Landing zone for applications with virtual servers - Extension

This deployable architecture extends an existing VPC deployable architecture by creating virtual server instances (VSI) in some or all of the subnets of any existing landing zone VPC deployable architecture. The architecture is based on the IBM Cloud for Financial Services reference architecture.

Architecture diagram

Design requirements

Components

VPC architecture decisions

Architecture decisions
Requirement	Component	Reasons for choice	Alternative choice
Create virtual server instances to support management	Management of virtual server instances	Create a VPC virtual server instance that can be used for management and maintenance of your hosted application. Configure ACL and security group rules to allow access to IBM Cloud services, and workload and management VPCs.
Demonstrate compliance with control requirements of the IBM Cloud Framework for Financial Services Set up a network for all created services Isolate network for all created services Help ensure all created services are interconnected	Secure landing zone components	Create a minimum set of required components for a secure landing zone	Create a modified set of required components for a secure landing zone in preset

Key and password management architecture decisions

Key and password management architecture decisions
Requirement	Component	Reasons for choice	Alternative choice
Use public SSH key to access virtual server instances by using SSH	Public SSH key provided by customer	Ask the customer to specify the key. Accept the input as a secure parameter.

Next steps

Read about IBM Cloud for Financial Services
To deploy this architecture, understand Deploying a landing zone deployable architecture steps.