From 1c893671ab9812830264e15d49a7ca1738405236 Mon Sep 17 00:00:00 2001 From: Aditya-ranjan-16 Date: Tue, 19 Aug 2025 13:23:13 +0530 Subject: [PATCH 01/14] feat: Migration of VPC DA to landing zone --- ibm_catalog.json | 109 ++++++++++++++++++++++++----------------------- 1 file changed, 56 insertions(+), 53 deletions(-) diff --git a/ibm_catalog.json b/ibm_catalog.json index ee4935575..0ed6f81f4 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -779,49 +779,86 @@ "target_terraform", "terraform", "solution", + "network", "network_vpc", - "reference_architecture", "converged_infra" ], "keywords": [ "vpc", "slz", - "IaC", - "Infrastructure", "terraform", + "IaC", + "infrastructure as code", "solution" ], - "short_description": "Deploys a secure VPC network without compute resources", - "long_description": "The VPC landing zone deployable architecture deploys a simple Virtual Private Cloud (VPC) infrastructure without any compute resources, such as Virtual Server Instances (VSI) or Red Hat OpenShift clusters. You can use this architecture as a base on which to deploy compute resources. Or you can deploy those resources by using the other landing zone deployable architectures: [VSI on VPC landing zone](https://cloud.ibm.com/catalog/architecture/deploy-arch-ibm-slz-vsi-ef663980-4c71-4fac-af4f-4a510a9bcf68-global) and [Red Hat OpenShift Container Platform on VPC landing zone](https://cloud.ibm.com/catalog/architecture/deploy-arch-ibm-slz-ocp-95fccffc-ae3b-42df-b6d9-80be5914d852-global).", + "short_description": "Deploy a Virtual Private Cloud (VPC) on IBM Cloud, offering full configurability and flexibility for diverse workloads.", + "long_description":"The VPC landing zone deployable architecture provides a foundational IBM Cloud [Virtual Private Cloud (VPC)](https://www.ibm.com/cloud/vpc) environment that serves as the base for deploying compute and advanced resources. It establishes the core networking and security framework without including Virtual Server Instances (VSI) or Red Hat OpenShift clusters by default. This architecture can be extended to support a variety of deployable architectures, such as [Cloud automation for Virtual Servers for Virtual Private Cloud](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-vsi-vpc-28e2b12c-858f-4ae8-8717-60db8cec2e6e-global), [Cloud automation for Red Hat OpenShift Container Platform on VPC](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-ocp-vpc-1728a4fd-f561-4cf9-82ef-2b1eeb5da1a8-global), [Cloud automation for Red Hat OpenShift AI](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-ocp-ai-ba708aed-bb8a-4ac0-83a7-53a066701db5-global), and other cloud automation architectures. By setting up this foundational layer, it enables consistent, scalable, and secure deployments across multiple IBM Cloud workloads.", "offering_docs_url": "https://cloud.ibm.com/docs/secure-infrastructure-vpc?topic=secure-infrastructure-vpc-overview#overview-vpc", "offering_icon_url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-landing-zone/main/.docs/images/deploy-arch-slz-vpc-lt.svg", "provider_name": "IBM", - "features": [ + "features": [ { - "description": "Creates a VPC-based topology based on two VPCs, by default.\n", - "title": "Creates Virtual Private Clouds" + "title": "Subnets", + "description": "Create [subnets](https://cloud.ibm.com/docs/vpc?topic=vpc-about-subnets-vpc) in three zones that divides your VPC into smaller, isolated networks across different availability zones. This helps you organize resources, improve availability, and control internal communication." }, { - "description": "Defines multiple subnets in the VPC to define IP ranges and organize resources within the network.\n", - "title": "Configures subnets" + "title": "Network ACLs", + "description": "Define rules for [Network Access Control Lists (ACLs)](https://cloud.ibm.com/docs/vpc?topic=vpc-using-acls) to allow or deny traffic to and from your subnets, providing an extra layer of network security." }, { - "description": "The transit gateway connects the two default VPCs that the deployable architecture creates.\n", - "title": "Creates a transit gateway" + "title": "Public gateways", + "description": "Configures [public gateways](https://cloud.ibm.com/docs/vpc?topic=vpc-about-public-gateways) to provide internet access to your VPC resources, acting as a bridge between private network components and the public internet." }, { - "description": "IBM Cloud Object Storage is used for Flow Logs and Activity Tracker, which enhance the observability and auditing of your infrastructure.\n", - "title": "Integrates Flow Logs and Activity tracking" + "title": "VPN gateways", + "description": "Create and configures [VPN gateways](https://cloud.ibm.com/docs/vpc?topic=vpc-vpn-overview) to enable secure, encrypted connections between your on-premises environment and IBM Cloud, ideal for hybrid cloud setups." + }, + { + "title": "VPE gateways", + "description": "Creates Virtual Private Endpoints (VPEs) gateways to allow private access to IBM Cloud services from within your VPC, avoiding public internet traffic. [Learn more](https://cloud.ibm.com/docs/vpc?topic=vpc-about-vpe)." }, { "description": "Isolates and speeds traffic to the public internet by using an edge VPC in a specific location, if enabled.\n", "title": "Supports edge networking" + }, + { + "description": "The transit gateway connects the two default VPCs that the deployable architecture creates.\n", + "title": "Creates a transit gateway" + }, + { + "title": "Security groups", + "description": "Has the ability to configure security groups that works like virtual firewalls for your instances, defining rules that control allowed inbound and outbound traffic. [Learn more](https://cloud.ibm.com/docs/vpc?topic=vpc-using-security-groups)." + }, + { + "title": "Address Prefixes", + "description": "Attaches address prefixes to define the IP address ranges used by your subnets, helping with IP management and planning in your VPC." + }, + { + "title": "Routing Table and routes", + "description": "Creates routing tables and custom routes to determine how traffic is directed within your VPC and to external networks. [Learn more](https://cloud.ibm.com/docs/vpc?topic=vpc-create-vpc-routing-table&interface=ui)." + }, + { + "title": "VPC flow logs", + "description": "Creates and configures [VPC flow logs]((https://cloud.ibm.com/docs/vpc?topic=vpc-flow-logs)) capture data about traffic moving through your network, helping with monitoring, auditing, and troubleshooting." + }, + { + "title": "Object Storage bucket for flow logs", + "description": "Creates and configures the Object storage bucket to store the network traffic data captured by VPC flow logs, enabling analysis and long-term storage." + }, + { + "title": "KMS encryption", + "description": "Supports Key Management Service (KMS) encryption for the Object Storage bucket where flow logs are stored, enhancing data security." + }, + { + "title": "Optional Integrations", + "description": "This solution can be integrated with Observability that supports configuring resources for logging, monitoring and activity tracker event routing." } ], "flavors": [ { "label": "Standard", "name": "standard", + "index": 2, "install_type": "fullstack", "working_directory": "patterns/vpc", "compliance": { @@ -1132,46 +1169,12 @@ ], "architecture": { "features": [ + { - "title": "Separate VPC for management", - "description": "Yes" - }, - { - "title": "Separate VPC for workloads", - "description": "Yes" - }, - { - "title": "Increases security with Key Management", - "description": "Yes" - }, - { - "title": "Reduces failure events by using multizone regions", - "description": "Yes" - }, - { - "title": "Collects and stores Internet Protocol (IP) traffic information with Activity Tracker and Flow Logs", - "description": "Yes" - }, - { - "title": "Securely connects to multiple networks with a site-to-site virtual private network", - "description": "Yes" - }, - { - "title": "Simplifies risk management and demonstrates regulatory compliance with Financial Services", - "description": "Yes" - }, - { - "title": "Uses an edge VPC for secure access through the public internet", - "description": "Yes, if enabled" - }, - { - "title": "Uses Floating IP address for access through the public internet", - "description": "No" - }, - { - "description": "Configures existing CBR (Context-based restrictions) rules to allow traffic to flow only from the landing zone VPCs to specific cloud services.\n", - "title": "Configures CBR" + "title": " ", + "description": "description" } + ], "diagrams": [ { @@ -1180,7 +1183,7 @@ "url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-landing-zone/main/reference-architectures/vpc.drawio.svg", "type": "image/svg+xml" }, - "description": "The Standard variation of the VPC landing zone deployable architecture deploys a simple Virtual Private Cloud (VPC) infrastructure without any compute resources. You can use this architecture as a base on which to deploy compute resources. The Standard variation uses two Virtual Private Clouds (VPC) - a Management VPC and a Workload VPC - to manage the environment and the deployed workload. Each VPC is a multi-zoned, multi-subnet implementation that keeps your workloads secure. A transit gateway connects the VPCs to each other and Virtual Private Endpoints are used connect to IBM Cloud services." + "description": "The Standard variation of the VPC landing zone deployable architecture deploys a simple Virtual Private Cloud (VPC) infrastructure without any compute resources. You can use this architecture as a base on which to deploy compute resources. The Standard variation uses two Virtual Private Clouds (VPC) - a Management VPC and a Workload VPC - to manage the environment and the deployed workload. Each VPC is a multi-zoned, multi-subnet implementation that keeps your workloads secure. A transit gateway connects the VPCs to each other and Virtual Private Endpoints are used connect to IBM Cloud services.

