vpc documentation
Project: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/commit/7a228261 Tree: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/tree/7a228261 Diff: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/diff/7a228261 Branch: refs/heads/javelin Commit: 7a228261c4233bfc133255bf877c74c7790b8e66 Parents: 453acc6 Author: Alex Huang <[email protected]> Authored: Thu Oct 4 21:04:04 2012 -0700 Committer: Alex Huang <[email protected]> Committed: Thu Oct 4 21:04:58 2012 -0700 ---------------------------------------------------------------------- docs/en-US/acquire-new-ip-for-vpc.xml | 73 +++++++++++++++ docs/en-US/add-loadbalancer-rule-vpc.xml | 123 +++++++++++++++++++++++++ docs/en-US/add-portforward-rule-vpc.xml | 103 +++++++++++++++++++++ docs/en-US/castor-with-cs.xml | 87 +++++++++++++++++ docs/en-US/configure-vpc.xml | 36 +++++++ docs/en-US/inter-vlan-routing.xml | 107 +++++++++++++++++++++ 6 files changed, 529 insertions(+), 0 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/7a228261/docs/en-US/acquire-new-ip-for-vpc.xml ---------------------------------------------------------------------- diff --git a/docs/en-US/acquire-new-ip-for-vpc.xml b/docs/en-US/acquire-new-ip-for-vpc.xml new file mode 100644 index 0000000..785e80b --- /dev/null +++ b/docs/en-US/acquire-new-ip-for-vpc.xml @@ -0,0 +1,73 @@ +<?xml version='1.0' encoding='utf-8' ?> +<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd"; [ +<!ENTITY % BOOK_ENTITIES SYSTEM "cloudstack.ent"> +%BOOK_ENTITIES; +]> +<!-- Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. +--> +<section id="acquire-new-ip-for-vpc"> + <title>Acquiring a New IP Address for a VPC</title> + <para>When you acquire an IP address, all IP addresses are allocated to VPC, not to the guest + networks within the VPC. The IPs are associated to the guest network only when the first + port-forwarding, load balancing, or Static NAT rule is created for the IP or the network. IP + can't be associated to more than one network at a time.</para> + <orderedlist> + <listitem> + <para>Log in to the &PRODUCT; UI as an administrator or end user.</para> + </listitem> + <listitem> + <para>In the left navigation, choose Network.</para> + </listitem> + <listitem> + <para>In the Select view, select VPC.</para> + <para>All the VPCs that you have created for the account is listed in the page.</para> + </listitem> + <listitem> + <para>Click the Configure button of the VPC to which you want to deploy the VMs.</para> + <para>The VPC page is displayed where all the tiers you created are listed in a + diagram.</para> + </listitem> + <listitem> + <para>Click the Settings icon.</para> + <para>The following options are displayed.</para> + <itemizedlist> + <listitem> + <para>IP Addresses</para> + </listitem> + <listitem> + <para>Gateways</para> + </listitem> + <listitem> + <para>Site-to-Site VPN</para> + </listitem> + <listitem> + <para>Network ACLs</para> + </listitem> + </itemizedlist> + </listitem> + <listitem> + <para>Select IP Addresses.</para> + <para>The IP Addresses page is displayed.</para> + </listitem> + <listitem> + <para>Click Acquire New IP, and click Yes in the confirmation dialog.</para> + <para>You are prompted for confirmation because, typically, IP addresses are a limited + resource. Within a few moments, the new IP address should appear with the state Allocated. + You can now use the IP address in port forwarding, load balancing, and static NAT + rules.</para> + </listitem> + </orderedlist> +</section> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/7a228261/docs/en-US/add-loadbalancer-rule-vpc.xml ---------------------------------------------------------------------- diff --git a/docs/en-US/add-loadbalancer-rule-vpc.xml b/docs/en-US/add-loadbalancer-rule-vpc.xml new file mode 100644 index 0000000..bba3e5a --- /dev/null +++ b/docs/en-US/add-loadbalancer-rule-vpc.xml @@ -0,0 +1,123 @@ +<?xml version='1.0' encoding='utf-8' ?> +<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd"; [ +<!ENTITY % BOOK_ENTITIES SYSTEM "cloudstack.ent"> +%BOOK_ENTITIES; +]> + +<!-- Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. +--> +<section id="add-loadbalancer-rule-vpc"> + <title>Adding Load Balancing Rules on a VPC</title> + <para>A &PRODUCT; user or administrator may create load balancing rules that balance traffic + received at a public IP to one or more VMs that belong to a network tier that provides load + balancing service in a VPC. A user creates a rule, specifies an algorithm, and assigns the rule + to a set of VMs within a VPC.</para> + <orderedlist> + <listitem> + <para>Log in to the &PRODUCT; UI as an administrator or end user.</para> + </listitem> + <listitem> + <para>In the left navigation, choose Network.</para> + </listitem> + <listitem> + <para>In the Select view, select VPC.</para> + <para>All the VPCs that you have created for the account is listed in the page.</para> + </listitem> + <listitem> + <para>Click the Configure button of the VPC to which you want to configure load balancing + rules.</para> + <para>The VPC page is displayed where all the tiers you created are listed in a + diagram.</para> + </listitem> + <listitem> + <para>Click the Settings icon.</para> + <para>The following options are displayed.</para> + <itemizedlist> + <listitem> + <para>IP Addresses</para> + </listitem> + <listitem> + <para>Gateways</para> + </listitem> + <listitem> + <para>Site-to-Site VPN</para> + </listitem> + <listitem> + <para>Network ACLs</para> + </listitem> + </itemizedlist> + </listitem> + <listitem> + <para>Select IP Addresses.</para> + <para>The IP Addresses page is displayed.</para> + </listitem> + <listitem> + <para>Click the IP address for which you want to create the rule, then click the Configuration + tab.</para> + </listitem> + <listitem> + <para>In the Load Balancing node of the diagram, click View All.</para> + </listitem> + <listitem> + <para>Select the tier to which you want to apply the rule.</para> + <note> + <para>In a VPC, the load balancing service is supported only on a single tier.</para> + </note> + </listitem> + <listitem> + <para>Specify the following:</para> + <itemizedlist> + <listitem> + <para><emphasis role="bold">Name</emphasis>: A name for the load balancer rule.</para> + </listitem> + <listitem> + <para><emphasis role="bold">Public Port</emphasis>: The port that receives the incoming + traffic to be balanced.</para> + </listitem> + <listitem> + <para><emphasis role="bold">Private Port</emphasis>: The port that the VMs will use to + receive the traffic.</para> + </listitem> + <listitem> + <para><emphasis role="bold">Algorithm</emphasis>. Choose the load balancing algorithm you + want &PRODUCT; to use. &PRODUCT; supports the following well-known algorithms:</para> + <itemizedlist> + <listitem> + <para>Round-robin</para> + </listitem> + <listitem> + <para>Least connections</para> + </listitem> + <listitem> + <para>Source</para> + </listitem> + </itemizedlist> + </listitem> + <listitem> + <para><emphasis role="bold">Stickiness</emphasis>. (Optional) Click Configure and choose + the algorithm for the stickiness policy. See Sticky Session Policies for Load Balancer + Rules.</para> + </listitem> + <listitem> + <para><emphasis role="bold">Add VMs</emphasis>: Click Add VMs, then select two or more VMs + that will divide the load of incoming traffic, and click Apply.</para> + </listitem> + </itemizedlist> + </listitem> + </orderedlist> + <para>The new load balancing rule appears in the list. You can repeat these steps to add more load + balancing rules for this IP address.</para> +</section> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/7a228261/docs/en-US/add-portforward-rule-vpc.xml ---------------------------------------------------------------------- diff --git a/docs/en-US/add-portforward-rule-vpc.xml b/docs/en-US/add-portforward-rule-vpc.xml new file mode 100644 index 0000000..c3dbc39 --- /dev/null +++ b/docs/en-US/add-portforward-rule-vpc.xml @@ -0,0 +1,103 @@ +<?xml version='1.0' encoding='utf-8' ?> +<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd"; [ +<!ENTITY % BOOK_ENTITIES SYSTEM "cloudstack.ent"> +%BOOK_ENTITIES; +]> +<!-- Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. +--> +<section id="add-portforward-vpc"> + <title>Adding a Port Forwarding Rule on a VPC</title> + <orderedlist> + <listitem> + <para>Log in to the &PRODUCT; UI as an administrator or end user.</para> + </listitem> + <listitem> + <para>In the left navigation, choose Network.</para> + </listitem> + <listitem> + <para>In the Select view, select VPC.