High-Level Architecture with Load Balancer and Jump Server in a VPC Setup

Introduction

In this use case, we demonstrate how NeevCloud enables secure cloud networking by implementing a Virtual Private Cloud (VPC) with a Load Balancer (LB) for traffic distribution and a Jump Server for enhanced administrative access. This setup ensures security, scalability, and efficient traffic management for hosting web applications.

Architecture Details

VPC Configuration

  • CIDR: 10.0.5.0/24 – A private subnet used for internal communication.

  • The VPC serves as the foundation of the private network, isolating traffic and enabling secure internal connectivity.

Components

  1. Load Balancer (LB):

    • Private IP: 10.0.5.5

    • Role: Routes incoming traffic from the public network to the backend web servers.

    • Security: Acts as an additional layer, preventing direct public access to web servers.

  2. Web Servers:

    • WS1: IP 10.0.5.10

    • WS2: IP 10.0.5.11

    • WS3: IP 10.0.5.12

    • Role: Hosts the application and serves client requests.

    • Deployment: Configured within the private network.

  3. Jump Server (Admin Gateway):

    • Private IP: 10.0.5.200

    • Floating IP: Assigned for secure external access.

    • Role: Used exclusively for administrative access to the private network.

    • Security: Provides a single entry point for accessing the internal network.

3. Public Access via Floating IPs

Floating IP-1: Routes client traffic to the Load Balancer.

Floating IP-2: Assigned to the Jump Server for administrative tasks, avoiding direct access to the web servers.

Step-by-Step Implementation

Step 1: Create a Private Network

  • Navigate to: Networking > Network in the NeevCloud portal.

  • Action:

    • Provide a name for the network (e.g., WebVPC).

    • Set CIDR to 10.0.5.0/24.

    • Leave other options at default and create the network.

Step 2: Deploy a Router

  • Navigate to: Networking > Routers.

  • Action:

    • Create a router and name it (e.g., WebRouter).

    • Set the external gateway to the Public Network.

    • Add the private network (10.0.5.0/24) as an interface.

Step 3: Launch Virtual Machines

  • Navigate to: Instances > Launch Instance.

  • Web Servers:

    • Launch three VMs (WS1, WS2, WS3) with private IPs assigned.

    • Assign them to the private VPC.

    • Avoid attaching the public network.

  • Jump Server:

    • Launch one VM and assign it to the private network.

    • Avoid attaching the public network to maintain restricted access.

    • Assign a floating IP for external access.

Step 4: Set Up a Load Balancer

  • Navigate to: Networking > Load Balancers.

  • Action:

    • Create a Load Balancer and assign it the private IP 10.0.5.5.

    • Add a backend pool with WS1, WS2, and WS3.

    • Configure listeners:

      • HTTP Listener: Port 80

      • HTTPS Listener: Port 443 (recommended for secure communication).

Step 5: Allocate and Associate Floating IPs

  • Navigate to: Networking > Floating IPs.

  • Action:

    • Allocate two floating IPs from the public IP pool.

    • Associate:

      • Floating IP-1: Linked to the Load Balancer for routing public traffic to web servers.

      • Floating IP-2: Linked to the Jump Server for secure external access.

Last updated