This variation integrates Key Mangement for increased security. It also leverages Activity Tracker and Flow Logs to collect and store Internet Protocol (IP) traffic information

It securely connects to multiple networks with a site-to-site virtual private network and uses an edge VPC for secure access through the public internet . It configures existing CBR (Context-based restrictions) rules to allow traffic to flow only from the landing zone VPCs to specific cloud services.

The Standard variation simplifies risk management and demonstrates regulatory compliance with Financial Services " } ] }, From a043fdd3d38a07b1e5113196c2ebd4fa664d2602 Mon Sep 17 00:00:00 2001 From: Aditya-ranjan-16 Date: Thu, 28 Aug 2025 15:36:39 +0530 Subject: [PATCH 02/14] fix --- ibm_catalog.json | 18 +++++++----------- 1 file changed, 7 insertions(+), 11 deletions(-) diff --git a/ibm_catalog.json b/ibm_catalog.json index 0ed6f81f4..9345707c5 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -772,7 +772,7 @@ }, { "name": "deploy-arch-ibm-slz-vpc", - "label": "VPC landing zone", + "label": "Cloud foundation for VPC", "product_kind": "solution", "tags": [ "ibm_created", @@ -791,12 +791,12 @@ "infrastructure as code", "solution" ], - "short_description": "Deploy a Virtual Private Cloud (VPC) on IBM Cloud, offering full configurability and flexibility for diverse workloads.", + "short_description": "Automates the deployment of Virtual Private Cloud (VPC) on IBM Cloud, offering full configurability and flexibility for diverse workloads.", "long_description":"The VPC landing zone deployable architecture provides a foundational IBM Cloud [Virtual Private Cloud (VPC)](https://www.ibm.com/cloud/vpc) environment that serves as the base for deploying compute and advanced resources. It establishes the core networking and security framework without including Virtual Server Instances (VSI) or Red Hat OpenShift clusters by default. This architecture can be extended to support a variety of deployable architectures, such as [Cloud automation for Virtual Servers for Virtual Private Cloud](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-vsi-vpc-28e2b12c-858f-4ae8-8717-60db8cec2e6e-global), [Cloud automation for Red Hat OpenShift Container Platform on VPC](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-ocp-vpc-1728a4fd-f561-4cf9-82ef-2b1eeb5da1a8-global), [Cloud automation for Red Hat OpenShift AI](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-ocp-ai-ba708aed-bb8a-4ac0-83a7-53a066701db5-global), and other cloud automation architectures. By setting up this foundational layer, it enables consistent, scalable, and secure deployments across multiple IBM Cloud workloads.", "offering_docs_url": "https://cloud.ibm.com/docs/secure-infrastructure-vpc?topic=secure-infrastructure-vpc-overview#overview-vpc", "offering_icon_url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-landing-zone/main/.docs/images/deploy-arch-slz-vpc-lt.svg", "provider_name": "IBM", - "features": [ + "features": [ { "title": "Subnets", "description": "Create [subnets](https://cloud.ibm.com/docs/vpc?topic=vpc-about-subnets-vpc) in three zones that divides your VPC into smaller, isolated networks across different availability zones. This helps you organize resources, improve availability, and control internal communication." @@ -815,7 +815,7 @@ }, { "title": "VPE gateways", - "description": "Creates Virtual Private Endpoints (VPEs) gateways to allow private access to IBM Cloud services from within your VPC, avoiding public internet traffic. [Learn more](https://cloud.ibm.com/docs/vpc?topic=vpc-about-vpe)." + "description": "Creates [Virtual Private Endpoints (VPEs)](https://cloud.ibm.com/docs/vpc?topic=vpc-about-vpe) gateways to allow private access to IBM Cloud services from within your VPC, avoiding public internet traffic." }, { "description": "Isolates and speeds traffic to the public internet by using an edge VPC in a specific location, if enabled.\n", @@ -827,7 +827,7 @@ }, { "title": "Security groups", - "description": "Has the ability to configure security groups that works like virtual firewalls for your instances, defining rules that control allowed inbound and outbound traffic. [Learn more](https://cloud.ibm.com/docs/vpc?topic=vpc-using-security-groups)." + "description": "Has the ability to configure [security groups](https://cloud.ibm.com/docs/vpc?topic=vpc-using-security-groups) that works like virtual firewalls for your instances, defining rules that control allowed inbound and outbound traffic." }, { "title": "Address Prefixes", @@ -835,15 +835,11 @@ }, { "title": "Routing Table and routes", - "description": "Creates routing tables and custom routes to determine how traffic is directed within your VPC and to external networks. [Learn more](https://cloud.ibm.com/docs/vpc?topic=vpc-create-vpc-routing-table&interface=ui)." - }, - { - "title": "VPC flow logs", - "description": "Creates and configures [VPC flow logs]((https://cloud.ibm.com/docs/vpc?topic=vpc-flow-logs)) capture data about traffic moving through your network, helping with monitoring, auditing, and troubleshooting." + "description": "Creates [routing tables](https://cloud.ibm.com/docs/vpc?topic=vpc-create-vpc-routing-table&interface=ui) and custom routes to determine how traffic is directed within your VPC and to external networks." }, { "title": "Object Storage bucket for flow logs", - "description": "Creates and configures the Object storage bucket to store the network traffic data captured by VPC flow logs, enabling analysis and long-term storage." + "description": "Creates and configures the Object storage bucket to store the network traffic data captured by [VPC flow logs]((https://cloud.ibm.com/docs/vpc?topic=vpc-flow-logs)), enabling analysis and long-term storage." }, { "title": "KMS encryption", From 46b2906477dd93072370fdda498604859b502b85 Mon Sep 17 00:00:00 2001 From: Aditya-ranjan-16 Date: Thu, 28 Aug 2025 18:21:55 +0530 Subject: [PATCH 03/14] fix --- ibm_catalog.json | 60 ++++++++++++------------------------------------ 1 file changed, 15 insertions(+), 45 deletions(-) diff --git a/ibm_catalog.json b/ibm_catalog.json index 9345707c5..ae63a6270 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -798,56 +798,24 @@ "provider_name": "IBM", "features": [ { - "title": "Subnets", - "description": "Create [subnets](https://cloud.ibm.com/docs/vpc?topic=vpc-about-subnets-vpc) in three zones that divides your VPC into smaller, isolated networks across different availability zones. This helps you organize resources, improve availability, and control internal communication." + "title": "VPC Networking and Subnet Management", + "description": "Automatically provisions [subnets](https://cloud.ibm.com/docs/vpc?topic=vpc-about-subnets-vpc) across three availability zones, dividing your VPC into smaller, isolated networks for improved organization, availability, and traffic control. Includes support for [address prefixes](https://cloud.ibm.com/docs/vpc?topic=vpc-about-subnets-vpc) to define IP ranges, and [routing tables](https://cloud.ibm.com/docs/vpc?topic=vpc-create-vpc-routing-table&interface=ui) with custom routes to manage how traffic flows within the VPC and to external networks." }, { - "title": "Network ACLs", - "description": "Define rules for [Network Access