I'm looking into setting up a VPC in Cloudhub and just wanted to know whether I would setup one VPC for dev, test and production environments or whether I setup a VPC for dev and test environments and one for Production?
Also, is there a best practice for how to set up private and public subnets in a Cloudhub VPC?
Thanks
Typically, yes. Most clients I've worked on have used a VPC for non-prod, and a separate VPC for prod. It's good practice to have your production environment completely isolated from your non-production environments, especially on a networking level.
I'm going to provide some additional details because I think they may be relevant to where you're at with your VPC setup.
Deciding how many of your company's internal IP addresses you should allocate to your non-prod and prod VPCs can be a bit of a headache. This decision needs to be made upfront, as the VPC is immutable: additional IP addresses cannot be dynamically added or subtracted after the VPC is created. The VPC needs to be completely torn down, and a new one stood up. This means all applications in that VPC will need to come down and be re-deployed in the new VPC as well. You'll want to avoid this if at all possible.
You should know you will use an IP address for every worker, and every proxy across the entire VPC. So if you have a non-prod VPC servicing 2 environments (dev and test), and you have 4 applications using 2 workers each per environment, you will need at least 4 apps * 2 workers * 2 envs = 16 IP addresses allocated.
If I'm remembering correctly, MuleSoft was last recommending that you take however many IP addresses you think you will need (using the calculation above), and double it to determine how many IP addresses you should allocate per VPC.
Not sure about private/public subnets or how they apply to this situation.
You can have any number of environments hosted in a single VPC. So all 3 of your environments Dev, ST, Prod can reside in same VPC. DNS entries route the traffic to different environments. As recommended approach, host your test environments - DEV, ST, SI etc in same VPC and set a separate VPC for production.
thnx Vikas
The recommendation is to keep you Production environment separate from you non-production environment.
Before creating the VPCs, make sure to confirm the CIDRs with you network team to be sure those do not overlap any other network in your organization.
Regarding the size of the networks it also depend on you business and the plan you have for the future. I can suggest is better to over estimate. For example I would use a /16 even if a /24 is enough, this is because the VPC is immutable and once you create you can't change the size, so if you business grow fast you may need more IPs.
In CloudHub you don't have any control regarding the VPC sebnets. Those are managed internally by Mulesoft.
However,using Dedicated Load Balancers (DLB), you can have a secure separation between exposed resources and internal resources.
Inside each VPC, you can create a public DLB that expose only your public APIs and an internal DLB that serves all the APIs.
What's distinguish the 2 DLBs is the Whitelist section, where you specify who can connect to it.
Please have in mind that to connect to the intenal DLBs you will need to setup a VPN or Direct Connect between you company networks and the VPCs
Hope this helps ...
