Page MenuHomeDevCentral

Build a bastion - load balancers - private instances network topology
Open, NormalPublic


Currently, a lot of servers have public IcannNet addresses.

This is not needed, as we can switch to a more secure network topology:

  • bastion: allow developers and operations to connect per SSH to other machines
  • load balancer: receive public IP to act as a reverse proxy or network balancer for traffic
  • back-end server: keep private IP

That would help to reduce the attack surface of services.