Control Lists (ACLs)](https://cloud.ibm.com/docs/vpc?topic=vpc-using-acls) to allow or deny traffic to and from your subnets, providing an extra layer of network security." + "title": "Network Security Controls", + "description": "Provides multiple layers of network protection through [Network ACLs](https://cloud.ibm.com/docs/vpc?topic=vpc-using-acls) and [security groups](https://cloud.ibm.com/docs/vpc?topic=vpc-using-security-groups). ACLs define subnet-level rules to allow or deny traffic, while security groups act as virtual firewalls for instances, controlling inbound and outbound connections." }, { - "title": "Public gateways", - "description": "Configures [public gateways](https://cloud.ibm.com/docs/vpc?topic=vpc-about-public-gateways) to provide internet access to your VPC resources, acting as a bridge between private network components and the public internet." + "title": "Connectivity and Gateway Services", + "description": "Enables secure and flexible connectivity options with [public gateways](https://cloud.ibm.com/docs/vpc?topic=vpc-about-public-gateways) for internet access, [VPN gateways](https://cloud.ibm.com/docs/vpc?topic=vpc-vpn-overview) for encrypted hybrid cloud connections, and [VPE gateways](https://cloud.ibm.com/docs/vpc?topic=vpc-about-vpe) for private access to IBM Cloud services. Also supports edge networking to isolate and optimize traffic to the public internet, and creates a transit gateway to connect the default VPCs in the deployable architecture." }, { - "title": "VPN gateways", - "description": "Create and configures [VPN gateways](https://cloud.ibm.com/docs/vpc?topic=vpc-vpn-overview) to enable secure, encrypted connections between your on-premises environment and IBM Cloud, ideal for hybrid cloud setups." + "title": "Flow Logs and Secure Storage", + "description": "Captures and stores network traffic data using [VPC flow logs](https://cloud.ibm.com/docs/vpc?topic=vpc-flow-logs), with logs directed to an Object Storage bucket for analysis and long-term retention. Supports Key Management Service (KMS) encryption for the storage bucket, ensuring enhanced data security and compliance." }, { - "title": "VPE gateways", - "description": "Creates [Virtual Private Endpoints (VPEs)](https://cloud.ibm.com/docs/vpc?topic=vpc-about-vpe) gateways to allow private access to IBM Cloud services from within your VPC, avoiding public internet traffic." - }, - { - "description": "Isolates and speeds traffic to the public internet by using an edge VPC in a specific location, if enabled.\n", - "title": "Supports edge networking" - }, - { - "description": "The transit gateway connects the two default VPCs that the deployable architecture creates.\n", - "title": "Creates a transit gateway" - }, - { - "title": "Security groups", - "description": "Has the ability to configure [security groups](https://cloud.ibm.com/docs/vpc?topic=vpc-using-security-groups) that works like virtual firewalls for your instances, defining rules that control allowed inbound and outbound traffic." - }, - { - "title": "Address Prefixes", - "description": "Attaches address prefixes to define the IP address ranges used by your subnets, helping with IP management and planning in your VPC." - }, - { - "title": "Routing Table and routes", - "description": "Creates [routing tables](https://cloud.ibm.com/docs/vpc?topic=vpc-create-vpc-routing-table&interface=ui) and custom routes to determine how traffic is directed within your VPC and to external networks." - }, - { - "title": "Object Storage bucket for flow logs", - "description": "Creates and configures the Object storage bucket to store the network traffic data captured by [VPC flow logs]((https://cloud.ibm.com/docs/vpc?topic=vpc-flow-logs)), enabling analysis and long-term storage." - }, - { - "title": "KMS encryption", - "description": "Supports Key Management Service (KMS) encryption for the Object Storage bucket where flow logs are stored, enhancing data security." - }, - { - "title": "Optional Integrations", - "description": "This solution can be integrated with Observability that supports configuring resources for logging, monitoring and activity tracker event routing." + "title": "Optional Observability Integrations", + "description": "Can be integrated with IBM Cloud Observability services to configure logging, monitoring, and activity tracker event routing, providing deeper visibility into network and workload operations." } ], "flavors": [ @@ -1165,12 +1133,14 @@ ], "architecture": { "features": [ - { "title": " ", - "description": "description" + "description": "Ideal for users who need a secure, multi-zone VPC foundation with separate management and workload environments, connected through a transit gateway and private endpoints." + }, + { + "title": " ", + "description": "Designed for regulated workloads, this variation integrates Key Management, Flow Logs, Activity Tracker, and Context-Based Restrictions to enhance security, auditing, and regulatory compliance." } - ], "diagrams": [ { From e846b7ed3dbcd766bab5b0677a3842744f5889e8 Mon Sep 17 00:00:00 2001 From: Aditya-ranjan-16 Date: Thu, 28 Aug 2025 18:59:05 +0530 Subject: [PATCH 04/14] fix --- ibm_catalog.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ibm_catalog.json b/ibm_catalog.json index ae63a6270..464fe4af8 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -820,7 +820,7 @@ ], "flavors": [ { - "label": "Standard", + "label": "Standard - Financial Services Edition", "name": "standard", "index": 2, "install_type": "fullstack", @@ -1135,11 +1135,11 @@ "features": [ { "title": " ", - "description": "Ideal for users who need a secure, multi-zone VPC foundation with separate management and workload environments, connected through a transit gateway and private endpoints." + "description": "Ideal for production workloads requiring compliance with financial services standards." }, { "title": " ", - "description": "Designed for regulated workloads, this variation integrates Key Management, Flow Logs, Activity Tracker, and Context-Based Restrictions to enhance security, auditing, and regulatory compliance." + "description": "Validated configuration aligned with IBM Cloud Framework for Financial Services." } ], "diagrams": [ From 2406920d9ca115306e3f3807d85ead4c11071440 Mon Sep 17 00:00:00 2001 From: Shikha Maheshwari Date: Fri, 29 Aug 2025 12:27:59 +0530 Subject: [PATCH 05/14] Update short description --- ibm_catalog.