In the ever-evolving landscape of cloud infrastructure, creating a customizable and secure virtual private cloud (VPC) environment within a single region has become a necessity for many organizations. The VPC landing zone deployable architectures offers a solution to this need through a set of starting templates that can be quickly adapted to fit your specific requirements.

The VPC Landing Zone deployable architecture leverages Infrastructure as Code (IaC) principles, that allow you to define your infrastructure in code and automate its deployment. This approach not only promotes consistency across deployments but also makes it easier to manage and update your VPC environment. 

One of the key features of the VPC Landing Zone is its flexibility. You can easily customize the starting templates to fit your organization’s specific needs. This could include adjusting network configurations and security settings, or adding additional resources like load balancers or additional block volumes. 

The following patterns are starting templates that can be used to get started quickly with Landing Zone

1. VPC pattern: Deploys a simple IBM Cloud® VPC infrastructure without any compute resources like VSIs or Red Hat OpenShift clusters. 
2. QuickStart virtual server instances (VSI) pattern: Deploys edge VPC with one VSI and a jump server VSI in the management VPC. 
3. QuickStart ROKS pattern: Deploys one ROKS cluster in workload VPC with two worker nodes. 
4. Virtual server (VSI) pattern: Deploys identical virtual servers across the VSI subnet tier in each VPC. 
5. Red Hat® OpenShift® pattern: The Red Hat OpenShift Kubernetes (ROKS) pattern deploys identical clusters across the VSI subnet tier in each VPC.

Patterns that follow the best practices 

• Create a resource group to organize and manage cloud services and VPCs. 
• Set up Cloud Object Storage instances to store flow logs and Activity Tracker data. This allows for long-term storage and analytics of flow logs and Activity Tracker data. Store encryption keys in Key Protect or Hyper Protect Crypto Services instances. This provides a secure and centralized location for managing encryption keys. 
• Create a management VPC for managing and controlling network traffic and create a workload VPC for running applications and services. Connect the management and workload VPCs using a transit gateway. 
• Set up flow log collectors in each VPC to collect and analyse network traffic data. This provides visibility and insights into network traffic patterns and performance. 
• Implement necessary networking rules to allow communication between VPCs, instances, and services. This includes security groups, network ACLs, and route tables. 
• Set up VPEs for Cloud Object Storage in each VPC. This provides secure and private access to Cloud Object Storage from within each VPC. 
• Set up a VPN gateway in the management VPC. This provides secure and encrypted connectivity between the management VPC and on-premises networks.  

Landing Zone patterns 

Let’s explore the Landing Zone patterns to gain a comprehensive understanding of their underlying concepts and applications. 

1. VPC Pattern 

The VPC Pattern architecture stands out as a modular solution that offers a robust foundation upon which to build or deploy compute resources as needed. Whether you’re looking to enhance your cloud environment with VSIs, Red Hat OpenShift clusters, or any other compute resources, this architecture provides the flexibility to do so. This approach not only simplifies the deployment process but also ensures that your cloud infrastructure remains adaptable and secure, meeting the evolving needs of your projects. 

2. QuickStart VSI pattern 

The Quickstart VSI pattern pattern involves deploying an edge VPC with one VSI in one of three subnets and a load balancer in the edge VPC. Additionally, it includes a jump server VSI in the management VPC that exposes a public floating IP address. While this pattern is useful for getting started quickly, it is important to note that it does not guarantee high availability or validation within the IBM Cloudfor Financial Services® framework. 

3. QuickStart ROKS pattern 

The Quickstart ROKS pattern pattern consists of a management VPC with one subnet, an allow-all ACL, and a security group. The Workload VPC has two subnets in two different availability zones, also with an allow-all ACL and security group. A Transit Gateway is used to connect the management and workload VPCs. There is also one ROKS cluster deployed in the workload VPC, consisting of two worker nodes, with its public endpoint enabled. For added security, Key Protect is used for encryption of the cluster keys, and a Cloud Object Storage instance is set up as a required component for the ROKS cluster. 

4. Virtual server pattern 

The VSI pattern architecture in question supports the creation of a VSI on a VPC landing zone within the IBM Cloud environment. The VPC landing zone itself is a critical component of IBM Cloud’s secure infrastructure services, designed to provide a secure foundation for deploying and managing workloads. The VSI on VPC landing zone architecture is specifically tailored for creating a secure infrastructure with virtual servers to run workloads on a VPC network. 

5. Red Hat OpenShift pattern 

The ROKS pattern architecture supports the creation and deployment of a Red Hat OpenShift Container Platform within a VPC landing zone in a single-region configuration on IBM Cloud. This allows for the management and execution of container applications within an isolated and secure environment, which provide the necessary resources and services to support their functionality. The use of a single-region architecture helps simplify the setup and management of the OpenShift platform while also making sure that all components are located within the same geographical region, reducing latency and improving performance for applications deployed within this environment. By leveraging IBM Cloud’s VPC landing zone, organizations can easily set up and manage their container infrastructure, enabling them to quickly and efficiently deploy and manage their container applications within a secure and scalable environment. 

Evaluating an IBM Cloud deployable architecture 

When choosing a VPC landing zone pattern, it’s crucial to consider the advantages and disadvantages of each option, as each has its distinct pros and cons. The most suitable pattern will depend on the unique needs and objectives of your organization or project. To make a well-informed decision, assess key factors such as scalability, security, cost, and ease of management. By thoughtfully evaluating these factors and understanding your project’s requirements, you can select the most suitable VPC landing zone pattern for your needs, ensuring the success of your project. 

For more detailed guidance on selecting the right VPC landing zone pattern, read the article, which provides valuable insights and practical tips to help you make the best choice for your specific use case. 

While IBM Cloud pre-built deployable architectures provide a solid foundation for most use cases, there may be situations where customization or extension is necessary. For these situations, refer to this tutorial for a deeper dive into the customization process. To accelerate your development, start by leveraging an IBM Cloud deployable architecture and adapt it to meet your unique requirements.