The ITS Virtual Data Center (vDC) is a set of core technologies, network architectures, and account structures that allow ITS staff to more easily use Amazon Web Services (AWS). It is not an out-of-the-box solution for running applications in AWS; instead, the vDC provides basic services commonly available on campus like authentication, backups, and networking to provide ITS staff familiar technologies as they deploy solutions in AWS.
A best practice in AWS is to separate workloads under unique AWS accounts. For ITS, a workload is essentially a service, with some exceptions. This practice of separating workloads into accounts provides a “blast radius” around a service so that account-wide issues don't’ interrupt service in other accounts. It also allows for cost control and monitoring within an account. The ITS account structure also provides organization-wide views into all ITS accounts for activities such as OS patching as well as aggregated billing.
Every account will have one UM-provided VPC within the us-east-2 (Ohio) region.
Each account has a standard VPC as shown in the diagram.
The VPC is divided into 4 logical subnet groups: Public, VPN, Private, VPC-only.
- Public subnets have direct Internet access using Amazon's public IP addresses.
- VPN subnets have direct access to on campus network.
- Private subnets have direct access to other peered VPCs.
- VPC-Only subnets have no connections to anywhere outside of the VPC.
Each subnet group has 3 subnets, one per AWS Availability Zone. A fourth subnet is reserved, but not configured, for expanding into a fourth availability when it becomes available.
For more information about Accounts, networking, managed operating systems, and many more subjects for using the vDC, see the vDC Documentation repository on Gitlab. (Available on campus networks and VPN.)