IBM Cloud Docs
VSI on existing VPC landing zone - Extension

VSI on existing VPC landing zone - Extension

This deployable architecture extends an existing VPC deployable architecture by creating virtual server instances (VSI) in some or all of the subnets of any existing landing zone VPC deployable architecture. The architecture is based on the IBM Cloud for Financial Services reference architecture.

Architecture diagram

Architecture diagram for adding a VSI to a landing zone deployable architecture
Figure 1. VSI on existing landing zone - Extension

Design requirements

Design requirements for VSI on VPC landing zone
Figure 2. Scope of the design requirements

Components

VPC architecture decisions

Table 1. Architecture decisions
Requirement Component Reasons for choice Alternative choice
Create virtual server instances to support management Management virtual server instances Create a VPC virtual server instance that can be used for management and maintenance of your hosted application. Configure ACL and security group rules to allow access to IBM Cloud services, and workload and management VPCs.
  • Demonstrate compliance with control requirements of the IBM Cloud Framework for Financial Services
  • Set up network for all created services
  • Isolate network for all created services
  • Ensure all created services are interconnected
Secure landing zone components Create a minimum set of required components for a secure landing zone Create a modified set of required components for a secure landing zone in preset

Key and password management architecture decisions

Table 3. Key and password management architecture decisions
Requirement Component Reasons for choice Alternative choice
  • Use public SSH key to access virtual server instances by using SSH
Public SSH key provided by customer Ask customer to specify the key. Accept the input as secure parameter.

Next steps