How to build a cloud infrastructure from a designer
We are now involved in a project to create a service that collects virtual infrastructure in the cloud. There are similar solutions on the market, but I see that we were able to move forward on this issue, perhaps a little further than other cloud providers. Why - I will try to explain with specific examples.
What is a typical cloud solution today? A small or medium-sized business company leases resources from its provider: cloud servers or VDS / VPS. Then, in manual mode, it creates infrastructure elements that are rarely found in finished form — VPN, balancer, subnet, router, and isolated network (VLAN) —and prescribe settings. For large business companies that require the implementation of complex infrastructure, everything is usually even harder: to perform a certain set of works, it is necessary to contact the support service of the provider with a request to develop a practically individual infrastructure project. It is clear that building a unique and complex infrastructure without ready-made elements is long and expensive.
As a result, a lot of time and effort of the IT team is spent on the organization of cloud infrastructure. Although the use of a virtual service is faster and cheaper than the organization of a physical infrastructure.
')
What did we decide to do?
Service that allows you to "build a virtual infrastructure with the mouse," online ( MakeCloud ).
To implement the idea, we used the "concept of the designer", a set of prefabricated elements from which the user independently collects the required infrastructure. Any element of the infrastructure - an isolated virtual network, a virtual server, security groups (firewalls), a virtual router, Cloudpipe (VPN gateway), a subnet, an additional disk - is added by clicking a button in the control panel. In the drop-down menu it remains to choose the settings for the item being created. Very soon we will add a balancer - it can also be added with one button on the site.
Result: solving infrastructure problems of small, medium and large businesses in the cloud with minimal time and resources of the customer.
And it really saves a lot of time for an IT specialist. In fact, any company can build its infrastructure in the cloud on such a service, from student start-ups to large businesses.
I will give a few typical examples - the most frequent configurations that users now collect at MakeCloud. On the one hand, due to the fact that these cases are really typical for mass business, they are easy to implement, but even here there is an opportunity to do it faster and easier.
Case first
What you need: Place an information site (storefront, blog, etc.).
Solution: Creating a virtual server that simultaneously performs the roles of a web server and a database server. In the control panel, an LAMP image is available that contains all the necessary software for launching the site; all that remains is to place the content. Unwanted access to the server is limited by security groups (firewall).
What we do:
• We create one virtual server
• Configure security groups (firewalls)
• Deploy your website on the server
Second case
What you need: Place an online store.
Solution: Creating a secure infrastructure with a two-tier application architecture - Front-end level and Back-end level. The front-end (for example, a website) is located in the DMZ, access to it is restricted to security groups (firewall). Back-end (for example, MS SQL Server (DB) and 1C server) is located in a private network. DMZ and private network are connected by a router.
What we do:
• Create a private network (VLAN 1)
• Create subnet 1
• Create a router with interfaces in the public network and subnet 1
• Create three virtual servers
• Set up security groups (firewalls)
• Deploy software on servers
Case three
What you need: Place a large electronic trading platform.
Solution: Creating a scalable, secure infrastructure with a two-tier application architecture - Front-end level and Back-end level. The front-end, unlike the second example, can contain several web servers (terminal farm), and the load between them will be distributed using the network load balancer (the balancer, as I wrote above, is not yet available on MakeCloud, but we will add soon). The back-end, for example, 1C and the database cluster, is located in the private network, and in the second case, it connects the DMZ and the private network to the router.
What we do:
• Create a private network (VLAN 1)
• Create subnet 1
• Create a router with interfaces in the public network and subnet 1
• Create and configure a network load balancer
• We create six virtual servers in the corresponding networks (according to the scheme)
• Configure security groups (firewalls)
• Deploy software on servers
Fourth case
What you need: Place the basic infrastructure in the cloud and arrange access to two offices.
Solution: Creating a secure infrastructure with a multi-layered application architecture, with the ability to create a point-to-point VPN connection between the cloud infrastructure and the customer's infrastructure. Access to Cloudpipe (VPN gateway), which is located in the DMZ, is restricted using security groups (firewalls). Different business applications can be deployed inside different private networks, flexibly and securely connecting networks through routers.
What we do:
• Create a private network (VLAN 1)
• Create subnet 1
• Create subnet 2
• Create a router with interfaces in the public network, subnet 1 and subnet 2
• Create Cloudpipe (VPN)
• Configure security groups (firewalls)
• We organize VPN tunnels between office A and Cloudpipe; between office B and Cloudpipe
• Create four virtual servers in the appropriate subnets.
• We place software on servers
In addition to the balancer (in development) and the finished LAMP image, we plan to prepare other images for quickly creating a server for specific tasks. We are currently working on launching an API compatible with AWS EC2.
All these typical cases, I repeat, are quite simple. It would, of course, be more interesting to work on examples of more complex IT tasks. If you throw such comments in the comments, we will try to show examples of their solution using ready-made MakeCloud elements.
