Welcome!

IBM Cloud Authors: Cloud Best Practices Network, Alois Mayr, Elizabeth White, Liz McMillan, John Esposito

Blog Feed Post

First of Five Enterprise Lessons Learned in the AWS Virtual Private Cloud

Public Cloud is cool and it's the only kind of Cloud my company works with. Yet enterprise financial services firms and others require controlled access. And in 2013 AWS not only won the contract to build an actual Private Cloud for the CIA (any further legal maneuvers from IBM notwithstanding), but AWS also seems to have conceded that Virtual Private Cloud is a first class AWS Cloud offering. It's not that VPC was ignored, it's just than in 2011 and most of 2012 new capabilities of the Oracle Relational Database Service (RDS) were available first in EC2, then VPC. The customers we work with require AWS VPC. In this post and four more to follow, I'm taking note of some of the lessons learned working with VPC in the hope that I may entertain if not educate.

Some Opening Remarks on Enterprise and VPC
Networking is hard. And to define a VPC you need to have more than a passing knowledge of networks. I'm not an expert, however I've spent a lot of time reading about and configuring VPCs and I'm still learning.

Defining the VPC
When you define a VPC you get one chance to define the CIDR Block, or IP space. They're free, and it's very likely you will provision or at least define many VPCs if you work in the Enterprise Cloud space.  Although the VPC is free, if you need to change it, the only way to do so is to delete it and recreate it, or create a new VPC with the CIDR range you need, and then migrate your instances and certain other stuff to the new VPC. It's a lot of work and if you're working in a corporate environment leery of automation, people will really scream and moan when they find out stuff needs to change. Then they get angry and show up with torches and pitchforks like the angry villagers in a Frankenstein movie.

On the one hand you can say: "Welcome to the Cloud, my friends, wait until we have a real problem before you set this place on fire or poke each other with those sharp sticks, " but enterprise journey to Cloud offers many opportunities to tease people and for now it's easier for you to set aside this sort of early delectable brush with enterprise IT culture for a later point in time. At this stage you're the one waiting because you have no VPC and you can't build much until you get it up and running.

First Lesson(s) Learned (they were more or less clustered together, but I'll count them as One)
Choose a CIDR Block that is significantly larger than your network team will offer you. Choose is a loaded word in the enterprise. Likely somebody else will choose for you, or will see your request and decide that there's a better way. Your request for a /21 network will likely be met with disbelief and in the name of saving string somebody will quickly alter the request to a mostly useful /24.

Lots of People in the Enterprise Are Eager to Selectively Review and Even Alter Your Solution Design
At first glance people not familiar with AWS will simply try to determine how many serves a given business segment or application will deploy. Even though the IP addresses are free and there are a lot of them, datacenter network teams try to avoid issues like address ranges that overlap with those of business partners, and a dark day when perhaps internal IP addresses will be scarce.

Explain to them that you need a lot more IP space that at first glance may be required. Each VPC availability zone requires a separate subnet in order for instances or services like RDS to be able to run in those subnets. RDS for example requires a group of subnets, and requires more than just one. If you only have a single subnet, you won't be able to run RDS.

ELB in a VPC Requires Public IP Subnets
In 2012 for most of the year the AWS Elastic Load Balancer (ELB) required a minimum sized subnet in each availability zone where it would "run." The reason is that ELB, even though its a service, actually runs instances. Those instances require ip addresses in each public subnet of each availability zone in a VPC. In 2012 the minimum for a public facing ELB was something like 104 ip addresses per public subnet per availability zone. So for me that meant three availability zones at a minimum of 104 ip addresses per subnet. A kind soul who had looked over my solution wisely concluded that based on the number of expected instances, I only needed around 250 ip addresses in the CIDR range. Yet even after defining the public subnets, I still needed subnets for the remainder. In any event, we had to ask for a new VPC and this and that and it was a really big headache. So now you know. Today the public ELB doesn't require as many IP addresses. However keep in mind that the word Elastic, in the acronym ELB implies expanding and contracting. And also, if you're using ELB the only other instance type I would conceivably place in the public subnet is a NAT instance. Everything else can be placed in private subnets. And nothing other than the NAT instances should be competing with the ELB for ip addresses in any of the public subnets.

