Skip to content

initial editorial review #2

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Aug 18, 2023
Merged

initial editorial review #2

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
35 changes: 18 additions & 17 deletions docs/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,29 +1,30 @@
# Seamless Deployment: From Provisioning to Runtime with IBM Cloud's Landing Zone
# Seamless Deployment: From Provisioning to Runtime With the IBM Cloud VPC Landing Zone

The introduction of IBM Cloud [Deployable Architectures](https://cloud.ibm.com/docs/secure-infrastructure-vpc?topic=secure-infrastructure-vpc-faqs) makes it easy to provision existing pre-defined architecture in no time.
The introduction of IBM Cloud [deployable architectures](https://cloud.ibm.com/docs/secure-infrastructure-vpc?topic=secure-infrastructure-vpc-faqs) makes it easy to provision predefined architecture in no time.

## 📖 What you will learn

In this hands-on lab, you will learn to:
In this hands-on lab, you will learn how to work with the VPC landing zone deployable architecture to accomplish these goals.

1. Create a customized VPC-based topology using the IBM Cloud [VPC Landing Zone Deployable Architecture](https://cloud.ibm.com/docs/secure-infrastructure-vpc?topic=secure-infrastructure-vpc-overview)
2. Deploy and expose a web application on top of this secure topology. For this lab, we will use an Apache service as an example.
3. Share this deployable pattern with your enterprise through an IBM Cloud Private Catalog
1. Create a customized VPC-based topology from the VPC Landing Zone deployable architecture.
2. Deploy and expose a web application on this secure topology. For this lab, we use an Apache service as an example.
3. Share this deployable pattern with your enterprise through the IBM Cloud private catalog.

This lab also introduces some concepts and background prior to diving onto the hands-on steps, which can help you to better get the "bigger" picture. The hands-on steps are however designed to be independent from the concepts and background information.
The lab also introduces some concepts and background to help you to better get the "bigger" picture at the beginning. However, the hands-on steps are designed to be independent from the concepts and background information.

## Lab structure

This lab is split into two distinct parts. Part 1 is designed as a stepping stone for part 2.
The lab has two parts. The first part is a stepping stone to the second part.

- [Part 1](./part1/00-objectives) takes the perspective of a Cloud Infrastructure Engineer, and shows the end-to-end steps to:
1. Use the [Landing Zone Deployable Architecture](https://cloud.ibm.com/docs/secure-infrastructure-vpc?topic=secure-infrastructure-vpc-overview) to automatically deploy a secure VPC-based topology in an IBM Cloud account.
2. Manually customize the deployed infrastructure in the account to:
a. Provide operator access through a "jump box" VSI.\
b. Install an Apache server in one of the workload VPC that serves the web pages.\
c. Expose the web pages served by the Apache server through a public VPC load balancer.
In [part 1](./part1/00-objectives), you take the perspective of a cloud infrastructure engineer:

- [Part 2](./part2/00-objectives) takes the perspective of a DevOps/Automation Engineer, and shows how to:
1. Automate the manual steps in Part 1
2. Package, and share the automation with other users as a **Deployable Architecture** through a private IBM Cloud Catalog. This facilitates discoverability and consumption of your automation by other users.
1. Use the [Landing Zone Deployable Architecture](https://cloud.ibm.com/docs/secure-infrastructure-vpc?topic=secure-infrastructure-vpc-overview) to automatically deploy a secure VPC-based topology in an IBM Cloud account.
2. Manually customize the deployed infrastructure in the account in the following ways:
a. Provide operator access through a "jump box" VSI.
b. Install an Apache server in one of the workload VPCs that serves the web pages.
c. Expose the web pages that are served by the Apache server through a public VPC load balancer.

In [part 2](./part2/00-objectives), you are a DevOps/automation engineer:

1. Automate the manual steps in part 1.
2. Package, and share the automation with other users as a **Deployable architecture** through a private IBM Cloud catalog. This packaging in a private catalog helps specific users to find and consume your automation.
6 changes: 3 additions & 3 deletions docs/about/10-fs-cloud.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
# IBM Cloud for Financial Cloud Services Framework

The IBM Cloud Financial Cloud Services Framework provides comprehensive and detailed guidance to help address the needs of enterprises with regulatory compliance, security, and resiliency during the initial deployment phase and with ongoing operations. More details can be found at: [Getting started with IBM Cloud for Financial Services](https://cloud.ibm.com/docs/framework-financial-services?topic=framework-financial-services-about)
IBM Cloud Framework for Financial Services provides comprehensive and detailed guidance around regulatory compliance, security, and resiliency to help address the needs of enterprises both during initial deployment and with ongoing operations. For more information, see [Getting started with IBM Cloud for Financial Services](https://cloud.ibm.com/docs/framework-financial-services?topic=framework-financial-services-about).