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ibm_catalog.json b/ibm_catalog.json index 464fe4af8..b2b5a1f76 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -791,7 +791,7 @@ "infrastructure as code", "solution" ], - "short_description": "Automates the deployment of Virtual Private Cloud (VPC) on IBM Cloud, offering full configurability and flexibility for diverse workloads.", + "short_description": "Deploy Virtual Private Clouds (VPCs) on IBM Cloud with full flexibility and customisation to support different workloads", "long_description":"The VPC landing zone deployable architecture provides a foundational IBM Cloud [Virtual Private Cloud (VPC)](https://www.ibm.com/cloud/vpc) environment that serves as the base for deploying compute and advanced resources. It establishes the core networking and security framework without including Virtual Server Instances (VSI) or Red Hat OpenShift clusters by default. This architecture can be extended to support a variety of deployable architectures, such as [Cloud automation for Virtual Servers for Virtual Private Cloud](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-vsi-vpc-28e2b12c-858f-4ae8-8717-60db8cec2e6e-global), [Cloud automation for Red Hat OpenShift Container Platform on VPC](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-ocp-vpc-1728a4fd-f561-4cf9-82ef-2b1eeb5da1a8-global), [Cloud automation for Red Hat OpenShift AI](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-ocp-ai-ba708aed-bb8a-4ac0-83a7-53a066701db5-global), and other cloud automation architectures. By setting up this foundational layer, it enables consistent, scalable, and secure deployments across multiple IBM Cloud workloads.", "offering_docs_url": "https://cloud.ibm.com/docs/secure-infrastructure-vpc?topic=secure-infrastructure-vpc-overview#overview-vpc", "offering_icon_url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-landing-zone/main/.docs/images/deploy-arch-slz-vpc-lt.svg", From da5a14617fae9811a28d0496236d23d123da4e08 Mon Sep 17 00:00:00 2001 From: Shikha Maheshwari Date: Fri, 29 Aug 2025 12:28:29 +0530 Subject: [PATCH 06/14] Update overview description --- ibm_catalog.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ibm_catalog.json b/ibm_catalog.json index b2b5a1f76..4b9f31cd6 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -792,7 +792,7 @@ "solution" ], "short_description": "Deploy Virtual Private Clouds (VPCs) on IBM Cloud with full flexibility and customisation to support different workloads", - "long_description":"The VPC landing zone deployable architecture provides a foundational IBM Cloud [Virtual Private Cloud (VPC)](https://www.ibm.com/cloud/vpc) environment that serves as the base for deploying compute and advanced resources. It establishes the core networking and security framework without including Virtual Server Instances (VSI) or Red Hat OpenShift clusters by default. This architecture can be extended to support a variety of deployable architectures, such as [Cloud automation for Virtual Servers for Virtual Private Cloud](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-vsi-vpc-28e2b12c-858f-4ae8-8717-60db8cec2e6e-global), [Cloud automation for Red Hat OpenShift Container Platform on VPC](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-ocp-vpc-1728a4fd-f561-4cf9-82ef-2b1eeb5da1a8-global), [Cloud automation for Red Hat OpenShift AI](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-ocp-ai-ba708aed-bb8a-4ac0-83a7-53a066701db5-global), and other cloud automation architectures. By setting up this foundational layer, it enables consistent, scalable, and secure deployments across multiple IBM Cloud workloads.", + "long_description":"This deployable architecture provides a foundational IBM Cloud [Virtual Private Cloud (VPC)](https://www.ibm.com/cloud/vpc) environment that serves as the base for deploying compute and advanced resources. It establishes the core networking and security framework without including Virtual Server Instances (VSI) or Red Hat OpenShift clusters by default. This architecture can be extended to support a variety of deployable architectures, such as [Cloud automation for Virtual Servers for Virtual Private Cloud](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-vsi-vpc-28e2b12c-858f-4ae8-8717-60db8cec2e6e-global), [Cloud automation for Red Hat OpenShift Container Platform on VPC](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-ocp-vpc-1728a4fd-f561-4cf9-82ef-2b1eeb5da1a8-global), [Cloud automation for Red Hat OpenShift AI](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-ocp-ai-ba708aed-bb8a-4ac0-83a7-53a066701db5-global), and other cloud automation architectures. By setting up this foundational layer, it enables consistent, scalable, and secure deployments across multiple IBM Cloud workloads.", "offering_docs_url": "https://cloud.ibm.com/docs/secure-infrastructure-vpc?topic=secure-infrastructure-vpc-overview#overview-vpc", "offering_icon_url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-landing-zone/main/.docs/images/deploy-arch-slz-vpc-lt.svg", "provider_name": "IBM", From cb904e32ced85bd14e120664b24073054f25d8a5 Mon Sep 17 00:00:00 2001 From: Shikha Maheshwari Date: Fri, 29 Aug 2025 12:29:43 +0530 Subject: [PATCH 07/14] updated features --- ibm_catalog.json | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/ibm_catalog.json b/ibm_catalog.json index 4b9f31cd6..e38dc94b4 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -814,9 +814,14 @@ "description": "Captures and stores network traffic data using [VPC flow logs](https://cloud.ibm.com/docs/vpc?topic=vpc-flow-logs), with logs directed to an Object Storage bucket for analysis and long-term retention. Supports Key Management Service (KMS) encryption for the storage bucket, ensuring enhanced data security and compliance." }, { - "title": "Optional Observability Integrations", + "title": "Observability Integration", "description": "Can be integrated with IBM Cloud Observability services to configure logging, monitoring, and activity tracker event routing, providing deeper visibility into network and workload operations." } + { + "title": "Traffic Management", + "description": "Configure routing tables and routes to control how traffic flows within the VPC and to external networks. [Learn more](https://cloud.ibm.com/docs/vpc?topic=vpc-create-vpc-routing-table&interface=ui)." + } + } ], "flavors": [ { From f51aa396a3cd384dcc1c956ad7c8f032cb62529f Mon Sep 17 00:00:00 2001 From: Shikha Maheshwari Date: Fri, 29 Aug 2025 12:30:12 +0530 Subject: [PATCH 08/14] Update ibm_catalog.json --- ibm_catalog.json | 1 - 1 file changed, 1 deletion(-) diff --git a/ibm_catalog.json b/ibm_catalog.json index e38dc94b4..849c089d0 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -821,7 +821,6 @@ "title": "Traffic Management", "description": "Configure routing tables and routes to control how traffic flows within the VPC and to external networks. [Learn more](https://cloud.ibm.com/docs/vpc?topic=vpc-create-vpc-routing-table&interface=ui)." } - } ], "flavors": [ { From d87f874ca86b4fb1b1865a203b9026ab493961ec Mon Sep 17 00:00:00 2001 From: Shikha Maheshwari Date: Fri, 29 Aug 2025 12:45:05 +0530 Subject: [PATCH 09/14] Update arch description --- ibm_catalog.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ibm_catalog.json b/ibm_catalog.json index 849c089d0..15d24db6b 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -1153,7 +1153,7 @@ "url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-landing-zone/main/reference-architectures/vpc.drawio.svg", "type": "image/svg+xml" }, - "description": "The Standard variation of the VPC landing zone deployable architecture deploys a simple Virtual Private Cloud (VPC) infrastructure without any compute resources. You can use this architecture as a base on which to deploy compute resources. The Standard variation uses two Virtual Private Clouds (VPC) - a Management VPC and a Workload VPC - to manage the environment and the deployed workload. Each VPC is a multi-zoned, multi-subnet implementation that keeps your workloads secure. A transit gateway connects the VPCs to each other and Virtual Private Endpoints are used connect to IBM Cloud services.

