Easy Steps to Enable VPC in Cloud Raya

How can we help?
< All Topics
Print

Easy Steps to Enable VPC in Cloud Raya

Do you know that Virtual Private Cloud (VPC) is now ready on Cloud Raya panel? But, before that you need to make sure yourself is familiar with what VPC is.

VPC is a networking feature which replace the Default Network with Security Profile feature that previously existed in Cloud Raya.

For Cloud Raya accounts from existing customers, this VPC feature will not automatically appear in the Networking menu, but still displays the Security Profile menu.

However, for customers who have just created a Cloud Raya account after the official VPC release, it will automatically be active and the Security Profile will disappear.

↳ To activate the VPC, we can do it in the Settings menu > VPC Network
↳ Because we don’t set the VPC network and the Default Network with Security Profile together, we are required to choose to switch to VPC or still want to use the Default Network with Security Profile.

If you are still comfortable with the Default Network with Security Profile, where you only need to enter the port, the IP, without any advanced configuration, then you can still use the Security Profile.

But if you want a feature with the benefit that we can isolate some of our resources (VMs) with certain IPs, more advanced ACL control, and we don’t need to re-apply every time we make changes to the ACL Rules, then VPC is the answer.

Although in order to continue using Cloud Raya and add new VM resources, we are required to switch to VPC.

↳ When we want to migrate our account to use a VPC network, then we need to check this option. Keep in mind, this migration process cannot be reversed.
↳ We will wait for the process for a moment. When it is done, it will display the information as above, and the check mark will automatically change to read-only.
↳ If we check the Networking menu, the Security Profile feature will be replaced with the VPC menu that will appear.

Then the question now is how to configure the VPC in Cloud Raya, is it much more confusing and difficult than the Security Profile?

Of course not! Although the features offered are much more advanced, Cloud Raya with its User Friendly Panel slogan, will still make it easy for you to manage VPCs.

Let’s see how!

Configuring the VPC in Cloud Raya

↳ Now access the VPC menu. Here is what the start page looks like.

On the Virtual Private Cloud tab, a list of the VPC networks that we already have in a particular region/location will appear.
To start creating a VPC network, we can click on the “Create VPC” button.

↳ On the Create Virtual Private Cloud page, several fields will be displayed that we can customize.
1.Location:We select the region where we want to create this VPC Network. You can fill according to the location of the VM you want to launch. In this tutorial I will choose Seattle.
2.VPC Name:We fill in the name of the VPC network that we want to create.
3.Description:We fill in the description of the VPC network.
4.IP Address & Network Size:In the IP Address, we can specify the IP of the Super Network that we want.In this case I will make the Super Network IP is 10.20.23.0, with Network Size is /24.How many IP ranges can we have on this /24 network size? Don’t worry, the information will automatically appear. Later, in this Super Network, we can create smaller subnets for the needs of each group of resources that we want to isolate from other groups of resources.

If so, we can click on “Create VPC”.

↳ After we create the VPC network, we will be taken to the VPC Details page. There are several tabs & sections that we can check and customize on this page.

A. Detail VPC

In this tab there are 3 sections, namely:

  1. Detail Virtual Private Cloud
  2. VPC Subnet
  3. Access List

1. Detail Virtual Private Cloud

↳ In this section, we can check the information about the VPC that we have previously set. The VPC Global Public IP will display a list of the Public IPs of each VM that we add to this VPC network.

2. VPC Subnet

This section consist of a list of the subnets that we have will be displayed. To create a new one, we can click on “Create Subnet”.

▶️ Create Subnet
↳ On the Create Subnet page, several fields will be displayed that we can customize.
1.Subnet Name:We fill in the name of the Subnet that we want to create.
2.Description:We fill in the description of the subnet.
3.IP Address & Network Size:In this field, we can specify the range of Subnets we want for the resources we create.The range of the subnet must still be within the range of the Super Network that we created earlier (/24).In this tutorial I will create a subnet IP of 10.20.23.1, with a network size of /28
4.ACL Rules:Is a collection of firewall rules that we can customize.Conceptually, ACL Rules are the same as Security Profile, where we can specify which ports we want to open.In this step we select the Default ACL Rules first, for later we will adjust it again in the next step.

If so, click “Create Subnet”.

▶️ Managing Subnet Lists
↳ The subnet we just created will appear in this list. We can do some Actions on this subnet.
Detail
↳ It will display our subnet information and a list of which VMs are members of this subnet.
Change ACL
↳ We can readjust this Subnet to any other ACL Rule we want (if any)
View ACL Rules
↳ In this option, we can see the ACL Rule connected to this Subnet. We can also take action on each of the rules. For this we will discuss in the Access List discussion points.
Delete

In this option, we can delete the Subnet that we have. But please make sure that there are no VMs attached to this Subnet. Because if not, an error message will appear as follows.

↳ To work around this, you can create a new subnet, and put the VM in that subnet.

2. Access List

In line with the previous ACL Rules explanation on the Create Subnet page, when we finish creating the subnet, the ACL Profile will be displayed in this section.

  1. The total rules in the ACL will also be displayed.
  2. If we want to add a new Access List, we can click on “Create Access List”.
  3. In the ACL profile that we already have, we can manage several things such as changing its name, viewing the collection of rules, to deleting this profile.
▶️ Managing ACL Profile

According to point number 3 above, we can do several things on each of our ACL Profiles.

Rename
↳ We can rename the ACL in the following dialog box.
View Rules

Now let’s talk about the rules that are in this default ACL.

