Learn how to configure and scale isolated workloads in shared and dedicated environments on Virtual Private Cloud.

Following the step-by-step instructions provided in this new solution tutorial, you will provision an IBM Cloud Virtual Private Cloud (VPC) with subnets spanning multiple availability zones (AZs) and virtual server instances (VSIs) that can scale according to your requirements to ensure the high availability of your application. Furthermore, configure load balancers to provide high availability between zones within one region. Configure Virtual Private Endpoints (VPE) for your VPC providing private routes to services on the IBM Cloud.

Isolate workloads by provisioning a dedicated host, attaching an encrypted data volume to a VSI and resizing the VSI after the fact. 

You will provision all of these services and VPC resources using IBM Cloud Schematics, which provides Terraform-as-a-Service capabilities. The Terraform template defines the IBM Cloud resources to be created, updated or deleted.

For the Terraform scripts and modules used in this tutorial, check the Git repo.

Auto scale on VPC 

With Auto Scale for VPC, you can improve performance and costs by dynamically creating virtual server instances (VSIs) to meet the demands of your environment. You set scaling policies that define your desired average utilization for metrics like CPU, memory and network usage. You can create an instance group in your IBM Cloud VPC to auto scale according to your requirements by using the IBM Cloud console. Based on the target utilization metrics that you define, the instance group can dynamically add or remove instances to achieve your specified instance availability.

Dedicated hosts on VPC

The reason you create a dedicated host is to carve out a single-tenant compute node — free from users outside of your organization. Within that dedicated space, you can create virtual server instances according to your needs. Additionally, you can create dedicated host groups that contain dedicated hosts for a specific purpose. Because a dedicated host is a single-tenant space, only users within your account that have the required permissions can create instances on the host.

Architecture

1. The frontend app deployed on VSI(s) communicates to the backend app via the private load balancer.
2. The backend app securely communicates with the cloud services via a virtual private endpoint (VPE).
3. As the load on the application increases, scaling for VPC is enabled and dynamically adds or removes VSIs based on metrics like CPU, RAM, etc. or through scheduled scaling.
4. As the scope expands, the dedicated host isolates and performs heavy computation on the data. Resize the instance on the dedicated host by updating the profile based on your requirement.
5. All instances communicate with IBM Cloud services over the private backbone using a virtual private endpoint (VPE). See the About virtual private endpoint gateways topic for more details.

Application

VPC uses cloud-init technology to configure virtual server instances. The user data field on the new virtual server for VPC page allows users to put in custom configuration options by using cloud-init.

The application that you will be deploying via user-data is a simple balance form app that shows which services or virtual server instance are responding to a submission (request). The frontend instance runs an Nginx server to serve a PHP web application that talks to the backend to store and retrieve data. The backend instance runs a NodeJS and GraphQL API wrapper for IBM Cloud Databases for PostgreSQL and IBM Cloud Object Storage.

Provision using the IBM Cloud Schematics UI

Follow the step-by-step instructions in the solution tutorial to provision the cloud services and VPC resources and deploy the frontend and backend applications using the IBM Cloud Schematics UI.

What’s next?

• Extend the scenario by configuring SSL termination, sticky sessions and end-to-end encryption. For more information, refer to “Deploy and Auto Scale Isolated Workloads Across Multiple Zones.”
• How about automatically assigning a floating IP to a newly created VSI by monitoring Activity Tracker events and using Cloud Functions to interact with the VPC API? Yes, you can achieve this by following the instructions in this post: “Extend VPC Resources with Cloud Functions, Activity Tracker with LogDNA, and Schematics.” 

Explore other VPC scenarios

There are additional scenarios in VPC tutorials: 

• Securely access remote instances with a bastion host
• Private and public subnets in a Virtual Private Cloud
• Deploy isolated workloads across multiple locations and zones
• Use a VPC/VPN gateway for secure and private on-premises access to cloud resources
• Deploy CockroachDB in a Multi-Zoned Virtual Private Cloud with Encrypted Block Storage
• Migrate a Classic infrastructure instance to a VPC infrastructure instance

Questions and feedback

If you have feedback, suggestions or questions about this post, please reach out to us on Twitter or LinkedIn @VidyasagarMSC or Dimitri Prosper. Use the Open doc issue on the tutorial to report a problem on its content. If you see any issue with the Terraform scripts, open an issue here.