High-Level Architecture with Load Balancer and Jump Server in a VPC Setup

Introduction

In this use case, we demonstrate how NeevCloud enables secure cloud networking by implementing a Virtual Private Cloud (VPC) with a Load Balancer (LB) for traffic distribution and a Jump Server for enhanced administrative access. This setup ensures security, scalability, and efficient traffic management for hosting web applications.

Architecture Details

VPC Configuration

• CIDR: 10.0.5.0/24 – A private subnet used for internal communication.

• The VPC serves as the foundation of the private network, isolating traffic and enabling secure internal connectivity.

Components

1. Load Balancer (LB):

   • Private IP: 10.0.5.5

   • Role: Routes incoming traffic from the public network to the backend web servers.

   • Security: Acts as an additional layer, preventing direct public access to web servers.

2. Web Servers:

   • WS1: IP 10.0.5.10

   • WS2: IP 10.0.5.11

   • WS3: IP 10.0.5.12

   • Role: Hosts the application and serves client requests.

   • Deployment: Configured within the private network.

3. Jump Server (Admin Gateway):

   • Private IP: 10.0.5.200

   • Floating IP: Assigned for secure external access.

   • Role: Used exclusively for administrative access to the private network.

   • Security: Provides a single entry point for accessing the internal network.

3. Public Access via Floating IPs

Floating IP-1: Routes client traffic to the Load Balancer.

Floating IP-2: Assigned to the Jump Server for administrative tasks, avoiding direct access to the web servers.

Step-by-Step Implementation

Step 1: Create a Private Network

• Navigate to: Networking > Network in the NeevCloud portal.

• Action:

  • Provide a name for the network (e.g., WebVPC).

  • Set CIDR to 10.0.5.0/24.

  • Leave other options at default and create the network.

Step 2: Deploy a Router

• Navigate to: Networking > Routers.

• Action:

  • Create a router and name it (e.g., WebRouter).

  • Set the external gateway to the Public Network.

  • Add the private network (10.0.5.0/24) as an interface.

Step 3: Launch Virtual Machines

• Navigate to: Instances > Launch Instance.

• Web Servers:

  • Launch three VMs (WS1, WS2, WS3) with private IPs assigned.

  • Assign them to the private VPC.

  • Avoid attaching the public network.

• Jump Server:

  • Launch one VM and assign it to the private network.

  • Avoid attaching the public network to maintain restricted access.

  • Assign a floating IP for external access.

Step 4: Set Up a Load Balancer

• Navigate to: Networking > Load Balancers.

• Action:

  • Create a Load Balancer and assign it the private IP 10.0.5.5.

  • Add a backend pool with WS1, WS2, and WS3.

  • Configure listeners:

    • HTTP Listener: Port 80

    • HTTPS Listener: Port 443 (recommended for secure communication).

Step 5: Allocate and Associate Floating IPs

• Navigate to: Networking > Floating IPs.

• Action:

  • Allocate two floating IPs from the public IP pool.

  • Associate:

    • Floating IP-1: Linked to the Load Balancer for routing public traffic to web servers.

    • Floating IP-2: Linked to the Jump Server for secure external access.