SWINBURNE UNIVERSITY OF

TECHNOLOGY
SYDNEY CAMPUS

MASTER OF INFORMATION TECHNOLOGY

COS80001 – Cloud Computing Architecture
Assignment 2

Submitted to
Ammara Khan

Submitted by
Deepika Sharma
Student Id: 104819103
Email: [email protected]

Tutorial
Wednesday
Lecture timing: - 5:00 PM to 7:00 PM
Lab timing: - 7:00 PM to 9:00 PM

Website link: -
http://129.80.165.207/cos80001/photoalbum/album.php

Submission date: - 09/08/2024

Overview: - • A private subnet: This provides
enhanced security for resources that
In this assignment we are creating a secure
don't need direct internet access,
Virtual Cloud Network (VCN) on Oracle Cloud
such as our database.
Infrastructure (OCI) with specific subnets and
security settings, along with a MySQL Availability subnet IP Address
database. A Photo Album website, built with Domain
PHP, will be set up on a virtual machine, with Availability Public subnet 1 172.17.1.0/24
photos stored in an object storage bucket and Domain 1
their details saved in the database. The site Private subnet 1 172.17.3.0/24
will show photos and their info, accessible (MYSQL
through a public link. Additionally, we set up Database)
security lists for added security measures. Availability Public subnet 2 172.17.2.0/24
Domain 2 (Web server
Task 1: -
instance)
1.1 Create VCN: - Private subnet 2 172.17.4.0/24
(Test instance)
We created a Virtual Cloud Network (VCN)
named DSharmaVCN in the us-ashburn-1
region. This VCN serves as the foundation for
our network infrastructure. We set up two
availability domains, each containing public
and private subnets. The public subnets are
associated with a public route table, while the
private subnets are linked to a private route
table.

1.3 Internet Gateway: -

We have created an internet gateway in our

VCN. This enables outbound internet access
and allows inbound traffic from the internet.

1.2 Create subnets: -

We set up two availability domains for high

availability and fault tolerance. Each domain
contains:

• A public subnet: This allows direct

internet access.
1.4 Route table: -

We created two route tables PubicRouteTable

and PrivateRouteTable.

PublicRouteTable: - The public subnets are

associated with a Public Route Table that
includes a route to the Internet Gateway.

PrivateRouteTable: - The private subnets use

a private Route Table, which doesn't have a
direct route to the internet, enhancing
security.

Associate Route Tables with Subnets: -

Task 2: -

2.1 Create Network Security Groups: -

NSGs act as virtual firewalls for our

resources. We created two NSGs.
1. Test-InstanceNSG:
o Ingress: Allows all traffic from
anywhere. This is permissive for
testing purposes.
 o Egress: Allows only ICMP traffic to
Public Subnet 2. This restricts
outbound traffic for security.
2. Web-tierNSG:
• Ingress: Allows HTTP (port 80) and
SSH (port 22) from anywhere,
enabling web access and remote
administration. It also allows ICMP
from Private Subnet 2 for network
diagnostics.
• Egress: Permits ICMP to Private
Subnet 2 and all TCP traffic to Private
Subnet 1. This allows the web server
to communicate with the database
and perform network diagnostics.
Default Security List:-
By default, the “Default Security List” is
attached to all subnets. To simplify the
process, we REMOVE all Ingress and Egress
rules of this default Security list to make NSG
rules effective, for Private Subnet 2.
Task 3: -
3.1 Create Instance: -
We set up two key instances:
1. Bastion/Web server instance:
o Deployed in Public Subnet 2 for
internet accessibility.
o Uses Oracle-Linux-8 image for
compatibility and security.
o VM. Standard3. Flex shape with 1
OCPU and 16GB Memory,
balancing performance.
o Hosts the Apache web server and
PHP for the Photo Album
application
 o Acts as a bastion host, providing
secure access to resources in
private subnets.

Reserved public IP:-

Public_IP_Address will change every time in

webserver instance when we restart it. To
avoid this behavior and to ensure Webserver
public IP address remains persistent, we
added a Reserved Public IP Address by
allocating a Reserved Public IP address in the
same region under the Networking/IP
Management section.
2. Test instance:
• Deployed in a private subnet 2 for
security.
• Uses Oracle-Linux-8 image for
compatibility and security.
• VM. Standard3. Flex shape with 1
OCPU and 6GB Memory, balancing
performance.
• Used for testing network connectivity
and demonstrating the architecture.
Task 4:-
4.1 MySQL Database: -
The database is crucial for storing photo
metadata. Key points:
• Version 8.0.36 ensures we're using a
recent, supported version.
• Standalone setup is suitable for
development/testing environments.
• MySQL.VM.Standard.E3.1.8GB shape
provides a balance of performance
and cost.
• 50GB storage allows for future
growth.
• Disabled automatic backups to save
costs (manual backups
recommended for production)
• Placed in a private subnet 1 for
enhanced security.
• Accessed via phpMyAdmin on the
web server, providing a user-friendly
management interface.
4.2 Install phpMyAdmin:-

Using the provided instruction on

Install_phpMyAdmin_OCI.pdf we install
and access the phpMyAdmin.

1. Download phpMyAdmin onto your

instance and reconfigure
phpMyAdmin:

3. Access phpMyAdmin from your

local machine:

Task 5: -

5.1 Security Lists: -

2. Alter the “admin” user and update its
Security Lists provide an additional layer
identification on MySQL Database:
of network security. And we create two
security lists as below: -

1. PublicSubnet2SL (for web server): It

contains rules for allowing HTTP,
SSH, and MySQL traffic. Public
 Subnet 2 should be associated with Egress Allow Responses to
this security list. Rule Public Subnet 2 (Port
3306)
Allow All Other Traffic
Ingress Allow HTTP Traffic (Port 80)
Rule
Allow SSH Access (Port 22)
Allow MySQL Access from
Private Subnet 1 (Port 3306)
Allow ICMP Traffic from Test
Subnet.
Egress Allow All Other Traffic.
Rules

Testing database: -
2. PrivateSubnet1SL (for database): It
With the username and password we
contains rules for allowing MySQL
successfully login into phpMyAdmin.
traffic from Public Subnet 2 and
responses back to it. Private Subnet
1 should be associated with this
security list.

Ingress Allow MySQL Access

Rule from Public Subnet 2
(Port 3306)
Allow ICMP Traffic
from Public Subnet 2.
Task 6:- • Run the following SQL command to
create a table named
6.1 Photo storage: -
photo_metadata with the specified
We use OCI's Object Storage (Bucket) for columns:
photo storage:
• Insert the values using sql command.
• We Created a DSharma_Ass2_Bucket
for the Photo Album with publicly
visibility.
• Manually uploaded test photos to
verify functionality.

6.2 Photo meta-data in MySQL Database: -

Create the Table:

6.3 Photo Album website functionality: - Uploading photoalbum folder using winscrip

Modify the constants.php file in the provided

code using available information from the
storage bucket and MySQL database.

Website functionality:-

6.4 Testing:-

Ping from web server instance to testing

instance: -