[Stay tuned for Second Lesson Learned to be published later this week...]

Read the original blog entry...

More Stories By Brian McCallion

Brian McCallion Bronze Drum works with executives to develop Cloud Strategy, Big Data proof-of-concepts, and trains enterprise teams to rethink process and operations. Focus areas include: Enterprise Cloud Strategy and Project Management Cloud Data Governance and Compliance Infrastructure Automation

@ThingsExpo Stories
The essence of data analysis involves setting up data pipelines that consist of several operations that are chained together – starting from data collection, data quality checks, data integration, data analysis and data visualization (including the setting up of interaction paths in that visualization). In our opinion, the challenges stem from the technology diversity at each stage of the data pipeline as well as the lack of process around the analysis.
Designing IoT applications is complex, but deploying them in a scalable fashion is even more complex. A scalable, API first IaaS cloud is a good start, but in order to understand the various components specific to deploying IoT applications, one needs to understand the architecture of these applications and figure out how to scale these components independently. In his session at @ThingsExpo, Nara Rajagopalan is CEO of Accelerite, will discuss the fundamental architecture of IoT applications, ...
WebRTC is bringing significant change to the communications landscape that will bridge the worlds of web and telephony, making the Internet the new standard for communications. Cloud9 took the road less traveled and used WebRTC to create a downloadable enterprise-grade communications platform that is changing the communication dynamic in the financial sector. In his session at @ThingsExpo, Leo Papadopoulos, CTO of Cloud9, will discuss the importance of WebRTC and how it enables companies to fo...
SYS-CON Events announced today TechTarget has been named “Media Sponsor” of SYS-CON's 18th International Cloud Expo, which will take place on June 7–9, 2016, at the Javits Center in New York City, NY, and the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. TechTarget is the Web’s leading destination for serious technology buyers researching and making enterprise technology decisions. Its extensive global networ...
As cloud and storage projections continue to rise, the number of organizations moving to the cloud is escalating and it is clear cloud storage is here to stay. However, is it secure? Data is the lifeblood for government entities, countries, cloud service providers and enterprises alike and losing or exposing that data can have disastrous results. There are new concepts for data storage on the horizon that will deliver secure solutions for storing and moving sensitive data around the world. ...
Korean Broadcasting System (KBS) will feature the upcoming 18th Cloud Expo | @ThingsExpo in a New York news documentary about the "New IT for the Future." The documentary will cover how big companies are transmitting or adopting the new IT for the future and will be filmed on the expo floor between June 7-June 9, 2016, at the Javits Center in New York City, New York. KBS has long been a leader in the development of the broadcasting culture of Korea. As the key public service broadcaster of Korea...
In his session at 18th Cloud Expo, Bruce Swann, Senior Product Marketing Manager at Adobe, will discuss how the Adobe Marketing Cloud can help marketers embrace opportunities for personalized, relevant and real-time customer engagement across offline (direct mail, point of sale, call center) and digital (email, website, SMS, mobile apps, social networks, connected objects). Bruce Swann has more than 15 years of experience working with digital marketing disciplines like web analytics, social med...
What a difference a year makes. Organizations aren’t just talking about IoT possibilities, it is now baked into their core business strategy. With IoT, billions of devices generating data from different companies on different networks around the globe need to interact. From efficiency to better customer insights to completely new business models, IoT will turn traditional business models upside down. In the new customer-centric age, the key to success is delivering critical services and apps wit...
With major technology companies and startups seriously embracing IoT strategies, now is the perfect time to attend @ThingsExpo 2016 in New York and Silicon Valley. Learn what is going on, contribute to the discussions, and ensure that your enterprise is as "IoT-Ready" as it can be! Internet of @ThingsExpo, taking place Nov 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with 17th Cloud Expo and will feature technical sessions from a rock star conference faculty ...
