Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.

Using Virtual Private Cloud (vpc)

6 868 vues

Publié le

From the APAC Webinar 201 Series

Publié dans : Technologie
  • Identifiez-vous pour voir les commentaires

Using Virtual Private Cloud (vpc)

  1. 1. APAC Webinar Series | AWS 201Using Virtual Private Cloud VPC Joseph Ziegler Technical Evangelistzieglerj@amazon.com @jiyosub
  2. 2. Before we Start
  3. 3. What if you could extend into the cloud easily and securely?
  4. 4. You Can! Corporate Amazon VPCData Center
  5. 5. Agenda• What is Virtual Private Cloud (VPC)• Common VPC Patterns• Case Study• Demos• VPC by Default
  6. 6. 2 Questions
  7. 7. What is VPC?
  8. 8. Making the Connection…
  9. 9. Introducing AWS Virtual Private CloudUser-defined virtual IP networking for EC2Private or mixed private/public addressing andsecured ingress/egressRe-use of proven and well-understoodnetworking concepts and technologies
  10. 10. Benefits of Using VPCAssign static private IP addresses to your instances that persist acrossstarts and stopsAssign multiple IP addresses to your instancesDefine network interfaces, and attach one or more network interfaces toyour instancesChange security group membership for your instances while theyre runningControl the outbound traffic from your instances (egress filtering) in additionto controlling the inbound traffic to them (ingress filtering)Add an additional layer of access control to your instances in the form ofnetwork access control lists (ACL)Run your instances on single-tenant hardware
  11. 11. Corporate Data Center Availability Zone 1 DirectConnect Location 10G Private Subnet Router Customer VPN Gateway Gateway (BGP/NoBGP) CorporateHeadquarters Public Subnet Internet Gateway Amazon VPC Availability Zone 2Branch Offices S3 SQS/SNS/SES SWF Elastic SimpleDB DynamoD New Enterprise IT Beanstalk AWS Region B Network Architecture
  12. 12. VPC Capabilities in a NutshellUser-defined address space up to /16• 65,536 addressesUp to 200 user-defined subnets up to /16User-defined:• Virtual routing, DHCP servers, and NAT instances• Internet gateways, ACLs, ingress/egress security groups and VPN tunnelsPrivate IPs stable once assignedElastic Network Interfaces
  13. 13. Internet VPC customers can launch instances in their own isolated network 10.134.2.3 10.1.2.3 10.218.5.17 10.27.45.16 10.243.3.5 10.8.55.5 10.141.9.810.99.42.97 10.155.6.7 10.16.22.33 10.131.7.28 10.6.78.201 Availability Zone a Availability Zone b Customer 1 Customer 2 Customer 3 VPC Customer
  14. 14. Internet VPCcan assign your launch instances thetheir own isolated network You customers can own IP range to in VPC network 10.0.1.6 10.0.0.5 10.0.1.510.0.0.6 10.0.1.8 10.0.3.5 10.0.1.25 10.0.3.17 Availability Zone a Availability Zone b VPC Customer
  15. 15. Rich Capabilities in VPCElastic Load Balancer, AutoScaling, CloudWatch, AlarmsRelational Database ServiceElastic MapReduceCloudFormationCluster ComputeElastiCacheElastic BeanstalkAnd more
  16. 16. VPN Connectivity OptionsHardware VPN - $0.05 per VPN ConnectionHour• $36 per month• Cisco, Juniper, Yamaha, Astaro, Fortinet, Vyatta, etc (even Windows 2008 R2 instance) InternetNow supports both BPG & static-routingSetup via the consoleRuns two VPN tunnels by default from yourrouter to cater for routine maintenanceUp to 10 VPNs per VPC
  17. 17. DirectConnect: Private X-Connect to AWS Dedicated bandwidth to AWS border network in 1Gbps or 10Gbps chunks Full access to public endpoints, EC2 Internet standard & VPCs • VLAN tagging maps to public side or VPCs Benefits: • Faster / more consistent throughput • Increased isolation and control Great companion technology to VPC
  18. 18. Dedicated InstancesOption to ensure physical hosts are notshared with other customers Single Tenant Compute Instance$10/hr flat fee per Region + small hourlychargeCan identify specific Instances asdedicatedOptionally configure entire VPC asdedicated
  19. 19. Common VPC Patterns
  20. 20. Models of Data Centre Extension Isolated project Expand existing systems into the cloud – no public exposure Expose systems to the public - hosted in the cloud Branch office access
  21. 21. Isolated Project Dev/Test Corporate Proof of Concept Users “Fail Fast” projects Time bound/ephemeral No need for internal system access of Router & Firewall resources AWS
