Design the network solution
When you plan the network architecture, you must address the following key considerations to ensure security, functionality, and performance:
- External access requirements
- Determine whether external access is necessary and define the scope. This includes deciding whether access is provided to the virtual machine itself or only to the application that runs on it. Control the access based on IP addresses and restrict access to trusted sources.
- Configured services and protocols
- Identify which services need to be enabled and the protocols they require. For example, SSH can be necessary for administrative access, while HTTPS is typically required for application traffic. Ensure that all services are secured with proper authentication and encryption.
- Required ports
- Specify the ports that must be accessible for the application and management services. Open only the ports that are essential, such as TCP 22 for SSH or TCP 443 for HTTPS, and block all others to minimize the attack surface.
- Performance considerations
- Evaluate whether additional network interfaces are needed to optimize performance. A second NIC can help separate management and application traffic or improve throughput. For containerized environments, assess if the standard pod network is sufficient, as it often provides a simpler and less complex solution.
- Hardware limitations
- Consider platform-specific constraints, such as the requirement to enable learning mode or to register MAC addresses manually on an OSA adapter if not in promiscuous mode.