On Wed, May 6, 2015 at 11:18 AM, Vadim Kimlaychuk <vadim.kimlayc...@elion.ee > wrote:
> Geoff, > > Thank you for explaination. Basically the idea behind that was to > have (for instance) database tier and web-app tier. Web-apps-tier servers > have to communicate with databases, but databases are closed for outside > world. > The easiest way is to have 2 NICs at web-tier VMs and route inside VM > without need to send all the requests to VPC router. But you're also breaking the tiering. Your database server is now fully accessible from the internet (or wherever you're connected to) through the web servers, and not just the database. The proper way, imho, is to have a firewall between (ie. the VR), and fix the scaling issues instead. That's what you do in the non-cloud world as well, you create two tiers and put a firewall between them. -- Erik