</para> + <para>All the VPCs that you have created for the account is listed in the page.</para> + </listitem> + <listitem> + <para>Click the Configure button of the VPC to which you want to deploy the VMs.</para> + <para>The VPC page is displayed where all the tiers you created are listed in a + diagram.</para> + </listitem> + <listitem> + <para>Click the Settings icon.</para> + <para>The following options are displayed.</para> + <itemizedlist> + <listitem> + <para>IP Addresses</para> + </listitem> + <listitem> + <para>Gateways</para> + </listitem> + <listitem> + <para>Site-to-Site VPN</para> + </listitem> + <listitem> + <para>Network ACLs</para> + </listitem> + </itemizedlist> + </listitem> + <listitem> + <para>Choose an existing IP address or acquire a new IP address. Click the name of the IP + address in the list.</para> + <para>The IP Addresses page is displayed.</para> + </listitem> + <listitem> + <para>Click the IP address for which you want to create the rule, then click the Configuration + tab.</para> + </listitem> + <listitem> + <para>In the Port Forwarding node of the diagram, click View All.</para> + </listitem> + <listitem> + <para>Select the tier to which you want to apply the rule.</para> + </listitem> + <listitem> + <para>Specify the following:</para> + <itemizedlist> + <listitem> + <para><emphasis role="bold">Public Port</emphasis>: The port to which public traffic will + be addressed on the IP address you acquired in the previous step.</para> + </listitem> + <listitem> + <para><emphasis role="bold">Private Port</emphasis>: The port on which the instance is + listening for forwarded public traffic.</para> + </listitem> + <listitem> + <para><emphasis role="bold">Protocol</emphasis>: The communication protocol in use between + the two ports.</para> + <itemizedlist> + <listitem> + <para>TCP</para> + </listitem> + <listitem> + <para>UDP</para> + </listitem> + </itemizedlist> + </listitem> + <listitem> + <para><emphasis role="bold">Add VM</emphasis>: Click Add VM. Select the name of the + instance to which this rule applies, and click Apply.</para> + <para>You can test the rule by opening an ssh session to the instance.</para> + </listitem> + </itemizedlist> + </listitem> + </orderedlist> +</section> http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/7a228261/docs/en-US/castor-with-cs.xml ---------------------------------------------------------------------- diff --git a/docs/en-US/castor-with-cs.xml b/docs/en-US/castor-with-cs.xml new file mode 100644 index 0000000..6385452 --- /dev/null +++ b/docs/en-US/castor-with-cs.xml @@ -0,0 +1,87 @@ +<?xml version='1.0' encoding='utf-8' ?> +<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd"; [ +<!ENTITY % BOOK_ENTITIES SYSTEM "cloudstack.ent"> +%BOOK_ENTITIES; +]> +<!-- Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. +--> +<section id="castor-with-cs"> + <title>Using the CAStor Back-end Storage with &PRODUCT;</title> + <para>This section describes how to use a CAStor cluster as the back-end storage system for a + &PRODUCT; S3 front-end. The CAStor back-end storage for &PRODUCT; extends the existing storage + classes and allows the storage configuration attribute to point to a CAStor cluster.</para> + <para>This feature makes use of the &PRODUCT; server's local disk to spool files before writing + them to CAStor when handling the PUT operations. However, a file must be successfully written + into the CAStor cluster prior to the return of a success code to the S3 client to ensure that + the transaction outcome is correctly reported.</para> + <note> + <para>The S3 multipart file upload is not supported in this release. You are prompted with + proper error message if a multipart upload is attempted.</para> + </note> + <para>To configure CAStor:</para> + <orderedlist> + <listitem> + <para>Install &PRODUCT; 4.0 by following the instructions given in the INSTALL.txt + file.</para> + <note> + <para>You can use the S3 storage system in &PRODUCT; without setting up and installing the + compute components.</para> + </note> + </listitem> + <listitem> + <para>Enable the S3 API by setting "enable.s3.api = true" in the Global parameter section in + the UI and register a user.</para> + <para>For more information, see <ulink + url="https://cwiki.apache.org/CLOUDSTACK/s3-api-in-cloudstack.html";>S3 API in + &PRODUCT;</ulink>.