This variation integrates Key Mangement for increased security. It also leverages Activity Tracker and Flow Logs to collect and store Internet Protocol (IP) traffic information

It securely connects to multiple networks with a site-to-site virtual private network and uses an edge VPC for secure access through the public internet . It configures existing CBR (Context-based restrictions) rules to allow traffic to flow only from the landing zone VPCs to specific cloud services.

The Standard variation simplifies risk management and demonstrates regulatory compliance with Financial Services " + "description": "This deployable architecture deploys a simple Virtual Private Cloud (VPC) infrastructure without any compute resources. You can use this architecture as a base on which to deploy compute resources. This variation uses two Virtual Private Clouds (VPC) - a Management VPC and a Workload VPC - to manage the environment and the deployed workload. Each VPC is a multi-zoned, multi-subnet implementation that keeps your workloads secure. A transit gateway connects the VPCs to each other and Virtual Private Endpoints are used connect to IBM Cloud services.

This variation integrates key mangement services to enhance security. It also leverages Activity Tracker and Flow Logs to collect and store Internet Protocol (IP) traffic information.

It securely connects to multiple networks with a site-to-site virtual private network and uses an edge VPC for secure access through the public internet . It configures CBR (Context-based restrictions) rules to allow traffic to flow only from the landing zone VPCs to specific cloud services.

This deployable architecture simplifies risk management and demonstrates regulatory compliance with Financial Services." } ] }, From a0a14d029cd335e852b557aadf8c63941e7841c7 Mon Sep 17 00:00:00 2001 From: Shikha Maheshwari Date: Fri, 29 Aug 2025 18:01:03 +0530 Subject: [PATCH 10/14] Update ibm_catalog.json --- ibm_catalog.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ibm_catalog.json b/ibm_catalog.json index 15d24db6b..18f4cfb8f 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -816,7 +816,7 @@ { "title": "Observability Integration", "description": "Can be integrated with IBM Cloud Observability services to configure logging, monitoring, and activity tracker event routing, providing deeper visibility into network and workload operations." - } + }, { "title": "Traffic Management", "description": "Configure routing tables and routes to control how traffic flows within the VPC and to external networks. [Learn more](https://cloud.ibm.com/docs/vpc?topic=vpc-create-vpc-routing-table&interface=ui)." From f70b4c3f11a668b893607c2b09e0ec643cd09598 Mon Sep 17 00:00:00 2001 From: Shikha Maheshwari Date: Fri, 29 Aug 2025 18:08:06 +0530 Subject: [PATCH 11/14] update ref-arch --- ibm_catalog.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ibm_catalog.json b/ibm_catalog.json index 18f4cfb8f..271c08301 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -1150,7 +1150,7 @@ { "diagram": { "caption": "VPC landing zone - Standard variation", - "url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-landing-zone/main/reference-architectures/vpc.drawio.svg", + "url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-landing-zone/vpc_ref_arch/reference-architectures/vpc.drawio.svg", "type": "image/svg+xml" }, "description": "This deployable architecture deploys a simple Virtual Private Cloud (VPC) infrastructure without any compute resources. You can use this architecture as a base on which to deploy compute resources. This variation uses two Virtual Private Clouds (VPC) - a Management VPC and a Workload VPC - to manage the environment and the deployed workload. Each VPC is a multi-zoned, multi-subnet implementation that keeps your workloads secure. A transit gateway connects the VPCs to each other and Virtual Private Endpoints are used connect to IBM Cloud services.

