The page has been translated by Gen AI.

VPC-based Virtual Server DMZ Web Service

VPC-based Virtual Server DMZ Web Service

Overview

In the past, building a web hosting infrastructure that provides high availability and scalability in a legacy environment required the installation of complex solutions. Additionally, to ensure stability, it was inevitable to calculate capacity for peak times, which had a negative impact on services and costs due to increased lead times and operating expenses.

Samsung Cloud Platform provides a customer-dedicated network configuration that can communicate with the internet immediately after setup, along with a web service based on computing products that excel in scalability and stability, allowing for the rapid provision of the necessary web service infrastructure.

This document aims to provide a detailed explanation of the VPC-based Virtual Server DMZ web service architecture on Samsung Cloud Platform.

Architecture Diagram

DMZ Web Service Architecture Example
Figure. Samsung Cloud Platform-based DMZ Web Service Architecture Example
  1. Set the domain name to be opened externally in the DNS service and link it to the Load Balancer’s service IP.
    • The Load Balancer service IP is assigned in the VPC, which allows internet access.
  2. The Load Balancer can distribute web request traffic to multiple VM Auto Scaling groups, enhancing service stability.
  3. Relational databases can be configured in duplicate to increase availability or use DBaaS to enable duplication options.
    • DBaaS allows selecting from various relational database engines.
  4. Utilizing the NoSQL database service together can reduce response times for frequent requests by using it as a cache for relational databases.
  5. The WAF service protects web servers from attack traffic such as XSS or SQL injection.
  6. Additionally, using the DDoS Protection service allows for automatic response to external DDoS attacks.
  7. Object Storage can be used to store static content like images or videos or as a backup for databases.

Use Cases

Providing Public Web Services through VPC

Public web services that can connect to the internet can be configured using the Public IP feature provided by VPC.

  • Public IP can be easily registered with a domain name using the DNS service.

Securing Web Security through Service-Type Security Solutions and Security Group Application

To secure the security of web servers open to the internet, service-type security solutions like WAF and DDoS Protection can be configured.

  • WAF services monitor website traffic to detect and block attacks.
  • DDoS Protection services detect and block DDoS attacks that overwhelm web servers with traffic. Along with this, security groups can be set up with minimal permission policies to protect infrastructure from external attacks.

Pre-requisites

None

Limitations

DDoS Protection - Separate service requests are required for service application and policy requests.

Considerations

Security

When configuring security policies, separate security policies can be applied by distinguishing between Load Balancer and internal infrastructure security groups that require direct external access.

Firewall services can set allowed rules by subnet, or Security Group services can set allowed rules by Virtual Server, controlling unnecessary host network access.

Serverless

In the future, consideration can be given to transitioning to serverless web applications using Cloud Functions and API Gateway services.

Related Services

This is a list of Samsung Cloud Platform services related to the functions or configurations described in this guide. Please refer to them when selecting and designing services.

Service GroupServiceDetailed Description
ComputeVirtual ServerVirtual server optimized for cloud computing
ComputeVM Auto-ScalingService that automatically scales resources up or down according to demand
DatabaseMySQLService that easily creates and manages MySQL, a small but powerful open-source relational database
DatabaseCacheStoreKey-value in-memory data store with fast data processing capabilities
NetworkingLoad BalancerService that automatically distributes server traffic
NetworkingDNSService that easily sets up and manages domains
NetworkingVPCService that provides an independent virtual network in a cloud environment
NetworkingSecurity GroupVirtual firewall that controls VM traffic
NetworkingFirewallService that provides a firewall for VPC and internet, customer network connection traffic
StorageObject StorageObject storage convenient for data storage and search
Table. Related Services

Reference Documents

Configuring Web Hosting based on Samsung Cloud Platform Services