↳ By default, the collection of open ports is more or less the same as the Security Profile, namely management ports. But here there is a slight difference compared to the Security Profile, with the features “Traffic Type” and “Action” (what action we will do for this traffic type).
  • Egress : The type of traffic whose destination is outbound from our VM.
  • Ingress : The type of traffic whose destination is incoming / inbound into our VM.

With each Action in the default ACL listed on the list is “Allow”.

If we try to translate the set of rules above, it will be as follows:

Allow all ports with TCP and UDP protocols from 1 – 65535 from our VM, to be able to go to the internet. And allow ports 22, 3389, 80, 443 with the TCP protocol to be able to enter our VM.

We can also add new rules that we want by clicking on the “Create Rule” button.

↳ We can adjust the Protocol type, Start Port, End Port, Traffic Type, and Action of each of these rules in the “Edit” option. Or we can also delete this rule in the Delete option.
Delete

We can also remove the ACL Profile by clicking on the Delete option. However, please make sure that there are no subnets tied to this ACL Profile. Because if not, an error message like this will appear.

↳ To work around this, we can create a new ACL Profile, and replace the Subnet using the new ACL Profile.
▶️ Create Access List

If we have specific preferences regarding which Port and Protocol details we want to open and deny, or we want to we can do that by clicking on “Create Access List”.

↳ First, we specify the name of the ACL Profile
↳ In the new ACL Profile, we can manage the same things as the previous ACLs that we already have.
▶️ Import Access Control List rule from the previous Security Profile

When we have created a lot of rules on the Security Profile, of course we don’t want to create those rules again in the Access List in the VPC system.

Relax, you can do this easily in VPC.

↳ Enter the name of the ACL that we want, then check the “Import rule from Security Profile”.
↳ Specify the Security Profile that we want to import into this ACL.
↳ If so, click “Create ACL”
↳ We can see that the rules have been successfully imported into the new ACL system.

B. Traffic Statistic

↳ On the Traffic Statistic tab, we can check the traffic history of this VPC Network, as well as the total data transfer that has been used.

VPC Implementation

After activating and configuring the VPC, now we implement the VPC into the VM that we created.

↳ When you have not activated the VPC, the total steps in creating a VM are 3, so now there will be one additional step in launching our VM, namely “Network Configuration“.
Where, in this step we can determine the VPC network configuration that we want for the VM.
↳ In this configuration we can specify the VPC profile & VPC subnet.
Later, the IP ranges available for our VM will also be displayed. Keep in mind, the VPC profile that appears will adjust from the region where you want to launch the VM.
↳ The “VM detail” menu when using the VPC network we specified earlier. The private IP is already included in the IP range of our subnet.

Case Study

In this case study I will create 2 groups of resources.

Where in the Staging resource there are 2 VMs with the subnet range ‘A’, and in the Production resource there are 2 VMs with the subnet range ‘B’.

Goals that we will make, are:

  1. The VM from Staging resource can ping the VM from Production resource,
  2. Whereas VM from Production resource cannot ping the VM from Staging resource.

To achieve this we will create ACL rules for these 2 types of resources.

↳ In the ACL rules for Staging resource, we leave it Default.
↳ In the ACL rules for Production resource, we add 1 new rule to allow ICMP Protocol (ping) from Staging resource IP range (10.30.23.0/28).
↳ Now we test, it is observed that the Staging VM can ping the Production VM, while the Production VM cannot ping the Staging VM.

Some things you have to take note about VPC

  1. Ping can only from the Workstation/PC to the server (but not the other way round).
  2. In order for ping to works within the VPN network of the VPC, ICMP type 8 code 0 needs to be allowed for Ingress traffic (inbound) and need to at the top of the list,
  3. Make sure on your VPN configuration, “Allow these Protocols” -> “Microsoft CHAP Version 2” is checked.
    ▶️ Control Panel -> Network and Internet -> Network Connections -> Properties on your VPN device
    ▶️ Go to “Security” tab -> checkmark on “Allow these Protocols” -> “Microsoft CHAP Version 2”

  4. And make sure to uncheck the “Use default gateway on remote network”
    ▶️ Control Panel -> Network and Internet -> Network Connections -> Properties on your VPN device
    ▶️ Go to Networking Tab -> double click on Internet Protocol Version 4
    ▶️ Click Advanced -> IP Settings , uncheck “Use default gateway on remote network”
    ▶️ Its function is so that the Internet is still running and can also access the VPN/VPC network.
  5. All VMs within the same VPC Supernetwork can talk to one another. Just need to make sure to allow ICMP pings.
  6. VMs that belong to different VPC Supernetwork, they need to use the public IP to communicate one another.

Conclusion

Okay that’s a wrap.

In this article, we both know what a VPC is, its benefits and features, how to activate it, its configuration, and implementation in a case study.

If you want to see the video tutorial version, you can access it at the following YouTube link.

For further questions about VPC, please leave your questions in the comment below, or by Cloud Raya’s live chat.

Find more insights and knowledge with tech topic in Cloud Raya’s blog and Knowledge Base. Even better, you can try to start creating new VM and add Cloud Raya’s VPC on it.

Table of Contents

2 Comments

  1. When you have doubts about your children’s activities or the safety of their parents, you can hack their Android phones from your computer or mobile device to ensure their safety. No one can monitor around the clock, but there is professional spy software that can secretly monitor the activities of Android phones without making them aware.

Leave a Reply

Your email address will not be published. Required fields are marked *

Post comment

Ready, Set, Cloud

Ready, Set, Cloud