This variation integrates key mangement services to enhance security. It also leverages Activity Tracker and Flow Logs to collect and store Internet Protocol (IP) traffic information.

It securely connects to multiple networks with a site-to-site virtual private network and uses an edge VPC for secure access through the public internet . It configures CBR (Context-based restrictions) rules to allow traffic to flow only from the landing zone VPCs to specific cloud services.

This deployable architecture simplifies risk management and demonstrates regulatory compliance with Financial Services." From 800212abc87eafd94f08acc1575f6a2eecfc53e7 Mon Sep 17 00:00:00 2001 From: Aditya-ranjan-16 Date: Mon, 1 Sep 2025 20:11:40 +0530 Subject: [PATCH 12/14] update catalog --- ibm_catalog.json | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/ibm_catalog.json b/ibm_catalog.json index 4129b9d02..3d9ba4087 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -792,7 +792,7 @@ "solution" ], "short_description": "Deploy Virtual Private Clouds (VPCs) on IBM Cloud with full flexibility and customisation to support different workloads", - "long_description":"This deployable architecture provides a foundational IBM Cloud [Virtual Private Cloud (VPC)](https://www.ibm.com/cloud/vpc) environment that serves as the base for deploying compute and advanced resources. It establishes the core networking and security framework without including Virtual Server Instances (VSI) or Red Hat OpenShift clusters by default. This architecture can be extended to support a variety of deployable architectures, such as [Cloud automation for Virtual Servers for Virtual Private Cloud](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-vsi-vpc-28e2b12c-858f-4ae8-8717-60db8cec2e6e-global), [Cloud automation for Red Hat OpenShift Container Platform on VPC](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-ocp-vpc-1728a4fd-f561-4cf9-82ef-2b1eeb5da1a8-global), [Cloud automation for Red Hat OpenShift AI](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-ocp-ai-ba708aed-bb8a-4ac0-83a7-53a066701db5-global), and other cloud automation architectures. By setting up this foundational layer, it enables consistent, scalable, and secure deployments across multiple IBM Cloud workloads.", + "long_description":"The VPC landing zone deployable architecture provides a foundational IBM Cloud [Virtual Private Cloud (VPC)](https://www.ibm.com/cloud/vpc) environment that serves as the base for deploying compute and advanced resources. It establishes the core networking and security framework without including Virtual Server Instances (VSI) or Red Hat OpenShift clusters by default. This architecture can be extended to support a variety of deployable architectures, such as [Landing zone for applications with virtual servers](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-vsi-vpc-28e2b12c-858f-4ae8-8717-60db8cec2e6e-global), [Landing zone for containerized applications with Red Hat Openshift](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-ocp-vpc-1728a4fd-f561-4cf9-82ef-2b1eeb5da1a8-global), [Cloud automation for Red Hat OpenShift AI](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-ocp-ai-ba708aed-bb8a-4ac0-83a7-53a066701db5-global), and other cloud automation architectures. By setting up this foundational layer, it enables consistent, scalable, and secure deployments across multiple IBM Cloud workloads.", "offering_docs_url": "https://cloud.ibm.com/docs/secure-infrastructure-vpc?topic=secure-infrastructure-vpc-overview#overview-vpc", "offering_icon_url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-landing-zone/main/.docs/images/deploy-arch-slz-vpc-lt.svg", "provider_name": "IBM", @@ -824,9 +824,9 @@ ], "flavors": [ { - "label": "Standard - Financial Services Edition", + "label": "Standard - Financial Services edition", "name": "standard", - "index": 2, + "index": 2, "install_type": "fullstack", "working_directory": "patterns/vpc", "compliance": { @@ -1149,8 +1149,8 @@ "diagrams": [ { "diagram": { - "caption": "VPC landing zone - Standard variation", - "url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-landing-zone/vpc_ref_arch/reference-architectures/vpc.drawio.svg", + "caption": "VPC landing zone - Standard (Financial Services edition)", + "url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-landing-zone/main/reference-architectures/vpc.drawio.svg", "type": "image/svg+xml" }, "description": "This deployable architecture deploys a simple Virtual Private Cloud (VPC) infrastructure without any compute resources. You can use this architecture as a base on which to deploy compute resources. This variation uses two Virtual Private Clouds (VPC) - a Management VPC and a Workload VPC - to manage the environment and the deployed workload. Each VPC is a multi-zoned, multi-subnet implementation that keeps your workloads secure. A transit gateway connects the VPCs to each other and Virtual Private Endpoints are used connect to IBM Cloud services.

This variation integrates key mangement services to enhance security. It also leverages Activity Tracker and Flow Logs to collect and store Internet Protocol (IP) traffic information.

It securely connects to multiple networks with a site-to-site virtual private network and uses an edge VPC for secure access through the public internet . It configures CBR (Context-based restrictions) rules to allow traffic to flow only from the landing zone VPCs to specific cloud services.

