Cozeon Cloud Platform provides comprehensive networking options, for creating custom network Architectures, including network segments via VPC and VPC-Networks, and fine-grained Network Access Control via Network ACLs (NWACLs).
This is the multi-page printable view of this section. Click here to print.
Network
- 1: VPC
- 1.1: Create VPC
- 2: VPC-Network
- 2.1: Create VPC-Network
- 3: Network ACL (NWACL)
1 - VPC
In Cozeon Cloud Platform, a VPC (Virtual Private Cloud) allows logical isolation of resources (VPS, Networks) from those in other VPCs, in your account, as well as from those of other customers.
A VPC consists of one or more VPC-Networks.
More information on VPC-Networks can be found here
1.1 - Create VPC
To create a VPC, you need to perform the following steps, or take a look at the tutorial video at the end of this article.
-
Login to the Cozeon Cloud Console.
-
After login, click on “Virtual Private Cloud”, on the left side bar.
-
Click on “Create new VPC”.
-
Enter a name and a description, for the new VPC, in the corresponding text boxes.
-
Enter a Name, for the Default Public Network, of the new VPC.
-
Click “Next”.
-
Select Number (quantity) of IPs needed for the Default Public Network, of the new VPC.
-
Select Subnet Prefix for the Default Public Network, of the new VPC.
-
Select Subnet for the Default Public Network, of the new VPC.
-
Click “Next”.
-
Verify the selected/entered info.
- Click “Previous” if you need to modify the entered info.
- Click “Previous” if you need to modify the entered info.
-
Click “Finish” to create a new VPC.
Tutorial Video
2 - VPC-Network
A VPC-Network resides within a VPC. Each VPC-Network inter-connects two or more VPSs.
Also, each VPC-Network is isolated from other VPC-Networks within the same VPC, VPC-Networks in other VPCs in your account, as well as VPC-Networks in VPCs belonging to other accounts/tenants.
A VPC-Network could be one of two types:
Private Network
A Private VPC-Network isolates VPSs from all other VPC-Networks.
By default, a VPS in a Private VPC-Network does not have a Public IP assigned to it.
Hence, such a VPS is not reachable from any other Network, either a VPC-Network or the Internet. However, it does get assigned a Private IP.
All VPSs in a Private VPC-Network can access each other via their assigned Private IPs.
Also, a VPS in a Private VPC-Network cannot initiate communication with any other VPS in other VPC-Networks, through Private IPs.
However, Private VPC-Networks allow outgoing traffic to Internet. Hence, a VPS in a Private VPC-Network can:
- access any Public IP on the internet, while still not being reachable from anywhere on the internet.
- access VPSs in any other Public VPC-Network, provided the target VPS has a Public IP.
Public Network
A VPS in a Public VPC-Network is assigned a Public IP, by default.
Hence, all VPSs in a Public VPC-Network are reachable, on their Public IPs, from any other Network, either a VPC-Network or the Internet.
A VPS in a Public VPC-Network is also assigned a Private IP. However, a VPS in a Public VPC-Network will be unreachable on it’s Private IP, from outside the VPC-Network.
2.1 - Create VPC-Network
To create a VPC-Network, you need to perform the following steps, or take a look at the tutorial video at the end of this article.
-
Login to the Cozeon Cloud Console.
-
After login, click on “Networks”, on the left side bar.
-
Click on “Create new Network”
-
Enter a Name and a Description, for the new Network, in the corresponding text boxes.
-
Select a Parent VPC.
-
Select Network Type.
-
Click “Next”.
-
Select Number (quantity) of IPs needed for the new Network.
-
Select Subnet Prefix for the new Network.
-
Select Subnet for the new Network.
-
Click “Next”.
-
Verify the selected/entered info.
- Click “Previous” if you need to modify the entered info.
- Click “Previous” if you need to modify the entered info.
-
Click “Finish” to create a new VPC-Network.
Tutorial Video
3 - Network ACL (NWACL)
A Network ACL (NWACL) is associated with a VPC-Network, and provides fine-grained Network Access Control, for your VPC-Network.
Each Network ACL (NWACL) consists of a list of Rules (NWACL Rules), similar to firewall rules, and can be used to “Allow” or “Deny”, “Incoming” or “Outgoing” network traffic.
NWACL Rule
Each NWACL Rule is automatically assigned an “ID” by the system, and cannot be modified.
Also, for each NWACL rule you can:
- specify a Name
- specify a Sequence number
- Sequence numbers determine the order of execution of rules.
- Lesser Sequence numbers, have higher priority, and are executed first.
- select either “Allow” or “Deny” network traffic
- select either “Incoming” or “Outgoing” network traffic
- select Protocol -> TCP/UDP/Ping
- specify application Port number (22, 80, 8080 etc.)
- specify Network IP(s) or Subnets.
Following operations are permitted on NWACL Rules:
- Add new Rule(s)
- Copy an existing Rule to create a new Rule, which will automatically be assigned a unique “ID”.
- Delete a Rule (Saved or Submitted).
- Modify a non-Submitted Rule.
- Save a modified Rule.
- A “Saved” Rule is not applied to your VPC-Network.
- It needs to be “Submitted” to be applied to your VPC-Network
- Submit a Rule
- A “Submitted” Rule is applied to the Network.
- A “Submitted” Rule cannot be:
- modified.
- re-Submitted.
- A “Submitted” Rule can be:
- deleted.
- copied to create a new un-Submitted and un-Saved Rule.