Whilst the framework was initially based on the needs of financial institutions, as its name indicates, it can be used as a starting point and baseline for meeting compliance and security for most industries.
The framework was initially based on the needs of financial institutions, as its name indicates. However, it can be used as a compliance and security starting point and baseline for most industries.

The framework provides secure [VPC reference architectures](https://cloud.ibm.com/docs/framework-financial-services?topic=framework-financial-services-vpc-architecture-about) meeting a number of regulatory controls.
The framework provides secure [VPC reference architectures](https://cloud.ibm.com/docs/framework-financial-services?topic=framework-financial-services-vpc-architecture-about) that meet a number of regulatory controls.

![VPC reference architecture](../images/about-fs-cloud.png)
16 changes: 8 additions & 8 deletions docs/about/20-vpc-landing-zone.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
# VPC Landing Zone

IBM VPC Landing Zone (also refered as "SLZ" for Secure Landing Zone) is a set of [Infrastructure-As-Code](https://en.wikipedia.org/wiki/Infrastructure_as_code) automation that enables creating a fully customizable VPC environment within a single region. The VPC Landing Zone is implemented in terraform and automates the provisioning, configuring, and integration of several services that participates in the realization of a compliant VPC-based topology aligned with the documented [IBM Cloud Financial Services Framework](./about/10-fs-cloud).
IBM VPC Landing Zone (also referred to as "SLZ" for Secure Landing Zone) is [Infrastructure-As-Code](https://en.wikipedia.org/wiki/Infrastructure_as_code) automation that enables you to create a fully customizable VPC environment within a single region. The VPC Landing Zone is implemented in Terraform and automates the provisioning, configuring, and integration of several services that participate in the realization of a compliant VPC-based topology that is aligned with the documented [IBM Cloud for Financial Cloud Services Framework](./about/10-fs-cloud).

The automation is available as a set of [terraform modules on GitHub](https://github.com/terraform-ibm-modules/terraform-ibm-landing-zone). The automation creates and configures all of the resources necessary to create a secure and compliant topology:
- A resource group for cloud services and for each VPC.
The automation is available as a set of [Terraform modules on GitHub](https://github.com/terraform-ibm-modules/terraform-ibm-landing-zone). The automation creates and configures all of the resources necessary to create a secure and compliant topology:
- A resource group for cloud services and for each VPC
- Cloud Object Storage instances for flow logs and Activity Tracker (access and audit logs)
- Encryption keys in either a Key Protect or Hyper Protect Crypto Services instance
- A management and workload VPC connected by a transit gateway
Expand All @@ -15,15 +15,15 @@ The automation is available as a set of [terraform modules on GitHub](https://gi
# Landing Zone patterns


VPC Landing Zone comes with four fully functional patterns that are strictly following the IBM Cloud Financial Services reference architecture:
VPC Landing Zone comes with four fully functional patterns that follow the IBM Cloud Framework for Financial Services reference architecture:

- VPC pattern
- VPC with Virtual Servers ("VSIs") – which the lab will use.
- VPC with OpenShift ("ROKS")
- VPC with VSIs and OpenShift ("mixed") pattern.
- VPC with Virtual Servers ("VSIs") – which the lab uses.
- VPC with Red Hat OpenShift ("ROKS")
- VPC with VSIs and Red Hat OpenShift ("mixed") pattern.

