highlight how our On-Demand Cloud service can easily and conveniently be configured to meet this use case, and many more.

Creating a Multi-Tier Architecture

Step 1: Create Networks

All Voonami cloud organizations are placed behind an edge gateway that comes equipped with basic firewall, NAT, and load balancing features that can be configured or disabled as needed. If the provided capabilities are not sufficient to meet the your needs, constructing a multi-tier network is quite simple. After logging into the portal, go to the administration tab at the top of the page. Once here, double-click on the On-Demand data center that contains, or will contain, your organizations VMs. Now go to the “Org VDC Networks” tab. Here as many networks as are needed for any particular use case can be created. To create the architecture desired by the client in my example above, a minimum of two networks are needed, one routed network and one isolated. When configuring the networks, feel free to use Voonami’s DNS servers as the default (208.97.49.10 and 208.97.48.10).

Notice the internal network has no connection to the edge gateway, and therefore, no direct internet connection.

Step 2: Upload ISOs

From the catalogs tab, upload any needed ISO files. For this example, it’s the ISO of the PF Sense firewall we want to create.  To upload any ISO or media files, go to the catalogs tab and select the organization’s catalog. Click the “Media & Other” tab and then the upload button. Find and select the desired files from your machine. Now we can move to the “My Cloud” tab and setup our machines.

 

Step 3: Create Machines

If there are no vApps already setup in the cloud org, we will need to do that first. Now, create the needed system or systems and connect them to the isolated network. Inside the same the vApp that holds your VM(s), create your firewall. To do this, select “New Virtual Machine” and fill in the name and desired specs. A few important points for our example as we create the firewall from an ISO instead of an existing template is that we need to select the “Other” radio dial, “Other (64-bit) in the drop down below. Also, make sure to have a NIC for each network, though more can be added later if needed. We will connect the primary NIC to our routed network. All other NICs will be connected to our isolated networks.

The two lines where the “Other” options need to be selected to install from an ISO are in the middle of the screenshot above

Step 4: Configuration

When the new VM no longer shows as busy, make sure to right click and select “Insert CD/DVD from catalog…” and select our previously uploaded ISO file. Once our VMs are created, we can right click on them and select properties if we wish to assign static IPs, check or change the auto-generated password, or increase the allocated resources, including NICs. Lastly, we power on the virtual machines, finish installs and setups as needed, and make the firewall, NAT, and network configurations necessary to match our company’s use case.

Simple Yet Powerful

Voila. We created a multi-tier on-demand cloud network in just a few minutes. While the network laid out here is simple, the tools showcased can be leveraged to meet a variety of needs. For example, with only a few more steps, we could easily create a DMZ using either the edge gateway provided or by creating another firewall behind the first to protect an additional network tier.

If the setup, configuration, and day-to-day auditing and management of the network your company needs to thrive is a little daunting or if your time is more valuable spent on other projects, feel free to contact us about our various managed options that are available. We would love to work with you to make your company thrive.

So, what network will you create?

Similar Posts