Architecture decisions for networking
The following are network architecture decisions for the hybrid cloud network for classic infrastructure disaster recovery pattern.
Architecture decisions for enterprise connectivity
| Architecture decision | Requirement | Options | Decision | Rationale |
|---|---|---|---|---|
| Management connectivity | Provide secure, encrypted connectivity to the cloud’s private network for management purposes. |
|
Site-to-Site VPN on Gateway appliance in classic | Secure and suitable for production-level performance |
| Enterprise connectivity | Provide connectivity between client enterprise and IBM Cloud. |
|
Direct Link Connect | cost effective, quicker deployment time, and supports hybrid and multi-cloud deployment strategies. |
Architecture decisions for Bring Your Own IP and edge gateways
| Architecture decision | Requirement | Options | Decision | Rationale |
|---|---|---|---|---|
| Bring Your Own IP (BYOIP) approach | Provide capability for BYOIP to IBM Cloud. | Generic Routing Encapsulation (GRE) tunnel | GRE tunnel | Allows BYOIP routes to be advertised |
| Edge gateways | Capability to provide edge routing services, firewall, and tunnel (VPN, GRE) termination. |
Gateway Appliance in classic
|
Select based on required features and client preferences | Client preference |
Architecture decisions for network segmentation and isolation
| Architecture decision | Requirement | Options | Decision | Rationale |
|---|---|---|---|---|
| Network segmentation and isolation | Ability to provide network isolation across workloads. | VLANs, subnets, and security groups | VLANs, subnets, and security groups | Allows for segmentation and network isolation |
Architecture decisions for cloud native connectivity
| Architecture decision | Requirement | Options | Decision | Rationale |
|---|---|---|---|---|
| Cloud Native Connectivity to cloud services | Provide secure connection to cloud services |
|
Private Cloud service endpoints | Provides private connectivity to cloud services, enhanced security, and cost efficiency |
Architecture decisions for load balancing
| Architecture decision | Requirement | Options | Decision | Rationale |
|---|---|---|---|---|
| Global load balancing | Load balancing over the public network across two regions if there's an outage (DR) for failover to the other region. |
|
Cloud Internet Services (CIS) | Provides a cost-effective solution and offers extra security features |
| Load balancing: Public | Load-balancing workloads across multiple workload instances or zones over the public network. |
|
IBM Cloud® Load Balancer | Provides a wide range of load-balancing functions for both public and private traffic cost effectively |
| Load balancing: Private | Load balancing workloads across multiple workload instances or zones over the private network. |
|
IBM Cloud® Load Balancer |
|
Architecture decisions for domain name system
| Architecture decision | Requirement | Options | Decision | Rationale |
|---|---|---|---|---|
| Public DNS | Provide DNS resolution to support the use of hostnames instead of IP addresses for applications |
|
DNS Services through the cloud portal | Cost-effective and reliable |
| Private DNS | Provide DNS resolution within the IBM Cloud private network |
|
Custom DNS on VSI |
|