I’ve put together a short video that demonstrates how to configure OCI Zero Trust Packet Routing (ZPR) to secure resources within a Virtual Cloud Network (VCN).
For this, I will be using the following topology:
This includes a single VCN that contains 4 x subnets.
- 1 x Public Subnet – containing a Jump Server that is accessible directly over the Internet.
- 3 x Private Subnets – containing a Client PC, Load Balancer and 2 x Web Servers.
The intent of this demo is to create a ZPR configuration that supports the following access ✅ – but nothing more ❌
- SSH access from the Internet to the Jump Server ✅
- SSH access from the Jump Server > Client PC ✅
- HTTP access from the Client PC > Load Balancer ✅
- HTTP access from the Load Balancer > Web Servers ✅
This means that the following should not be permitted:
- Any access from the Jump Server > Load Balancer or Web Servers ❌
- Any access from the Client PC > Web Servers ❌
- Any access from the Web Servers > Client PC ❌
Brendan's Tech Ramblings 
Leave a comment