Every resource you run in AWS — an EC2 instance, an RDS database, a load balancer — sits inside a network. That network is the VPC: a private, isolated slice of the AWS cloud that you control. Understanding it means understanding how traffic actually reaches your resources, and how you keep them protected. The single most important distinction to walk away with is security groups versus NACLs, so that gets special attention below....
AWS has data centers everywhere. A handful of services help you actually use them — to route users to the right place, speed up the trip, or bring AWS closer to where the trip ends. The mental map ┌─────────────────────────────────────────────────────────┐ │ ROUTE traffic globally │ │ • Route 53 (DNS — where to send users) │ ├─────────────────────────────────────────────────────────┤ │ CACHE / ACCELERATE content │ │ • CloudFront (CDN — cache at edge) │ │ • S3 Transfer Accel (faster uploads to S3) │ │ • Global Accelerator (faster routes, no cache) │ ├─────────────────────────────────────────────────────────┤ │ EXTEND AWS to other places │ │ • Outposts (AWS racks in your data center) │ │ • WaveLength (AWS in 5G telecom datacenters) │ │ • Local Zones (AWS in metro areas near users) │ └─────────────────────────────────────────────────────────┘ Route 53 — global DNS Route 53 translates myapp....
A single EC2 instance is a single point of failure. To make an app highly available and elastic — able to handle variable load and survive failures automatically — AWS gives you two services that work hand in hand: ELB and ASG. The two pieces Service What it does Question it answers ELB Distributes incoming traffic across multiple EC2s “How do users reach my fleet?” ASG Adds, removes, and replaces EC2s based on demand or health “How big should my fleet be?...
Both VPCs and Isolated Networks in Apache CloudStack provide Layer-3 network isolation for user VMs, but they differ in design and use cases. Isolated Network An Isolated Network is a single, flat network with one virtual router. All VMs share the same subnet and routing domain. Key points: One subnet per network (e.g., 10.1.1.0/24). One virtual router handles NAT, DHCP, and firewall rules. No inter-tier routing; traffic is flat. Ideal for single-tier applications or quick deployments....
CloudStack components communicate across multiple networks and ports. Port Summary Table Source / Target Port(s) Purpose / Description User → Management Server 8080 / 8096 CloudStack UI / API Management Server ↔ Management Server 9090 / 8250 Clustered management coordination Management Server ↔ MySQL 3306 Database connection CPVM ↔ Management Server 8250 Console proxy and control communication SSVM ↔ Management Server 8250 Secondary storage operations (template, ISO, snapshot jobs) Virtual Router ↔ Management Server 3922 SSH control and configuration SSVM ↔ Secondary Storage (NFS) 111 / 2049 NFS mount and data transfer CPVM ↔ Hypervisors 22 / 443 Console proxy, authentication, and HTTPS access SSVM ↔ HTTP File Share 80 / 443 Template and ISO downloads User Browser ↔ CPVM 443 / 80 HTTPS console access for VM consoles Management Server ↔ Xen Hosts 22 / 80 / 443 Agent management, API communication Management Server ↔ KVM Hosts 22 Agent setup via SSH Management Server ↔ vCenter (ESXi) 443 vCenter API communication Virtual Router ↔ Secondary Storage 111 / 2049 Template and snapshot copy operations Accessing System VMs (CPVM / SSVM / VR) CloudStack deploys system VMs (such as CPVM, SSVM, and Virtual Routers) with an isolated link-local IP and restricted SSH access....