WEBVTT

1
00:00:00.000 --> 00:00:07.141
[MUSIC]

2
00:00:07.141 --> 00:00:11.734
As Cloud environments gain greater
adoption and digital data invites rapidly

3
00:00:11.734 --> 00:00:16.966
increasing cybersecurity threats, building
secure networks on the Cloud is crucial.

4
00:00:16.966 --> 00:00:21.233
Let's look at how we can build
a secure Cloud networking presence.

5
00:00:21.233 --> 00:00:24.787
As one might expect, the notion of
building a Cloud network is not

6
00:00:24.787 --> 00:00:28.808
much different from deploying a network
in an on-premises data center.

7
00:00:28.808 --> 00:00:33.636
The main difference stems from the fact
that in the Cloud we use logical instances

8
00:00:33.636 --> 00:00:37.054
of networking elements as
opposed to physical devices.

9
00:00:37.054 --> 00:00:40.548
For example,
network interface controllers or

10
00:00:40.548 --> 00:00:44.818
NICs would be represented by
vNICs in cloud environments.

11
00:00:44.818 --> 00:00:49.585
In the Cloud, networking functions
are delivered as a service rather than in

12
00:00:49.585 --> 00:00:51.870
the form of rack-mounted devices.
13
00:00:51.870 --> 00:00:56.915
To create a network in the Cloud, one
starts by defining the size of the network

14
00:00:56.915 --> 00:01:01.974
or the IP address range that establishes
the boundaries or the Cloud network.

15
00:01:01.974 --> 00:01:07.415
Cloud networks are deployed in networking
spaces that are logically separated

16
00:01:07.415 --> 00:01:12.694
segments of the networks using options
including Virtual, Private Cloud,

17
00:01:12.694 --> 00:01:17.670
or VPC that in turn can be divided
into smaller segments called subnets.

18
00:01:17.670 --> 00:01:23.068
Logically segmented cloud networks are
private carveout of the cloud that offer

19
00:01:23.068 --> 00:01:28.480
customers the security of private clouds
and the scalability of public clouds.

20
00:01:28.480 --> 00:01:34.003
Cloud resources such as VMs or
Virtual Server Instances, VSIs, storage,

21
00:01:34.003 --> 00:01:39.450
network connectivity, and
load balancers are deployed into subnets.

22
00:01:39.450 --> 00:01:44.196
Using subnets allows users to deploy
enterprise applications using

23
00:01:44.196 --> 00:01:48.952
the same multi-tier concepts used
in on-premises environments.

24
00:01:48.952 --> 00:01:54.129
Subnets are also the main area where
security is implemented in the Cloud.

25
00:01:54.129 --> 00:01:57.581
Every subnet is protected
by access control lists or

26
00:01:57.581 --> 00:02:00.646
ACLs that serve as
a subnet-level firewall.

27
00:02:00.646 --> 00:02:05.393
Within the subnet, one could create
security groups that provide

28
00:02:05.393 --> 00:02:08.790
security at the instance level,
such as VSIs.

29
00:02:08.790 --> 00:02:12.933
Once you build a subnet,
then it is time to add some VSIs and

30
00:02:12.933 --> 00:02:16.836
storage to it so
that you could run your applications.

31
00:02:16.836 --> 00:02:22.480
Let's say you have a three tier
application that requires Web access VSIs,

32
00:02:22.480 --> 00:02:26.460
application tier VSIs,
and backend database VSIs.

33
00:02:26.460 --> 00:02:32.007
In this case, we would place the
web-facing VSIs into one security group,

34
00:02:32.007 --> 00:02:35.647
the application VSIs in
a second security group,

35
00:02:35.647 --> 00:02:39.391
while the database VSIs in
a third security group.

36
00:02:39.391 --> 00:02:44.276
It goes without saying that the Web
facing VSIs need Internet access.

37
00:02:44.276 --> 00:02:49.196
A public gateway instance is added to
the network to enable users access

38
00:02:49.196 --> 00:02:52.066
to the application in the Internet tier.

39
00:02:52.066 --> 00:02:56.163
While public gateways are great for
Internet access to the Cloud,

40
00:02:56.163 --> 00:03:00.994
enterprises are interested in extending
their own on-premises resources to

41
00:03:00.994 --> 00:03:05.918
the Cloud by securely connecting them
using Virtual Private Networks or VPNs.

42
00:03:05.918 --> 00:03:09.746
When building many subnets and
deploying several workloads,

43
00:03:09.746 --> 00:03:14.520
it becomes necessary to ensure that
applications continue to be responsive.

44
00:03:14.520 --> 00:03:19.009
That is achieved with load balancers that
ensure availability of bandwidth for

45
00:03:19.009 --> 00:03:20.753
the different applications.

46
00:03:20.753 --> 00:03:25.454
Enterprises with hybrid Cloud environment
find using dedicated high speed

47
00:03:25.454 --> 00:03:30.007
connections between clouds and
on premise resources is a more secured and

48
00:03:30.007 --> 00:03:33.622
more efficient way than public
connectivity solutions.

49
00:03:33.622 --> 00:03:37.495
Some cloud service providers
offer such connectivity,

50
00:03:37.495 --> 00:03:42.175
such as IBM Cloud and its Direct Link
solution that enables extending

51
00:03:42.175 --> 00:03:45.495
on-premises resources
to the Cloud as needed.

52
00:03:45.495 --> 00:03:49.404
Building a Cloud Network entails
creating a set of logical constructs

53
00:03:49.404 --> 00:03:54.109
that deliver networking functionality that
is akin to the data center networks that

54
00:03:54.109 --> 00:03:58.416
all IT professionals have come to rely
on for securing their environments and

55
00:03:58.416 --> 00:04:01.491
ensuring high-performing
business applications.

56
00:04:01.491 --> 00:04:01.991
[MUSIC]