Skip to main content
University of Florida

Public Cloud

UFIT manages enterprise agreements with Amazon Web Services (AWS), Microsoft Azure (Azure), and Google Cloud Platform (GCP) for university use. As part of the IT rationalization policy all UF business with these public cloud vendors must be done through UFITs managed services. UFIT also provides access to AWS Academy and All of Us.

UFIT provides a white glove service where we work directly with customers to design secure and highly available public cloud services. UFIT implements and manages all public cloud resources to ensure all systems meet UFs standards. Each project is unique and the ownership of and access to resources is discussed and determined during the design phase.

Once service is established customers can access the public cloud consoles directly using their GLID or can access their resources directly when available.

All cloud billing is handled by UFIT. UFIT will send out bills monthly for the previous months cloud usage for each account. Some central infrastructure costs are covered by UFIT such as networking and centralized logging. UFIT will provide a detailed billing estimate as part of the design phase of projects. Default budget alerts are configured to email customers when projected or real costs exceed specified limits and users can use the costing service in each cloud to review costs.

AWS

Architecture

Networking
Direct Connect

UFIT has configured a pair of highly available, hosted, 1GB Direct Connects to provide a dedicated network to the campus data centers. This allows access to UF private IP space and if required the internet through UF data centers.

VPC

UFIT has configured two VPCs for use through a single Transit Gateway. If your services require the use of a VPC the appropriate one is allocated. Dedicated non-overlapping subnets are created in the UFIT VPC and shared with the appropriate accounts for use.

Data Center Extension

This VPC utilizes the UF Direct Connect to provide access to private UF IP space. Resources in this VPC cannot access the internet directly from AWS.

Internet

This VPC only has access to the Internet Gateway. It cannot access resources on private UF IP space.

Azure

Architecture

Networking
vNET

UFIT has configured two vNETs for use. If your services require the use of a vNET the appropriate one is allocated. Dedicated non-overlapping subnets are created in the UFIT vNET and shared with the appropriate accounts for use.

Data Center Extension

This would be a vNet with subnets that would behave in the same way as subnets and VLANs within the on-campus data centers. This would allow resources deployed in this vNet to access resources on campus using private IP addresses. Resources deployed in this vNet cannot access the internet directly via Azure but will instead go back through campus.

Internet Only

Subnets in this vNET would only have access to the public internet. Access to UF private IP space would not be allowed.

GCP

Architecture

Networking
VPC networks

UFIT intends to deploy multiple network postures to GCP as the they are needed. Those postures would be:

Data Center Extension

This would be a VPC with subnets in it that would behave in the same way as subnets and VLANs within the on-campus data centers. This would allow resources deployed in this vNet to access resources on campus using private IP addresses. Resources deployed in this vNet cannot access the internet directly via Azure but will instead go back through campus.

Internet Only

Subnets in this VPC would only have access to the public internet. Access to UF private IP space would not be allowed.

Currently, the only network posture available within GCP is the Internet Only.