This deployable architecture simplifies risk management and demonstrates regulatory compliance with Financial Services." From 0a2556e8954fde75702192ab8bc5142c08b34d20 Mon Sep 17 00:00:00 2001 From: Aditya-ranjan-16 Date: Wed, 3 Sep 2025 16:55:49 +0530 Subject: [PATCH 13/14] fix --- ibm_catalog.json | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/ibm_catalog.json b/ibm_catalog.json index 3d9ba4087..a9f6443bc 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -792,7 +792,7 @@ "solution" ], "short_description": "Deploy Virtual Private Clouds (VPCs) on IBM Cloud with full flexibility and customisation to support different workloads", - "long_description":"The VPC landing zone deployable architecture provides a foundational IBM Cloud [Virtual Private Cloud (VPC)](https://www.ibm.com/cloud/vpc) environment that serves as the base for deploying compute and advanced resources. It establishes the core networking and security framework without including Virtual Server Instances (VSI) or Red Hat OpenShift clusters by default. This architecture can be extended to support a variety of deployable architectures, such as [Landing zone for applications with virtual servers](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-vsi-vpc-28e2b12c-858f-4ae8-8717-60db8cec2e6e-global), [Landing zone for containerized applications with Red Hat Openshift](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-ocp-vpc-1728a4fd-f561-4cf9-82ef-2b1eeb5da1a8-global), [Cloud automation for Red Hat OpenShift AI](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-ocp-ai-ba708aed-bb8a-4ac0-83a7-53a066701db5-global), and other cloud automation architectures. By setting up this foundational layer, it enables consistent, scalable, and secure deployments across multiple IBM Cloud workloads.", + "long_description": "The VPC landing zone deployable architecture provides a foundational IBM Cloud [Virtual Private Cloud (VPC)](https://www.ibm.com/cloud/vpc) environment that serves as the base for deploying compute and advanced resources. It establishes the core networking and security framework without including Virtual Server Instances (VSI) or Red Hat OpenShift clusters by default. This architecture can be extended to support a variety of deployable architectures, such as [Landing zone for applications with virtual servers](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-vsi-vpc-28e2b12c-858f-4ae8-8717-60db8cec2e6e-global), [Landing zone for containerized applications with Red Hat OpenShift](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-ocp-vpc-1728a4fd-f561-4cf9-82ef-2b1eeb5da1a8-global), [Cloud automation for Red Hat OpenShift AI](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-ocp-ai-ba708aed-bb8a-4ac0-83a7-53a066701db5-global), and other cloud automation architectures. By setting up this foundational layer, it enables consistent, scalable, and secure deployments across multiple IBM Cloud workloads.", "offering_docs_url": "https://cloud.ibm.com/docs/secure-infrastructure-vpc?topic=secure-infrastructure-vpc-overview#overview-vpc", "offering_icon_url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-landing-zone/main/.docs/images/deploy-arch-slz-vpc-lt.svg", "provider_name": "IBM", @@ -813,13 +813,21 @@ "title": "Flow Logs and Secure Storage", "description": "Captures and stores network traffic data using [VPC flow logs](https://cloud.ibm.com/docs/vpc?topic=vpc-flow-logs), with logs directed to an Object Storage bucket for analysis and long-term retention. Supports Key Management Service (KMS) encryption for the storage bucket, ensuring enhanced data security and compliance." }, - { - "title": "Observability Integration", - "description": "Can be integrated with IBM Cloud Observability services to configure logging, monitoring, and activity tracker event routing, providing deeper visibility into network and workload operations." - }, { "title": "Traffic Management", "description": "Configure routing tables and routes to control how traffic flows within the VPC and to external networks. [Learn more](https://cloud.ibm.com/docs/vpc?topic=vpc-create-vpc-routing-table&interface=ui)." + }, + { + "title": "Sets up logging for the VPC instance", + "description": "Optionally, you can deploy [Cloud automation for Cloud Logs]((https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-cloud-logs-63d8ae58-fbf3-41ce-b844-0fb5b85882ab-global)) to route, alert, and visualize platform logs that are generated by your VPC instance." + }, + { + "title": "Sets up monitoring operational metrics for the VPC instance", + "description": "Optionally, you can deploy [Cloud automation for Cloud Monitoring](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-cloud-monitoring-73debdbf-894f-4c14-81c7-5ece3a70b67d-global) to measure how users and applications interact with your VPC instance." + }, + { + "title": "Sets up activity tracking for the VPC instance", + "description": "Optionally, you can deploy [Cloud automation for Activity Tracker Event Routing](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-activity-tracker-918453c3-4f97-4583-8c4a-83ef12fc7916-global) to route and securely store auditing events that are related to your VPC instance." } ], "flavors": [ From 71a3be87ed417c14176d2c097d6e9d0c3bd1b4d2 Mon Sep 17 00:00:00 2001 From: Aditya-ranjan-16 Date: Wed, 3 Sep 2025 22:19:14 +0530 Subject: [PATCH 14/14] updates --- ibm_catalog.json | 23 +++++++++++-------- .../deploy-arch-ibm-slz-vpc-standard.md | 20 ++++++++-------- 2 files changed, 24 insertions(+), 19 deletions(-) diff --git a/ibm_catalog.json b/ibm_catalog.json index a9f6443bc..94c2c1ed7 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -792,14 +792,14 @@ "solution" ], "short_description": "Deploy Virtual Private Clouds (VPCs) on IBM Cloud with full flexibility and customisation to support different workloads", - "long_description": "The VPC landing zone deployable architecture provides a foundational IBM Cloud [Virtual Private Cloud (VPC)](https://www.ibm.com/cloud/vpc) environment that serves as the base for deploying compute and advanced resources. It establishes the core networking and security framework without including Virtual Server Instances (VSI) or Red Hat OpenShift clusters by default. This architecture can be extended to support a variety of deployable architectures, such as [Landing zone for applications with virtual servers](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-vsi-vpc-28e2b12c-858f-4ae8-8717-60db8cec2e6e-global), [Landing zone for containerized applications with Red Hat OpenShift](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-ocp-vpc-1728a4fd-f561-4cf9-82ef-2b1eeb5da1a8-global), [Cloud automation for Red Hat OpenShift AI](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-ocp-ai-ba708aed-bb8a-4ac0-83a7-53a066701db5-global), and other cloud automation architectures. By setting up this foundational layer, it enables consistent, scalable, and secure deployments across multiple IBM Cloud workloads.", + "long_description": "The Cloud foundation for VPC deployable architecture provides a foundational IBM Cloud [Virtual Private Cloud (VPC)](https://www.ibm.com/cloud/vpc) environment that serves as the base for deploying compute and advanced resources. It establishes the core networking and security framework without including Virtual Server Instances (VSI) or Red Hat OpenShift clusters by default. You can extend this deployable architecture to support a variety of others like [Landing zone for applications with virtual servers](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-vsi-vpc-28e2b12c-858f-4ae8-8717-60db8cec2e6e-global), [Landing zone for containerized applications with Red Hat