What is a typical cloud solution today? A small or medium-sized business company leases resources from its provider: cloud servers or VDS / VPS. Then, in manual mode, it creates infrastructure elements that are rarely found in finished form — VPN, balancer, subnet, router, and isolated network (VLAN) —and prescribe settings. For large business companies that require the implementation of complex infrastructure, everything is usually even harder: to perform a certain set of works, it is necessary to contact the support service of the provider with a request to develop a practically individual infrastructure project. It is clear that building a unique and complex infrastructure without ready-made elements is long and expensive.
As a result, a lot of time and effort of the IT team is spent on the organization of cloud infrastructure. Although the use of a virtual service is faster and cheaper than the organization of a physical infrastructure.
')
What did we decide to do?
Service that allows you to "build a virtual infrastructure with the mouse," online ( MakeCloud ).
To implement the idea, we used the "concept of the designer", a set of prefabricated elements from which the user independently collects the required infrastructure. Any element of the infrastructure - an isolated virtual network, a virtual server, security groups (firewalls), a virtual router, Cloudpipe (VPN gateway), a subnet, an additional disk - is added by clicking a button in the control panel. In the drop-down menu it remains to choose the settings for the item being created. Very soon we will add a balancer - it can also be added with one button on the site.
Result: solving infrastructure problems of small, medium and large businesses in the cloud with minimal time and resources of the customer.
And it really saves a lot of time for an IT specialist. In fact, any company can build its infrastructure in the cloud on such a service, from student start-ups to large businesses.
I will give a few typical examples - the most frequent configurations that users now collect at MakeCloud. On the one hand, due to the fact that these cases are really typical for mass business, they are easy to implement, but even here there is an opportunity to do it faster and easier.
Case first
What you need: Place an information site (storefront, blog, etc.).
Solution: Creating a virtual server that simultaneously performs the roles of a web server and a database server. In the control panel, an LAMP image is available that contains all the necessary software for launching the site; all that remains is to place the content. Unwanted access to the server is limited by security groups (firewall).
What we do:
• We create one virtual server
• Configure security groups (firewalls)
• Deploy your website on the server
Second case
What you need: Place an online store.
Solution: Creating a secure infrastructure with a two-tier application architecture - Front-end level and Back-end level. The front-end (for example, a website) is located in the DMZ, access to it is restricted to security groups (firewall). Back-end (for example, MS SQL Server (DB) and 1C server) is located in a private network. DMZ and private network are connected by a router.
What we do:
• Create a private network (VLAN 1)
• Create subnet 1
• Create a router with interfaces in the public network and subnet 1
• Create three virtual servers
• Set up security groups (firewalls)
• Deploy software on servers
Case three
What you need: Place a large electronic trading platform.
Solution: Creating a scalable, secure infrastructure with a two-tier application architecture - Front-end level and Back-end level. The front-end, unlike the second example, can contain several web servers (terminal farm), and the load between them will be distributed using the network load balancer (the balancer, as I wrote above, is not yet available on MakeCloud, but we will add soon). The back-end, for example, 1C and the database cluster, is located in the private network, and in the second case, it connects the DMZ and the private network to the router.
What we do:
• Create a private network (VLAN 1)
• Create subnet 1
• Create a router with interfaces in the public network and subnet 1
• Create and configure a network load balancer
• We create six virtual servers in the corresponding networks (according to the scheme)
• Configure security groups (firewalls)
• Deploy software on servers
Fourth case
What you need: Place the basic infrastructure in the cloud and arrange access to two offices.
Solution: Creating a secure infrastructure with a multi-layered application architecture, with the ability to create a point-to-point VPN connection between the cloud infrastructure and the customer's infrastructure. Access to Cloudpipe (VPN gateway), which is located in the DMZ, is restricted using security groups (firewalls). Different business applications can be deployed inside different private networks, flexibly and securely connecting networks through routers.
What we do:
• Create a private network (VLAN 1)
• Create subnet 1
• Create subnet 2
• Create a router with interfaces in the public network, subnet 1 and subnet 2
• Create Cloudpipe (VPN)
• Configure security groups (firewalls)
• We organize VPN tunnels between office A and Cloudpipe; between office B and Cloudpipe
• Create four virtual servers in the appropriate subnets.
• We place software on servers
In addition to the balancer (in development) and the finished LAMP image, we plan to prepare other images for quickly creating a server for specific tasks. We are currently working on launching an API compatible with AWS EC2.
All these typical cases, I repeat, are quite simple. It would, of course, be more interesting to work on examples of more complex IT tasks. If you throw such comments in the comments, we will try to show examples of their solution using ready-made MakeCloud elements.
Source: https://habr.com/ru/post/181472/
All Articles