The 19th International Cloud Expo has announced that its Call for Papers is open. Cloud Expo, to be held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA, brings together Cloud Computing, Big Data, Internet of Things, DevOps, Containers, Microservices and WebRTC to one location. With cloud computing driving a higher percentage of enterprise IT budgets every year, it becomes increasingly important to plant your flag in this fast-expanding business opportunity. Submit y...
There are several IoTs: the Industrial Internet, Consumer Wearables, Wearables and Healthcare, Supply Chains, and the movement toward Smart Grids, Cities, Regions, and Nations. There are competing communications standards every step of the way, a bewildering array of sensors and devices, and an entire world of competing data analytics platforms. To some this appears to be chaos. In this power panel at @ThingsExpo, moderated by Conference Chair Roger Strukhoff, panelists will discuss the vast to...
Internet of @ThingsExpo, taking place November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with the 19th International Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world and ThingsExpo New York Call for Papers is now open.
SYS-CON Events announced today that Enzu, a leading provider of cloud hosting solutions, will exhibit at SYS-CON's 18th International Cloud Expo®, which will take place on June 7-9, 2016, at the Javits Center in New York City, NY. Enzu’s mission is to be the leading provider of enterprise cloud solutions worldwide. Enzu enables online businesses to use its IT infrastructure to their competitive advantage. By offering a suite of proven hosting and management services, Enzu wants companies to foc...
SYS-CON Events announced today the How to Create Angular 2 Clients for the Cloud Workshop, being held June 7, 2016, in conjunction with 18th Cloud Expo | @ThingsExpo, at the Javits Center in New York, NY. Angular 2 is a complete re-write of the popular framework AngularJS. Programming in Angular 2 is greatly simplified. Now it’s a component-based well-performing framework. The immersive one-day workshop led by Yakov Fain, a Java Champion and a co-founder of the IT consultancy Farata Systems and...
IoT generates lots of temporal data. But how do you unlock its value? How do you coordinate the diverse moving parts that must come together when developing your IoT product? What are the key challenges addressed by Data as a Service? How does cloud computing underlie and connect the notions of Digital and DevOps What is the impact of the API economy? What is the business imperative for Cognitive Computing? Get all these questions and hundreds more like them answered at the 18th Cloud Expo...
Customer experience has become a competitive differentiator for companies, and it’s imperative that brands seamlessly connect the customer journey across all platforms. With the continued explosion of IoT, join us for a look at how to build a winning digital foundation in the connected era – today and in the future. In his session at @ThingsExpo, Chris Nguyen, Group Product Marketing Manager at Adobe, will discuss how to successfully leverage mobile, rapidly deploy content, capture real-time d...
In his keynote at 18th Cloud Expo, Andrew Keys, Co-Founder of ConsenSys Enterprise, will provide an overview of the evolution of the Internet and the Database and the future of their combination – the Blockchain. Andrew Keys is Co-Founder of ConsenSys Enterprise. He comes to ConsenSys Enterprise with capital markets, technology and entrepreneurial experience. Previously, he worked for UBS investment bank in equities analysis. Later, he was responsible for the creation and distribution of life ...
SYS-CON Events announced today that ContentMX, the marketing technology and services company with a singular mission to increase engagement and drive more conversations for enterprise, channel and SMB technology marketers, has been named “Sponsor & Exhibitor Lounge Sponsor” of SYS-CON's 18th Cloud Expo, which will take place on June 7-9, 2016, at the Javits Center in New York City, New York. “CloudExpo is a great opportunity to start a conversation with new prospects, but what happens after the...
SYS-CON Events announced today that 24Notion has been named “Bronze Sponsor” of SYS-CON's 18th Cloud Expo, which will take place on June 7-9, 2016, at the Javits Center in New York, New York. 24Notion is full-service global creative digital marketing, technology and lifestyle agency that combines strategic ideas with customized tactical execution. With a broad understand of the art of traditional marketing, new media, communications and social influence, 24Notion uniquely understands how to con...
The demand for organizations to expand their infrastructure to multiple IT environments like the cloud, on-premise, mobile, bring your own device (BYOD) and the Internet of Things (IoT) continues to grow. As this hybrid infrastructure increases, the challenge to monitor the security of these systems increases in volume and complexity. In his session at 18th Cloud Expo, Stephen Coty, Chief Security Evangelist at Alert Logic, will show how properly configured and managed security architecture can...