OpenShift](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-ocp-vpc-1728a4fd-f561-4cf9-82ef-2b1eeb5da1a8-global), [Cloud automation for Red Hat OpenShift AI](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-ocp-ai-ba708aed-bb8a-4ac0-83a7-53a066701db5-global) and many more. You can set up a foundational layer to enable consistent, scalable, and secure deployments across multiple IBM Cloud workloads.", "offering_docs_url": "https://cloud.ibm.com/docs/secure-infrastructure-vpc?topic=secure-infrastructure-vpc-overview#overview-vpc", - "offering_icon_url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-landing-zone/main/.docs/images/deploy-arch-slz-vpc-lt.svg", + "offering_icon_url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-landing-zone-vpc/main/images/vpc_icon.svg", "provider_name": "IBM", "features": [ { "title": "VPC Networking and Subnet Management", - "description": "Automatically provisions [subnets](https://cloud.ibm.com/docs/vpc?topic=vpc-about-subnets-vpc) across three availability zones, dividing your VPC into smaller, isolated networks for improved organization, availability, and traffic control. Includes support for [address prefixes](https://cloud.ibm.com/docs/vpc?topic=vpc-about-subnets-vpc) to define IP ranges, and [routing tables](https://cloud.ibm.com/docs/vpc?topic=vpc-create-vpc-routing-table&interface=ui) with custom routes to manage how traffic flows within the VPC and to external networks." + "description": "Provisions [subnets](https://cloud.ibm.com/docs/vpc?topic=vpc-about-subnets-vpc) across three availability zones, dividing your VPC into smaller, isolated networks for improved organization, availability, and traffic control. It Includes support for [address prefixes](https://cloud.ibm.com/docs/vpc?topic=vpc-about-subnets-vpc) to define IP ranges, and [routing tables](https://cloud.ibm.com/docs/vpc?topic=vpc-create-vpc-routing-table&interface=ui) with custom routes to manage flow of traffic not only within the VPC but also to the external networks." }, { "title": "Network Security Controls", @@ -815,7 +815,7 @@ }, { "title": "Traffic Management", - "description": "Configure routing tables and routes to control how traffic flows within the VPC and to external networks. [Learn more](https://cloud.ibm.com/docs/vpc?topic=vpc-create-vpc-routing-table&interface=ui)." + "description": "Configures routing tables and routes to control the flow of traffic not only within the VPC but also to external networks. [Learn more](https://cloud.ibm.com/docs/vpc?topic=vpc-create-vpc-routing-table&interface=ui)." }, { "title": "Sets up logging for the VPC instance", @@ -1116,31 +1116,36 @@ "role_crns": [ "crn:v1:bluemix:public:iam::::serviceRole:Manager" ], - "service_name": "cloud-object-storage" + "service_name": "cloud-object-storage", + "notes": "[Optional] Required if VPC Flow Logs are enabled." }, { "role_crns": [ "crn:v1:bluemix:public:iam::::serviceRole:Manager" ], - "service_name": "hs-crypto" + "service_name": "hs-crypto", + "notes": "[Optional] Required if Hyper Protect Crypto Service is used for encryption." }, { "role_crns": [ "crn:v1:bluemix:public:iam::::role:Administrator" ], - "service_name": "iam-identity" + "service_name": "iam-identity", + "notes": "Required to create foundational IBM Cloud account resources, like IAM settings, resource groups." }, { "role_crns": [ "crn:v1:bluemix:public:iam::::serviceRole:Manager" ], - "service_name": "kms" + "service_name": "kms", + "notes": "[Optional] Required if Key Protect is used for encryption." }, { "role_crns": [ "crn:v1:bluemix:public:iam::::role:Administrator" ], - "service_name": "is.vpc" + "service_name": "is.vpc", + "notes": "Required to create Virtual Private Cloud(VPC)" } ], "architecture": { diff --git a/reference-architectures/deploy-arch-ibm-slz-vpc-standard.md b/reference-architectures/deploy-arch-ibm-slz-vpc-standard.md index 620b74b1f..46866bc64 100644 --- a/reference-architectures/deploy-arch-ibm-slz-vpc-standard.md +++ b/reference-architectures/deploy-arch-ibm-slz-vpc-standard.md @@ -1,10 +1,10 @@ --- copyright: - years: 2023, 2024 -lastupdated: "2024-09-26" + years: 2023, 2024, 2025 +lastupdated: "2025-09-03" -keywords: +keywords: Cloud foundation for VPC, VPC Landing Zone subcollection: deployable-reference-architectures @@ -29,7 +29,7 @@ docs: https://cloud.ibm.com/docs/secure-infrastructure-vpc image_source: https://github.com/terraform-ibm-modules/terraform-ibm-landing-zone/blob/main/reference-architectures/vpc.drawio.svg related_links: - - title: "VPC landing zone - Standard variation" + - title: "Cloud foundation for VPC - Standard (Financial Services edition) variation" url: "https://cloud.ibm.com/docs/deployable-reference-architectures?topic=deployable-reference-architectures-vpc-ra" description: "A deployable architecture that is based on the IBM Cloud for Financial Services reference and that provides virtual servers in a secure VPC for your workloads." @@ -43,7 +43,7 @@ content-type: reference-architecture {{site.data.keyword.attribute-definition-list}} -# VPC landing zone - Standard variation +# Cloud foundation for VPC - Standard (Financial Services edition) variation {: #vpc-ra} {: toc-content-type="reference-architecture"} {: toc-industry="Banking,FinancialSector"} @@ -51,19 +51,19 @@ content-type: reference-architecture {: toc-compliance="FedRAMP"} {: toc-version="8.5.0"} -The Standard variation of the VPC landing zone deployable architecture uses two Virtual Private Clouds (VPC), a Management VPC, and a Workload VPC to manage the environment and the deployed workload. Each VPC is a multi-zoned, multi-subnet implementation that keeps your workloads secure. A transit gateway connects the VPCs to each other and Virtual Private Endpoints are used connect to IBM Cloud services. +The Standard (Financial Services edition) variation of the Cloud foundation for VPC deployable architecture uses two Virtual Private Clouds (VPC), a Management VPC, and a Workload VPC to manage the environment and the deployed workload. Each VPC is a multi-zoned, multi-subnet implementation that keeps your workloads secure. A transit gateway connects the VPCs to each other and Virtual Private Endpoints are used connect to IBM Cloud services. IBM Cloud Flow Logs for VPC enables the collection and storage of information about the internet protocol (IP) traffic that is going to and from network interfaces within your VPC. In addition, Activity Tracker logs events from enabled services. IBM Cloud Flow Logs for VPC and Activity Tracker are included in this deployable architecture. You can add more security services, such as Hyper Protect Crypto Services. ## Architecture diagram {: #ra-vpc-architecture-diagram} -![Architecture diagram for the Standard variation of VPC landing zone](vpc.drawio.svg "Architecture diagram of VPC landing zone deployable architecture"){: caption="Figure 1. Standard variation of VPC landing zone" caption-side="bottom"}{: external download="vpc.drawio.svg"} +![Architecture diagram for the Standard variation of VPC landing zone](vpc.drawio.svg "Architecture diagram of VPC landing zone deployable architecture"){: caption="Standard (Financial Services edition) variation of Cloud foundation for VPC" caption-side="bottom"}{: external download="vpc.drawio.svg"} ## Design requirements {: #ra-vpc-qs-design-requirements} -![Design requirements for VPC landing zone](heat-map-deploy-arch-slz-vpc-standard.svg "Design requirements"){: caption="Figure 2. Scope of the design requirements" caption-side="bottom"} +![Design requirements for VPC landing zone](heat-map-deploy-arch-slz-vpc-standard.svg "Design requirements"){: caption="Scope of the design requirements" caption-side="bottom"}