How can I use advanced network featues like NAT, Portforwarding, Loadbalancing, VPN ?
Safe Swiss Cloud allows its users to create and deploy network components with a few clicks. The virtual router is implemented in Safe Swiss Cloud as something called a VPC (virtual private cloud).
Some basic Terms in Safe Swiss Cloud and what they mean:
|Virtual Router (VR)||Router, Firewall, VPN, Local Networks, HA Proxy web load balancer|
|Virtual Machine (VM)||VM, instance, VPS etc. are all one and the same thing in Safe Swiss Cloud - an instance of a virtual machine.|
|Virtual Private Cloud (VPC)||When a virtual router is created, it defines and creates a virtual private cloud. Each VPC can contain multiple virtual machine instances, network segments, load balancers etc.|
|Virtual Data Center (VDC)||A virtual data center is a single customer account with Safe Swiss Cloud. It can contain one or more VPCs.|
|Guest Network or Tier||
A private network segment in Safe Swiss Cloud connected to a VR and managed from this virtual router.
A VPC is an isolated part of Safe Swiss Cloud, with the virtual router (VR) as the gatekeeper. It can have one or more private networks (i.e. 10.0.1.0/24, 10.0.2.0/24), connected together through the Virtual Router (VR) which is also connected to the internet. Inside these private networks you can deploy one or more VMs which will not be direcly accessible from the Internet since they are on a private network.
Safe computing is enabled in Safe Swiss Cloud by making access to internal VMs go through Virtual Router Firewall. The following network features can be activated:
|Public IP Addresses||Public IP is needed for any of the following services: Port Forwarding rule, Load Balancing rule, Static NAT etc.|
|Port forwarding||Forward traffic on a particular port e.g. 443 to access an internal VM's https service.|
|Static NAT||Static Network Address Translation enables forwarding of public network traffic on all ports one to one to an internal VM.|
|Remote VPN||Access a VM in the cloud from a single machine (desktop, mobile phone, tablet etc.) through a VPN tunnel|
|Site to Site VPN||Connect two networks through a VPN tunnel, e.g connect your office and your virtual data center with an IPsec VPN tunnel|
|ACLs||Specify what kind of traffic is allowed between different private networks, and also from any private network to the internet|
|Public Load Balancer||Load balancing for web traffic coming in through the Internet and implemented in the virtual router (VR) as an HA Proxy.|
|Internal Load Balancer||A load balancer for internal workloads, not accessible from the Internet.|
With this approach, you can really create your own Virtual Data Centar by having different private networks that are protected by one or more virtual routers.
An example of a VR (VPC in the GUI), which is using public load balancer features, is shown in the diagram below.
In this example we have one VR with public IP address, and two private networks behind the VR (web tier and app tier). We have activated load balancing features on the VR, so VR accepts web traffic from internet and distributes connection in i.e. round-robin fashion to 3 web servers. Inside app network, beside having 6 app servers, we also have activated 2 internal load balancers (small VMs) which accept connections from web servers, and distribute them among the 6 app servers.
This scenario is an example of using both public and private load balancing features of the VR/VPC.