| VPC pattern | Virtual server pattern | Red Hat OpenShift pattern | Mixed pattern |
| ------------------------------ | -------------------------------- | -------------------------------- | ---------------------------------- |
| [![VPC](https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-landing-zone/main/reference-architectures/vpc.drawio.svg)](https://github.com/terraform-ibm-modules/terraform-ibm-landing-zone/blob/main/patterns/vpc/README.md) | [![VSI](https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-landing-zone/main/reference-architectures/vsi-vsi.drawio.svg)](https://github.com/terraform-ibm-modules/terraform-ibm-landing-zone/blob/main/patterns/vsi/README.md) | [![ROKS](https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-landing-zone/main/reference-architectures/roks.drawio.svg)](https://github.com/terraform-ibm-modules/terraform-ibm-landing-zone/blob/main/patterns/roks/README.md) | [![Mixed](https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-landing-zone/main/.docs/images/mixed.png)](https://github.com/terraform-ibm-modules/terraform-ibm-landing-zone/blob/main/patterns/mixed/README.md) |

Each of the patterns can be used as a starting point to create your own customizable VPC-based topology that matches your enterprise or customer exact needs.
You can use any pattern as a starting point to create a customizable VPC-based topology that supports your customer needs or the needs of your enterprise.
20 changes: 10 additions & 10 deletions docs/about/30-deployable-arch.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,21 +1,21 @@
# Deployable Architecture
# Deployable architecture

“Deployable Architecture” is officially defined as Cloud automation for deploying a common architectural pattern that combines one or more cloud resources that is designed for easy deployment, scalability, and modularity.
A deployable architecture is defined as "Cloud automation for deploying a common architectural pattern that combines one or more cloud resources that is designed for easy deployment, scalability, and modularity.

More specifically, and concretely, from a technical perspective, “Deployable Architectures” are essentially terraform modules that are fully integrated into the IBM Cloud experience. Deployable Architecture are:
From a technical perspective, deployable architectures are essentially Terraform modules that are fully integrated into the IBM Cloud experience. Deployable architectures have these characteristics:

- Discoverable and available through the IBM Cloud Catalog (and through IBM Cloud search)
- Fully integrated in IBM Cloud Projects and Schematics.
- Discoverable and available through the IBM Cloud catalog (and through IBM Cloud search)
- Fully integrated in IBM Cloud projects and Schematics
- Integrated with [IBM Cloud Risk Analyzer](https://cloud.ibm.com/docs/code-risk-analyzer-cli-plugin?topic=code-risk-analyzer-cli-plugin-cra-cli-plugin#terraform-command)

In other words, it is possible for an end-user to execute the terraform automation behind a “Deployable Architecture” just from a few clicks and inputs in the IBM Cloud console.
In other words, a user can run the Terraform automation behind a deployable architecture just from a few clicks and inputs in the IBM Cloud console.

![Deployable Architecture console](../images/about-deployable-arch.png)
![Deployable architecture console](../images/about-deployable-arch.png)

The Landing Zone terraform module and patterns described in [🌍 VPC Landing Zone](./about/20-vpc-landing-zone.md) have a corresponding [Deployable Architecture](https://cloud.ibm.com/docs/secure-infrastructure-vpc?topic=secure-infrastructure-vpc-overview) in IBM Cloud. In this lab, the Secure Landing Zone is consumed through the Deployable Architecture experience for ease of use, rather than using the terraform CLI against the open-source github version.
The Landing Zone Terraform module and patterns that are described in [🌍 VPC Landing Zone](./about/20-vpc-landing-zone.md) have a corresponding [deployable architecture](https://cloud.ibm.com/docs/secure-infrastructure-vpc?topic=secure-infrastructure-vpc-overview) in IBM Cloud. To help you learn about deployable architectures, this lab provides steps for the deployable architecture in IBM Cloud rather than by running Terraform commands against the open source GitHub version.

IBM-maintained Deployable Architectures, like the Landing Zone Deployable Architecture:
IBM-maintained deployable architectures are just like the Landing Zone deployable architecture in these ways:

- Provide the same level of customer support as any other IBM Cloud product
- [Come with extensive documentation](https://cloud.ibm.com/docs/secure-infrastructure-vpc?topic=secure-infrastructure-vpc-overview)
- Are maintained and remains current over time
- Are maintained to be current over time
21 changes: 11 additions & 10 deletions docs/about/40-projects.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,18 +1,19 @@
# IBM Cloud Projects
# IBM Cloud projects

IBM Cloud Projects make it easy to manage Infrastructure-As-Code deployments across accounts, collaborate with team members, and maintain compliance.
IBM Cloud projects make it easy to manage Infrastructure-As-Code (IaC) deployments across accounts, collaborate with team members, and maintain compliance.

At its core, an IBM Cloud Project is made up of a collection of configurations that are used to manage related Infrastructure as Code (IaC) deployments (and associated resources) across accounts.
At its core, an IBM Cloud project is made up of a collection of configurations that are used to manage related Infrastructure as Code (IaC) deployments (and associated resources) across accounts.

As a concrete example, let’s imagine the scenario of a SRE team responsible for setting up the infrastructure supporting the web application. That SRE team wants to follow best practices and deploy the following environments, all based on the same Deployable Architecture template (but with slight configuration differences for each environment):
For example, let’s imagine the scenario of a SRE team that is responsible for setting up the infrastructure that supports the web application. That SRE team wants to follow best practices and deploy the following environments, which are based on the same deployable architecture template (but with slight configuration differences for each environment):

1. A development environment with scaled down compute resources and no audit event tracking.
2. A staging environment as close as possible to the production environment
3. 2 production environments: one in America and another one in Europe.
1. A development environment: with scaled down compute resources and no audit event tracking.
2. A staging environment: as close as possible to the production environment
3. Two production environments: one in North America and another one in Europe.

That SRE team can group configurations, and thus centralize the governance and supervision, for the four different environments in one single Project.

Beyond the core configuration grouping capability, IBM Cloud Projects is designed with an IaC and a compliance-first approach. Projects also seemingly integrate with IBM Cloud Schematics to deploy, update, and manage the resources created by the IaC automation.
Each project also includes tools to scan for potentially harmful resource changes, compliance, security, and cost, as well as tracking configuration versioning and governance.
Beyond the core configuration grouping capability, IBM Cloud projects is designed with an IaC and a compliance-first approach. Projects also seemingly integrates with IBM Cloud Schematics to deploy, update, and manage the resources that are created by the IaC automation.

![IBM Cloud Projects](../images/about-projects.png)
Each project also includes tools to scan for potentially harmful resource changes, compliance, security, and cost issues, and to track configuration versioning and governance.

![IBM Cloud projects](../images/about-projects.png)
2 changes: 1 addition & 1 deletion docs/cover.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
<img src="header.jpg">

> Seamless Deployment: From Provisioning to Runtime<br/>
> with IBM Cloud's Landing Zone
> with IBM Cloud VPC landing zone

_Session 2448_

Expand Down
20 changes: 10 additions & 10 deletions docs/sidebar.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,17 +1,17 @@
- [🌐 Introduction](README.md)
- [🏢 IBM Cloud for Financial Services](./about/10-fs-cloud.md)
- [🌍 VPC Landing Zone](./about/20-vpc-landing-zone.md)
- [🏗️ Deployable Architectures](./about/30-deployable-arch)
- [📚 IBM Cloud Projects](./about/40-projects.md)
- [🌍 VPC landing zone](./about/20-vpc-landing-zone.md)
- [🏗️ Deployable architectures](./about/30-deployable-arch)
- [📚 IBM Cloud projects](./about/40-projects.md)
- [📂 Part 1 - End-to-end deployment](./part1/00-objectives.md)
- [🚀 Deploy Landing Zone VSI pattern](./part1/10-project.md)
- [👤 Operator Access](./part1/20-operator-access.md)
- [🌐 Install Apache server](./part1/30-apache-server.md)
- [🌐 Expose a web application](./part1/40-expose-web-app.md)
- [🎓 Going further](./part1/50-going-further.md)
- [📂 Part 2 - Automating and sharing](./part2/00-objectives.md)
- [🛠️ Customization Options](./part2/10-customizing.md)
- [🔍 Executing the Custom Topology](./part2/20-custom-module.md)
- [🤖 Automate Web App Deployment](./part2/30-add-apache.md)
- [📦 Share with IBM Cloud Catalog](./part2/40-catalog-onboarding.md)
- [🎓 Going further](./part2/50-going-further.md)
- [🎓 Go further](./part1/50-going-further.md)
- [📂 Part 2 - Automate and share](./part2/00-objectives.md)
- [🛠️ Customization options](./part2/10-customizing.md)
- [🔍 Execute the custom topology](./part2/20-custom-module.md)
- [🤖 Automate web app deployment](./part2/30-add-apache.md)
- [📦 Share through a IBM Cloud catalog](./part2/40-catalog-onboarding.md)
- [🎓 Go further](./part2/50-going-further.md)