Networking in Thalassa Cloud
Overview
Thalassa Cloud employs software-defined networking (SDN) providing high-performance, secure, and scalable networking. The networking architecture is designed to support multi-tenancy, network segmentation, and workload isolation, ensuring that applications and services can communicate securely and efficiently.
Networking Components
| Component | Description |
|---|---|
| VPCs | Thalassa Cloud uses Virtual Private Clouds (VPCs) to provide isolated networking environments for workloads. Each tenant can have multiple VPCs, ensuring complete network segregation and customizable routing policies. VPCs act as logically isolated network segments within a region, allowing for secure and controlled traffic flow. |
| Subnets | Each VPC contains multiple subnets, which segment resources based on availability zones, access levels, and traffic flows. Subnets are internal and private network segments, with support for NAT gateways for public internet access. This separation enables tenants to isolate sensitive workloads and optimize network design for performance and security. |
| Route Tables | Route tables define how network traffic is directed within a VPC. Each subnet is associated with a route table, which determines the paths traffic takes to reach different destinations. Custom route tables allow tenants to configure inter-subnet routing, VPN peering, and hybrid cloud connectivity. |
| NAT Gateways | Thalassa Cloud provides Network Address Translation (NAT) Gateways, enabling outbound internet access without exposing internal resources. NAT Gateways ensure that applications in private subnets can access external services securely while keeping inbound traffic blocked. |
| Load Balancers | Load balancers distribute traffic across multiple backend services, ensuring high availability and performance. Thalassa Cloud supports both Layer 4 (TCP/UDP) and Layer 7 (HTTP/HTTPS) load balancing, allowing users to efficiently handle application traffic. Load balancers can be used for ingress traffic management (external-facing applications), internal service load balancing (between microservices within the VPC), and high-availability setups with automatic failover mechanisms. |
Security
Firewalling
Networking security in Thalassa Cloud follows a multi-layered approach:
| Feature | Description |
|---|---|
| VPC Firewalling | Controls access at the VPC level, preventing unauthorized traffic between resources within and outside a VPC. |
| Security Groups | Define per-instance firewall rules, restricting inbound and outbound traffic based on port, protocol, and source. |