In our Data Strategy proposal, the adoption of cloud technologies has increasingly taken on a predominant role in the solutions provided to clients. As detailed in the “Migrate To Cloud” use case, this proposal is structured into four distinct phases:
It is during the Foundation phase that we explore and implement the best networking strategies for our clients’ specific use cases. In particular, what is called a Landing Zone is implemented on the chosen cloud provider.
The Landing Zone serves as a central hub for cloud management and allows the definition of various aspects within it:
Each of the highlighted steps in the image is implemented using the principles of Infrastructure as Code (IaC), generating scripts that declaratively specify various infrastructure components and their configurations.
Once the IaC tool is chosen (e.g., Terraform, especially in multi-cloud contexts), the created scripts enable precise management of all infrastructure components, including network management services.
Virtual Private Clouds (VPCs) are one of the key components within a cloud infrastructure. They enable resource isolation in a virtualized environment, ensuring greater security and flexibility. Properly designing and organizing one or more VPCs is crucial to maximize their benefits.
When designing a VPC, it’s essential to plan the allocation of IP address spaces correctly using CIDR (Classless Inter-Domain Routing) blocks. This involves subdividing IP addresses into blocks that reflect scalability needs and logical resource segmentation.
One of the primary features of VPCs is the ability to create one or more subnets within them, specifying the CIDR block within the one defined for the VPC itself. This allows for an additional hierarchical level in resource organization and the application of security policies and general network management.
The simplest topology that can be used is the single VPC, where all cloud resources created reside within it. This scenario is suitable for feasibility studies of cloud provider services, development environments, or small applications with minimal security requirements.
Even in the case of feasibility studies, it is advisable to have resources in at least two VPCs to test the necessary configurations for integrating and enabling communication between the two VPCs. This allows anticipating potential issues early on that could arise in production environments.
This topology involves creating multiple separate VPCs within the same cloud account. Each VPC acts as an isolated entity with the ability to configure connections between them. This topology is ideal for segregating production and development environments or hosting applications with varying security requirements.
In the case of multiple VPCs, leveraging services provided by different cloud providers allows for various architectures. For example, central VPCs, referred to as “Hubs,” can serve as network managers for other satellite VPCs, known as “Spokes.” Alternatively, Transit VPCs can be used to connect other VPCs for inter-communication.
In the following paragraph, the concepts of Point-to-Point and Hub & Spoke will be elaborated upon, including the management of on-premise networks, defining the hybrid cloud management model.