Providing a high quality Cloud service is impossible without providing a sufficient range of tools that allow to manipulate networking settings within the created Cloud infrastructures. EPAM Cloud includes a number of solutions that cover both connection and security aspects of the subject and allow to manipulate networking settings within the created Cloud infrastructures.
- Cloud Computing Service (C2S)
- Cloud Networking Service (CNS)
- Cloud Block Storage Service (CBS)
- Infrastructure Scheduling Service (CRON)
- Cloud Security Service(CS2)
- Cloud Identity Service (SSH)
- Auto Configuration Service (ACS)
- Terraform As A Service(TAS)
- Telemetry As A Service (TMS)
- Cloud Monitoring Service (CMS)
- Desktop As A Service
- CloudWach & SSM (SSM)
- Cloud Formation Service (CFS)
- Log Aggregation Service (LAS)
- Load Balancer Service (LBS)
- Relational Database Service (RDB)
- Docker Service (DOS)
- OpenShift as a Sevice (OSS)
- Kubernetes as a Service (KUB)
- Jenkins as a Service (JaS)
- Gerrit as a Service (GAS)
- Sonar as a Service (SQS)
- Artifactory as a Service (AFS)
- Messaging Service (MES)
- Cloud Support Service (CSS)
Cloud Networking Service (CNS)
This topic contains the following sections:
Have a Question?
The current page gives the general information on the service and the main workflows. However, while working with the services, our users encounter new questions they need assistance with. The most frequently asked questions on EPAM Cloud Services are gathered on the Cloud Services FAQ page. Visit the page to check whether we have a ready answer for your question.
Related CLI Commands
The table below provides the list of service-related commands and their descriptions:
|or2-describe-vlans||or2dvlans||Describes the VLANs available for the project|
|or2-move-instance-to-vlan||or2mivlan||Moves a VM to the specified VLAN|
|or2-allocate-static-ip||or2alsip||Allocates a static IP to the project|
|or2-associate-static-ip||or2assip||Associates a static IP with the specified instance|
|or2-describe-static-ips||or2dsip||Describes static IPs available for the project|
|or2-disassociate-static-ip||or2dissip||Disassociates a static IP from a VM|
|or2-release-static-ip||or2relsip||Removes the specified IP from the project pool|
|or2-describe-subnets||or2dsn||Describes subnets available for the specified project in the given region|
You can find the details about command usage in the Maestro CLI User Guide.
EPAM Cloud users can specify the network where resources will be created using special parameters with Maestro CLI or2run command. If several network IDs are specified, the instance will run with several interfaces each of which in the correspondent network. It can be useful for creating bastion instances.
In all private regions, instances have their permanent IP address. To work with CSA and public regions, there are a number of commands for reserving and assigning static IP addresses. While working with instances located in SDN, these commands manage floating IP.
Private Cloud Networking
Currently, EPAM Cloud supports two types of networks – external (VLAN), which is managed by the EPAM Network team and internal activated/deactivated by the corresponding support requests (project related SDN).
Working with external networks
All projects in EPAM run resources in shared VLAN called Server Network by default.
According to the definition, VLAN (Virtual Local Area Network) is a group of hosts sharing a single set of requirements and acting as if connected to a common broadband domain, regardless of their physical location. Being an external network for the cloud region, VLAN is managed by the EPAM Network team.
According to project needs, the project can submit a request to create project related VLAN .
By default, the VMs in EPAM Cloud are not accessible for external connections. However, there is often a need to provide access to these VMs from outside EPAM network. If the project requires to provide access to the instance from the Internet, special request about moving such instances to special VLAN called DMZ (VLAN 40) should be submitted - Exposing instance to Internet .
Demilitarized Zone (DMZ), is a physical or logical subnetwork separating the internal LAN of the company from other networks, usually the Internet. DMZ acts as an additional security perimeter for the internal LAN. DMZ hosts external-facing resources and services, while the rest of the internal LAN remains protected. Using a DMZ is the recommended approach for any service provided to users over the Internet.
After the request is submitted, the Security team performs a number of checks on the VM and places the VM to the DMZ. After that, the external access to the VM is allowed.
Please note that the VM description details (retrieved by or2-describe-instances command) will not include the VM external IP. The connection details will be given to the VM owner via email.
Working with internal networks
Each private OpenStack based region allows to create project related SDN.
Software-defined networking (SDN) technology is an approach to network management that enables dynamic, programmatically efficient network configuration in order to improve network performance and monitoring, making it more like cloud computing than traditional network management.
To create project related SDN, the project should submit special request and specify the details ( network addressing and which network should be external in relation to this SDN).
Public Cloud Management
Regardless of the public cloud provider, working with the network via Maestro CLI is limited by specifying the network where new resources will be created. For example, in AWS a new EC2 instance will be launched in the VPC to which the subnet ID is related.
The network manipulation can be performed only via Maestro CLI and includes the following operations.
To describe available networks and subnets for the specified project in the given region, invoke or2-describe-subnets (or2dsn) command and specify project and region.
or2dsn -p project -r region
To move an instance to another VLAN activated for the current project and availability region, use the or2-move-instance-to-vlan (or2mivlan) command and specify project, region, instance ID and VLAN ID.
or2mivlan -p project -r region -i instance_id -v vlan_id
In order to move between VLANs instances must be in the ‘stopped’ state. A VM that was moved to a non-default VLAN, cannot be returned.Currently, move-instance-to-vlan (or2mivlan) command is not available in OpenStack regions.
Static IP Management
The general flow for getting a static IP for your VM is quite simple: first, you allocate a static IP to your project, and then you associate one of the allocated and free Static IPs with the VMs on this project.
Static IPs can be managed only via Maestro CLI.
Below, you can see the examples of static-ip related commands usage:
To allocate a static IP for a project invoke or2-allocate-static-ip (or2alsip) and specify project and region.
or2alsip -p project -r region
Please note that for OpenStack regions ‘or2alsip’ command functions in a different way. Using this command allows to allocate static IPs from external network to be used as floating IPs for instances located in SDN.
To assign the specified static IP to a VM invoke or2-associate-static-ip (or2assip) command and specify project, region, instance ID and the IP to be assignedto the VM.
or2assip -p project -r region -i instance_id -a address
Assigning a static IP can take some time. Meanwhile, the VM will be unavailable for Maestro CLI commands. After associating a static IP, no additional configuration of your VM is required.Once associated with a static IP, DNS will be reregistered after a while.
To describe static IPs available for the project use or2-describe-static-ips (or2dsip) command and specify project and region.
or2dsip -p project -r region
To disassociate a static IP from a VM use or2-disassociate-static-ip (or2dissip) command and specify project, region an IP to be disassociated.
or2dissip -p project -r region -a address
Please note that when the operation is performed on a running VM in CSA based regions, the VM is automatically shut down and is set to the STOPPED state.
To remove the specified static IP from the project pool, invoke or2-release-static-ip (or2relsip) and specify project, region and IP to be removed.
or2relsip -p project -r region -a address
All commands used for static IP management are not available in Microsoft Azure regions.
The more detailed information on networking manipulation commands can be found in the Maestro CLI User Guide