Cloud
February 6, 2023 By Powell Quiring 3 min read

Check out our new tutorial to learn how to centralize communication through a VPC transit hub and spoke.

A Virtual Private Cloud (VPC) provides network isolation and security in the IBM Cloud. A VPC can be a building block that encapsulates a corporate division (e.g., marketing, development, accounting) or a collection of microservices owned by a DevSecOps team. VPCs can be connected to an on-premises enterprise and each other. A new two-part solution tutorial covers the concepts and implementation of the transit hub-and-spoke architecture.

At a high level, the architecture might look like the following diagram:

Hub-and-spoke architecture.

Traffic will pass through the hub as it flows from enterprise to spoke or even spoke to spoke. IBM Cloud service instances can be created in the hub and used by the enterprise and spokes. The hub will contain a Network Function Virtualization (NFV) firewall-router instance for fine-grain routing control and packet inspection. You can choose a firewall-router from the catalog:

Data flow through a firewall-router.

Each of the VPCs has its own addressable entities. This includes microservices and IBM Service Instances. A Virtual Private Endpoint gateway (VPE) provides private and secure access to a service like IBM Cloud Databases for Redis. DNS entries for these entities can be managed through the IBM Cloud DNS Service.

DNS for microservices and VPEs.

We’re excited to bring you a new, two-part solution tutorial: Part 1 covers the concepts and implementation of the transit hub-and-spoke architecture and Part 2 routes more traffic through a HA firewall-router and implements VPE with DNS. The companion GitHub repository contains a complete implementation divided into small layers.

It can be informative to just read through the tutorial to obtain an understanding of the architecture. To get hands-on experience, you can provision the layers as instructed in the tutorial and use the IBM Cloud Console to view the resources and see the details. The tutorial even describes how to invoke a test suite to verify connectivity and interpret the results.

Topics include the following:

  • Transit Gateway to connect Direct Link 2.0 and VPCs
  • VPC zone-based routing
  • Resolving firewall-router asymmetric routing issues
  • Virtual Private Endpoint Gateways for local access to cloud resource instances within a VPC
  • DNS name resolution of IBM Cloud Service instances

Summary and next steps

This blog post and the accompanying solution tutorial show how you can use a hybrid cloud to place resources where they are most desirable. You can combine secure IBM Cloud Infrastructure as a Service (IaaS) components with your existing environment to create a platform for cloud and on-premises. Use your existing firewall-router technology in the cloud to meet your compliance needs, and optimize for your business—not your cloud provider.

Get started with Part 1 and Part 2 of our new solution tutorial, “Centralize communication through a VPC transit hub and spoke architecture.”

If you have feedback, suggestions or questions about this post, please email me or reach out to me on Mastodon (@powellquiring@mastodon.social), LinkedIn or Twitter (@powellquiring).

Was this article helpful?
YesNo
Powell Quiring
Offering Manager

More from Cloud
July 16, 2024

How a US bank modernized its mainframe applications with IBM Consulting and Microsoft Azure

9 min read - As organizations strive to stay ahead of the curve in today's fast-paced digital landscape, mainframe application modernization has emerged as a critical component of any digital transformation strategy. In this blog, we'll discuss the example of a US bank which embarked on a journey to modernize its mainframe applications. This strategic project has helped it to transform into a more modern, flexible and agile business. In looking at the ways in which it approached the problem, you’ll gain insights into…

July 16, 2024

The power of the mainframe and cloud-native applications 

4 min read - Mainframe modernization refers to the process of transforming legacy mainframe systems, applications and infrastructure to align with modern technology and business standards. This process unlocks the power of mainframe systems, enabling organizations to use their existing investments in mainframe technology and capitalize on the benefits of modernization. By modernizing mainframe systems, organizations can improve agility, increase efficiency, reduce costs, and enhance customer experience.  Mainframe modernization empowers organizations to harness the latest technologies and tools, such as cloud computing, artificial intelligence,…

July 16, 2024

Modernize your mainframe applications with Azure

4 min read - Mainframes continue to play a vital role in many businesses' core operations. According to new research from IBM's Institute for Business Value, a significant 7 out of 10 IT executives believe that mainframe-based applications are crucial to their business and technology strategies. However, the rapid pace of digital transformation is forcing companies to modernize across their IT landscape, and as the pace of innovation continuously accelerates, organizations must react and adapt to these changes or risk being left behind. Mainframe…

IBM Newsletters

 Get our newsletters and topic updates that deliver the latest thought leadership and insights on emerging trends.
Subscribe now More newsletters