feat(vpc): use case started

Author: RoRoJ

network/vpc/reference-content/use-case-basic.mdx

@@ -27,58 +27,46 @@ The architecture diagram below shows the infrastructure for this use-case.
 
 This is a basic infrastructure to leverage VPC isolation:
 
-- The **Scaleway VPC** contains one **Private Network, to which a **Load Balancer** is attached
-- Users access an application via a domain name
-- The domain name's DNS record points to the public flexible IP of the Load Balancer.
-- The Load Balancer distributes traffic to multiple **Instances** also attached to the Private Network
-- The Instances do not have their own public (flexible) IP addresses, and are accessible only from inside the VPC.
-- The Instances can store data to and retrieve data from a **Managed Database** attached to the same Private Network, without going through the public Internet.
-- The **Public Gateway** attached to the Private Network has its own public flexible IP address, which administrators can use to access Instances and other resources in the VPC.
-- The Instances can access services outside the VPC (e.g. hosted on other Scaleway resources) via the Public Gateway.
+- Instances are hosting the application without having their own public/flexible IP addresses.
+- Managed Database is accessed by the Instances over the Private Network only, with no exposure to the public internet.
+- Load Balancer distributes user traffic to the Instances over the Private Network
+- Administrators can access the Instances via the Public Gateway
+- External services are accessed by the Instances via the Public Gateway
 
-## Advantages
+## Detail
+
+User requests go via a domain name, whose DNS record points to the public flexible IP of a Scaleway Load Balancer. This Load Balancer is attached to a **Private Network** in a **VPC**. It distributes user traffic to multiple **Instances** which are also attached to the Private Network, and do not have their own public/flexible IP addresses. These Instances are accessible only from within the VPC. The Instances can store data to and retrieve data from **Block Storage** and a **Managed Database** attached to the same Private Network and not exposed to the internet. 
 
+The **Public Gateway** attached to the Private Network has its own public flexible IP address, and administrators can use solutions such as SSH bastion to connect to Instances via the Public Gateway for maintenance and administrative tasks. The Public Gateway also provides secure access to the public internet should the Instances need to download package updates, for example. Finally, the Public Gateway also allows the Instances to access services outside the VPC, e.g. those hosted on other Scaleway resources which are not compatible with VPC, via their public endpoints.
+
+## Advantages
 
+### Isolation and security
 
-Advantages:
-VPC Isolation:
+Resources are isolated within a VPC, and public IP exposure is restricted to Load Balancer and Public Gateway. This enhances security, ensuring that only authorized services and users can access the VPC's resources, and reducing exposure to external threats. Any sensitive data stored on the Instances and Managed Databases is kept within the VPC, and not exposed to the public internet.
 
-By using a Virtual Private Cloud (VPC), resources are isolated within a private network, enhancing security. Only authorized services and users can access the resources inside the VPC, reducing exposure to potential threats.
-Load Balancer:
+### Scalability and reliability
 
-The Load Balancer distributes traffic across multiple Instances (virtual machines), improving scalability and reliability. If one instance fails, the load balancer redirects traffic to healthy ones, ensuring high availability.
-Private Network for Sensitive Resources:
+Use of the Load Balancer to distribute traffic across multiple Instances enhances reliability. If the Load Balancer's built-in health checks register that one Instance is down, it is able to immediately redirect traffic to the remaining healthy Instances only, ensuring high availability. Additional Instances can be spun up and added to the Load Balancer's backend at any time, facilitating on-demand scalability.
 
-The infrastructure separates resources like the Managed Database behind the private network, ensuring sensitive data is not directly exposed to the internet.
-Public Gateway with Flexible IP:
+External services like Transactional Email, Serverless, and NATS, Queues, Topics, and Events are also highly scalable, flexibily facilitating event-driven architectures and asynchronous processing.
 
-The Public Gateway allows controlled access to and from the VPC, enabling secure communication with external services. The Flexible IP offers static IP addresses, which are beneficial for setting up secure, consistent connections (e.g., for whitelisting or DNS records).
-Block and Object Storage:
+### Controlled access
 
-Block Storage is useful for persistent data needs (e.g., file systems for applications), while Object Storage outside the VPC is optimal for handling large amounts of unstructured data (e.g., backups, images, logs).
-Scalable External Services:
+The Public Gateway, with its public IP address, allows controlled access between the public internet and the VPC. Features such as SSH bastion allow selected administrators with the correct credentials to connect to resources within the VPC, and static NAT and/or advertisement of a default route provides the ability to direct traffic through the gateway to and from the resources within.
 
-The ability to connect to external services like Transactional Email, Serverless, and NATS, Queues, Topics, and Events gives flexibility for event-driven architectures, asynchronous processing, and scaling as needed without overloading core VPC resources.
-Security Features:
+## Applications
 
-Resources like the Secret Manager help securely store sensitive credentials and keys, improving overall security management.
-Applications:
-E-commerce Platforms:
+This kind of infrastructure is appropriate for many applications, including but not limited to:
+- **E-commerce platforms**: A scalable backend (Instances, Block Storage), which can securely connect to payment systems and privately-accessed user data (Managed Database), with public-facing components (Load Balancer) for appropriately handing user traffic.
+- **Web applications**: Web applications that routinely need to handle high traffic are ideally suited to the solution of a Load Balancer in front of a horizontally scalable set of Instances, to facilitate uptime and high availability and grow with demand.
+- **Enterprise applications**: Enterprises handling sensitive data (e.g. HR systems) can benefit from the isolation and security of a VPC, with all of its additional features, to keep internal services running without unneccessary exposure to the internet.
 
-This setup is perfect for an e-commerce platform, which needs a scalable backend (instances and block storage), secure payment systems (private database access), and public-facing components (load balancer and public gateway) for handling user traffic efficiently.
-Web Applications:
+## Tutorial
 
-Web apps that handle high traffic can benefit from the load balancer and instances, ensuring uptime and availability. These applications can scale horizontally as demand increases, making it suitable for apps like SaaS products, social networks, or content platforms.
-Enterprise Applications:
+Follow the steps below to create this infrastructure using the Scaleway console:
 
-Enterprises handling sensitive data (HR systems, CRMs, etc.) can use the VPC’s isolation and private networking to secure internal services, while still allowing selective access via the public gateway.
-Microservices Architectures:
 
-This infrastructure supports microservices, where each service can be independently deployed on different instances or as serverless functions, using the load balancer to distribute requests and queues to manage communication between services.
-Data Analytics and Big Data Processing:
 
-Applications requiring high-performance data processing (e.g., data analytics platforms, ETL pipelines) can use managed databases and block storage for internal data while storing large datasets in external object storage. Event-driven data workflows can be handled by the external NATS, Queues, Topics, and Events service.
-Mobile or Web Backends:
+## Terraform
 
-For mobile apps, this infrastructure can support a robust backend with an API gateway (public gateway), managing API calls securely and scaling as user demand grows.
-This setup provides a well-rounded, scalable, and secure foundation for a wide range of applications, particularly those requiring separation of public-facing and private resources.