Tilaa Best Practices: Broaden your horizon with VPC

Back to the overview
Tilaa Best Practices: Broaden your horizon with VPC
4 minute read

Tilaa makes cloud computing logical, fair, and hyper-secure by providing turnkey and fully automated infrastructure solutions. There are some interesting takeaways from the best practices of those who have already adopted or are in the process of implementing them. Read on to learn more about the possibilities of VPC.

There is an endless possibility for you to create your 'landing zone' using the Tilaa services and resources to the best extent possible, especially in 'multi-cloud' environments where various cloud topologies are combined into one logical configuration. In this article, we'll go over Tilaa and Virtual Private Cloud.

 

Tilaa Virtual Private Cloud (VPC)

A VPC (Virtual Private Cloud) is more than just a subnet with a private address range in a larger cloud environment. This could be a public cloud, but VPC also implies a private cloud provider's space. The main benefit of a VPC is that you have complete control over the functionality and, more importantly, who has access to it.

Basically, VPCs are defined by a few important aspects, being:

  • Most of the resources are placed within a non-public accessible space
  • Limited and controlled access to the private subnets of the VPC
  • Reduced amount of attack surfaces (public facing entry points)
  • Protection of the internal network via a firewall, or others

Creating spaces within your configuration without access from the public side may be a major pitfall of the configuration. Tilaa does not yet provide a managed firewall service. However, you can create a private subnet to which your resources are connected, though not through the website's configuration page. Simply contact support, and they will take care of it.

 

Securing the network(s) with Virtual Private Cloud

With having a private network, the question is how you as a legitimate user can gain access to the environment and its resources. One of the solutions to that is to use a separate instance with 2 network interfaces that can forward connections from the outside ‘world’ (or the Internet, as we tend to call it) to the internal network based on specific “access rules”. Firewalls are typically systems with this type of functionality.

To reduce the attack services while still having access to the entire private network, you can use a separate server with public access to act as a gateway between the 2 (public and private) networks. This type of system is known as a bastion or jump host. Logging into the bastion allows access to all other resources in the (private) network, as this special type of system is part of both. Actually, the secret is that a bastion is a regular machine with built-in port redirection functionality, rather than a special host.

With a firewall in place, you might be tempted to create an access list that only allows its own (corporate) network address to access the VPC in order to use the VPC resources/storage/databases/etc. exclusively from that network. While this is a viable option, installing a VPN concentrator on the network to enable secure and reliable connections from and to both networks is the best practice. When using a bastion host, the VPN concentrator software can be installed on that system to reduce the VPS footprint and improve the manageability of the environment.

 

Expanding networks with VPC

Access times, or lag as we call it, can be a major issue within a multi-national userbase, especially when there is only one data center that holds the servers and services that are in use. With a firewall in place and an external Content Delivery Network (CDN) service, you can have global access to the service with consistent performance. Simply make sure that the CDN gateway is the only entry in the firewall and that all internet traffic is routed through the CDN rather than a direct connection to the VPC.

 

Tilaa: your preferred Cloud Partner

At Tilaa we believe that progress begins with creating space for new ideas. That’s why we provide a rock-solid foundation for tomorrow’s businesses. We offer our turn-key cloud solutions and are experts in areas such as security and privacy.

We are constantly working to improve or extend the services in our portfolio. But even now, customers have the ability to adopt the enhanced features of the VPC structures, just by adding a VPS or two and a few open source software packages.

Are you looking for a powerful solution for your cloud infrastructure? Discover the convenience of Tilaa for yourself. You can be live in less than 3 minutes!

Get started

 

 

Share this article
Back to the overview
You might also like: