In the ever-evolving landscape of cloud computing, businesses are continuously seeking robust, secure and flexible solutions to meet their IT infrastructure demands. In this post, we’ll discuss connecting the robust IBM Power Virtual Servers service to the secure IBM Cloud Virtual Private Cloud environment using IBM Cloud to support diverse workloads.

What is IBM Cloud Virtual Private Cloud (VPC)?

IBM Cloud Virtual Private Cloud (VPC) is a highly scalable and secure cloud networking service that allows businesses to create their isolated virtual network environments within the IBM Cloud infrastructure. With VPC, users can deploy and manage cloud resources like virtual servers, storage and networking components in a logically isolated environment, ensuring enhanced security and control over their cloud-based assets.

VPC provides the flexibility to define custom IP address ranges, subnets and route tables, enabling users to build complex network topologies to mirror their on-premises setups. Additionally, VPC allows seamless integration with other IBM Cloud services, creating a unified ecosystem to host various applications and workloads.

What are IBM Power Virtual Servers (PowerVS)?

IBM Power Virtual Servers (PowerVS) are a cutting-edge Infrastructure-as-a-Service (IaaS) offering designed specifically for businesses looking to harness the power of IBM Power Systems architecture. Built on IBM’s decades of experience in enterprise-class computing, PowerVS empowers organisations to deploy virtualised AIX, IBM i and Linux workloads on IBM Power Systems servers.

PowerVS brings together the performance and reliability of IBM Power processors, advanced virtualisation capabilities and the scalability of cloud computing. This combination enables businesses to run mission-critical applications and data-intensive workloads with optimal performance, high availability and robust security.

Advantages of using VPC and PowerVS on IBM Cloud

• Scalability and flexibility: By using IBM Cloud Virtual Private Cloud (VPC), organisations can create and manage virtual networks that scale seamlessly as their cloud requirements grow. IBM Power Virtual Servers (PowerVS) complement this scalability by offering virtual servers with dynamic compute and memory allocation, enabling businesses to adjust resources on the fly based on workload demands.
• Isolation and security: VPC provides a private, isolated network environment, ensuring enhanced security and data protection. PowerVS builds upon this by offering secure and dedicated virtual servers, keeping critical workloads separate from others in the cloud and mitigating the risk of data breaches.
• Compatibility and integration: The combination of VPC and PowerVS brings a unique advantage to businesses already leveraging IBM Power Systems on-premises. They can easily extend their existing infrastructure to the cloud, creating a hybrid cloud environment with seamless integration between on-premises and cloud-based workloads.
• Performance and reliability: PowerVS leverages IBM Power Systems architecture, known for its outstanding performance and reliability. This makes it an ideal platform for running resource-intensive applications—such as AI, big data analytics, and database workloads— while maintaining high availability and fault tolerance.
• Cost-effectiveness: Both VPC and PowerVS follow a pay-as-you-go pricing model, allowing businesses to optimize costs by scaling resources based on actual usage. This flexibility minimizes upfront capital expenditures and offers predictable billing for better financial planning.

In this article, we will explore the step-by-step process of connecting a VPC to PowerVS on IBM Cloud, leveraging the best of both services to create a powerful and versatile cloud computing environment. Let’s dive into the exciting world of VPC and PowerVS to unlock the full potential of cloud computing on IBM Cloud.

Architecture overview

Set up the IBM Cloud Virtual Private Cloud (VPC) environment

• Create a VPC and give it a meaningful name.
• Create a VPN Gateway and a VPN Connection. This connection must be made with a policy-based VPN.
• For Local IBM CIDRs, specify the PowerVS subnet, not the VPC subnet.
• For the Peer CIDRs, specify the subnet of the on-premises, as usual.

Note: On the opposite on-premises VPN router, also specify the PowerVS subnet (not the VPC subnet) for the Peer CIDRs.

Set up the IBM Power Virtual Servers (PowerVS) environment

• Create a PowerVS workspace and give it a meaningful name to ensure it is in the same region as the Client VPC previously created.
• Create an SSH key for accessing PowerVS virtual machines.
• Create a PowerVS subnet. Give the subnet a meaningful name and leave the DNS server as 127.0.0.1.
• Create a couple of virtual server instances in the PowerVS environment.

Note: To test this solution, let’s create two LPARS—one with private interface only and another machine with both public and private interfaces.

Set up connectivity

Create an Ingress routing table on VPC

• Define an ingress routing table so that packets destined for on-premises arriving at the VPC from PowerVS will be sent to the VPN tunnel.
• Create a new ingress routing table from the VPC display.
• At the time of writing, the GUI does not provide a way to tie the ingress table to the VPN; this has to be done from the command line interface using the following command: $ ibmcloud is vpc-routing-table-update <VPC ID> <INGRESS ROUTING_TABLE ID> --accept-routes-from-resource-type-filters vpn_gateway

Note: The route learned from the VPN Gateway cannot be deleted from the GUI, so if you want to delete it, use the following command: $ ibmcloud is vpc-routing-table-update --clean-all-accept-routes-from-filters

Create a cloud connection in PowerVS

• Inside the PowerVS display, give it a meaningful name and select a speed for the connection.
• As we are local to the VPC, we do not want to enable global routing but do want to enable the Transit Gateway.
• On the subnet sub-menu, attach the connection to the PowerVS subnet created earlier.

Create a Transit Gateway

• This will link the VPC environment to the PowerVS environment.
• Provide a meaningful name, select Local routing and ensure the Location is as per the PowerVS and client VPC.
• Add two connections: The first is to the client VPC and the second is a direct link and targets the connection created earlier.
• When the creation is completed, on the Routes page, click Generate Report and check that the reported routes are as expected.

Note: You should see explicit entries for the on-prem network, the VPC network and the PowerVS network. The on-prem and VPC networks are targeted to the VPC connection and the PowerVS network to the PowerVS connection.

Add IBM Cloud Object Storage (COS)

Having catered to the compute elements within the infrastructure, it is highly likely you’ll need access to IBM Cloud Object Storage (COS) as this is often used to store custom images for instance instantiation.

Create a COS service

• Create a new Object Storage Resource.
• Select IBM Cloud and an appropriate pricing plan.
• Choose a meaningful name and select a resource group, if desired.
• Once created, an overview page displays and additional tabs give information on the creation of buckets and management of access to the service

Create the COS storage bucket

• Create a unique bucket name (note the rules).
• Choose a level of resiliency. Given the infrastructure above, Regional is our best fit.
• Set the Region to match with the VPC region chosen previously.
• Choose the appropriate Storage Class; in this case, Smart Tier is most appropriate.
• For testing purposes, all other options can be defaulted.

Create a Virtual Private Endpoint

• Create a resource of type Virtual private endpoint gateway for VPC.
• Select the location to match that of the previously created VPC.
• Choose a meaningful name and select a resource group, if desired.
• Select the VPC created above.
• Select Cloud Object Storage from the list of Cloud Services.
• The only region available is Global for the COS service.
• Select the most appropriate endpoint for the VPE.
• Select how you want to reserve an IP address.
• Specify a name for the reserved IP and set the subnet wherein having it is to be created.

Having undertaken the setup above, the COS bucket should be available from both the VSIs within the VPC and the Power instances within the PowerVS environment using the address provided by the VPE.

Get started

Now that you’ve assembled the above infrastructure, it is possible to access the IBM Cloud Object Storage from within the IBM Power Virtual Servers environment. As this environment supports Linux, AIX and IBM i hosts, it is not practical to provide detailed instructions on how to undertake the detailed access to the object storage data.

The following resources provide additional guidance on provisioning this environment:

• VPC networks
• PowerVS networks
• Getting started with COS
• Transit Gateway
• Virtual Private Endpoints
• Direct Link