</para> + </listitem> + <listitem> + <para>Edit the cloud-bridge.properties file and modify the "storage.root" parameter.</para> + <orderedlist numeration="loweralpha"> + <listitem> + <para>Set "storage.root" to the key word "castor".</para> + </listitem> + <listitem> + <para>Specify a CAStor tenant domain to which content is written. If the domain is not + specified, the CAStor default domain, specified by the "cluster" parameter in CAStor's + node.cfg file, will be used.</para> + </listitem> + <listitem> + <para condition="">Specify a list of node IP addresses, or set "zeroconf" and the cluster + name. When using a static IP list with a large cluster, it is not necessary to include + every node, only a few is required to initialize the client software.</para> + <para>For example:</para> + <programlisting>storage.root=castor domain=cloudstack 10.1.1.51 10.1.1.52 10.1.1.53</programlisting> + <para>In this example, the configuration file directs &PRODUCT; to write the S3 files to + CAStor instead of to a file system, where the CAStor domain name is cloudstack, and the + CAStor node IP addresses are those listed.</para> + </listitem> + <listitem> + <para>(Optional) The last value is a port number on which to communicate with the CAStor + cluster. If not specified, the default is 80.</para> + <programlisting>#Static IP list with optional port +storage.root=castor domain=cloudstack 10.1.1.51 10.1.1.52 10.1.1.53 80 +#Zeroconf locator for cluster named "castor.example.com" +storage.root=castor domain=cloudstack zeroconf=castor.example.com</programlisting> + </listitem> + </orderedlist> + </listitem> + <listitem> + <para>Create the tenant domain within the CAStor storage cluster. If you omit this step before + attempting to store content, you will get HTTP 412 errors in the awsapi.log.</para> + </listitem> + </orderedlist> +</section> http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/7a228261/docs/en-US/configure-vpc.xml ---------------------------------------------------------------------- diff --git a/docs/en-US/configure-vpc.xml b/docs/en-US/configure-vpc.xml new file mode 100644 index 0000000..45237d2 --- /dev/null +++ b/docs/en-US/configure-vpc.xml @@ -0,0 +1,36 @@ +<?xml version='1.0' encoding='utf-8' ?> +<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd"; [ +<!ENTITY % BOOK_ENTITIES SYSTEM "cloudstack.ent"> +%BOOK_ENTITIES; +]> +<!-- Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. +--> +<section id="configure-vpc"> + <title>Configuring a Virtual Private Cloud</title> + <xi:include href="vpc.xml" xmlns:xi="http://www.w3.org/2001/XInclude"/> + <xi:include href="add-vpc.xml" xmlns:xi="http://www.w3.org/2001/XInclude"/> + <xi:include href="add-tier.xml" xmlns:xi="http://www.w3.org/2001/XInclude"/> + <xi:include href="configure-acl.xml" xmlns:xi="http://www.w3.org/2001/XInclude"/> + <xi:include href="add-gateway-vpc.xml" xmlns:xi="http://www.w3.org/2001/XInclude"/> + <xi:include href="add-vm-to-tier.xml" xmlns:xi="http://www.w3.org/2001/XInclude"/> + <xi:include href="acquire-new-ip-for-vpc.xml" xmlns:xi="http://www.w3.org/2001/XInclude"/> + <xi:include href="release-ip-for-vpc.xml" xmlns:xi="http://www.w3.org/2001/XInclude"/> + <xi:include href="enable-disable-static-nat-vpc.xml" xmlns:xi="http://www.w3.org/2001/XInclude"/> + <xi:include href="add-loadbalancer-rule-vpc.xml" xmlns:xi="http://www.w3.org/2001/XInclude"/> + <xi:include href="add-portforward-rule-vpc.xml" xmlns:xi="http://www.w3.org/2001/XInclude"/> + <xi:include href="remove-tier.xml" xmlns:xi="http://www.w3.org/2001/XInclude"/> + <xi:include href="remove-vpc.xml" xmlns:xi="http://www.w3.org/2001/XInclude"/> +</section> http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/7a228261/docs/en-US/inter-vlan-routing.xml ---------------------------------------------------------------------- diff --git a/docs/en-US/inter-vlan-routing.xml b/docs/en-US/inter-vlan-routing.xml new file mode 100644 index 0000000..49a833c --- /dev/null +++ b/docs/en-US/inter-vlan-routing.xml @@ -0,0 +1,107 @@ +<?xml version='1.0' encoding='utf-8' ?> +<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd"; [ +<!ENTITY % BOOK_ENTITIES SYSTEM "cloudstack.ent"> +%BOOK_ENTITIES; +]> +<!-- Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. +--> +<section id="inter-vlan-routing"> + <title>About Inter-VLAN Routing</title> + <para>Inter-VLAN Routing is the capability to route network traffic between VLANs. This feature + enables you to build Virtual Private Clouds (VPC), an isolated segment of your cloud, that can + hold multi-tier applications. These tiers are deployed on different VLANs that can communicate + with each other. You provision VLANs to the tiers your create, and VMs can be deployed on + different tiers. The VLANs are connected to a virtual router, which facilitates communication + between the VMs. In effect, you can segment VMs by means of VLANs into different networks that + can host multi-tier applications, such as Web, Application, or Database. Such segmentation by + means of VLANs logically separate application VMs for higher security and lower broadcasts, + while remaining physically connected to the same device.</para> + <para>This feature is supported on XenServer and VMware hypervisors.</para> + <para>The major advantages are:</para> + <itemizedlist> + <listitem> + <para>The administrator can deploy a set of VLANs and allow users to deploy VMs on these + VLANs. A guest VLAN is randomly alloted to an account from a pre-specified set of guest + VLANs. All the VMs of a certain tier of an account reside on the guest VLAN allotted to that + account.</para> + <note> + <para>A VLAN allocated for an account cannot be shared between multiple accounts. </para> + </note> + </listitem> + <listitem> + <para>The administrator can allow users create their own VPC and deploy the application. In + this scenario, the VMs that belong to the account are deployed on the VLANs allotted to that + account.</para> + </listitem> + <listitem> + <para>Both administrators and users can create multiple VPCs. The guest network NIC is plugged + to the VPC virtual router when the first VM is deployed in a tier. </para> + </listitem> + <listitem> + <para>The administrator can create the following gateways to send to or receive traffic from + the VMs:</para> + <itemizedlist> + <listitem> + <para><emphasis role="bold">VPN Gateway</emphasis>: For more information, see <xref + linkend="create-vpn-gateway-for-vpc"/>.</para> + </listitem> + <listitem> + <para><emphasis role="bold">Public Gateway</emphasis>: The public gateway for a VPC is + added to the virtual router when the virtual router is created for VPC. The public + gateway is not exposed to the end users. You are not allowed to list it, nor allowed to + create any static routes.</para> + </listitem> + <listitem> + <para><emphasis role="bold">Private Gateway</emphasis>: For more information, see <xref + linkend="add-gateway-vpc"/>.</para> + </listitem> + </itemizedlist> + </listitem> + <listitem> + <para>Both administrators and users can create various possible destinations-gateway + combinations. However, only one gateway of each type can be used in a deployment.</para> + <para>For example:</para> + <itemizedlist> + <listitem> + <para><emphasis role="bold">VLANs and Public Gateway</emphasis>: For example, an + application is deployed in the cloud, and the Web application VMs communicate with the + Internet.</para> + </listitem> + <listitem> + <para><emphasis role="bold">VLANs, VPN Gateway, and Public Gateway</emphasis>: For + example, an application is deployed in the cloud; the Web application VMs communicate + with the Internet; and the database VMs communicate with the on-premise devices.</para> + </listitem> + </itemizedlist> + </listitem> + <listitem> + <para>The administrator can define Access Control List (ACL) on the virtual router to filter + the traffic among the VLANs or between the Internet and a VLAN. You can define ACL based on + CIDR, port range, protocol, type code (if ICMP protocol is selected) and Ingress/Egress + type.</para> + </listitem> + </itemizedlist> + <para>The following figure shows the possible deployment scenarios of a Inter-VLAN setup:</para> + <mediaobject> + <imageobject> + <imagedata fileref="./images/multi-tier-app.png"/> + </imageobject> + <textobject> + <phrase>mutltier.png: a multi-tier setup.</phrase> + </textobject> + </mediaobject> + <para>To set up a multi-tier Inter-VLAN deployment, see <xref linkend="configure-vpc"/>.</para> +</section>