  22. 22. Extending Existing Systems Into The Cloud• Leverage additional processing nodes Corporate data centre Corporate Users• Host entire stack in the cloud with secure LAN/WAN access. – E.g. Sharepoint, CMS, CRM, etc Router & Firewall• Dev/Test VPN Connection• Disaster Recovery• Big Data analysis• Use existing management tools AWS• No Internet access to systems
  23. 23. Expanding Systems Into The Cloud,with Public Internet Access• Enable access by Corporate data centre Corporate Users customers/partners to systems• Enable internal systems to be Router & Firewall involved and accessed by applications VPN Connection Customers/ Partners• Secure segregation of components and network access AWS
  24. 24. Branch Office Access • Enabling remote users & Branch Office Users offices to have secure Router & Firewall access to resources • Centralised systems with VPN Connection minimal infrastructure AWS VPN Connection VPN Connection Router & Firewall Router & Firewall Branch Office Users Branch Office Users
  25. 25. Case Study
  26. 26. 15 Daily Newspapers 50 Web Sites 62 MM unique users per monthOver 1 Billion page views per month
  27. 27. NYTimes EC2 Expansion (April 2011) Amazon EC2 Courtesy NYTimes
  28. 28. NYTimes EC2 Expansion (April 2011) Amazon EC2 Courtesy NYTimes
  29. 29. Demos & Examples
  30. 30. Example: SharePoint with On-Premises Active Directory
  31. 31. Extra Good Technical Stuff!Elastic Network Interfaces• Maintain the state of a network interface separately from the lifecycle of an instance• Enable same instance to be part of multiple subnets• Static MAC address, etc• Up to 8 ENIs depending on instance sizeMulti-IP• Relies on ENI• Up to 30 addresses per ENI• Private & Public addressesDHCP Option Sets• Specify your own domain name for instances• Specify your own DNS & NTPAnd lots more!!
  32. 32. VPC by Default
  33. 33. VPC Platforms EC2-ClassicNondefault VPC Default VPC
  34. 34. Existing Customers
  35. 35. New Customers
  36. 36. Characteristic EC2-Classic Default VPC Nondefault VPCPublic IP address Your instance receives a Your instance launched in a default Your instance doesnt receive a public IP address. subnet receives a public IP public IP address. address.Private IP address Your instance receives a Your instance receives a static Your instance receives a static private IP address from the private IP address from the address private IP address from the EC2-Classic, default VPC range of your default VPC. address range of your VPC. range each time its started.Multiple IP You can assign a single IP You can assign multiple IP You can assign multiple IPaddresses address to your instance. addresses to your instance. addresses to your instance.Elastic IP address An EIP is disassociated An EIP remains associated with An EIP remains associated with from your instance when your instance when you stop it. your instance when you stop it. you stop it.DNS hostnames DNS hostnames are DNS hostnames are enabled by DNS hostnames are disabled by enabled by default. default. default.Security group A security group can A security group can reference A security group can reference reference security groups security groups for your VPC only. security groups for your VPC only. that belong to other AWS accounts.Security group You must terminate your You can change the security group You can change the security groupassociation instance to change its of your running instance. of your running instance. security group.Security group rules You can add rules for You can add rules for inbound and You can add rules for inbound and inbound traffic only. outbound traffic. outbound traffic.Tenancy Your instance runs on You can run your instance on You can run your instance on shared hardware. shared hardware or single-tenant shared hardware or single-tenant hardware. hardware.
  37. 37. Default VPC• Create a default subnet in each Availability Zone.• Create an Internet gateway and connect it to your default VPC.• Create a main route table for your default VPC with a rule that sends all traffic destined for the Internet to the Internet gateway.• Create a default security group and associate it with your default VPC.• Create a default network access control list (ACL) and associate it with your default VPC.• Associate the default DHCP options set for your AWS account with your default VPC.
  38. 38. Next Steps• http://aws.amazon.com/vpc/• http://aws.amazon.com/free/• http://docs.aws.amazon.com/ AmazonVPC/latest/UserGuide/
  39. 39. AWS Summits Sydney | April 24 Mumbai | June 25 Delhi | June 27 Bangalore | July 5 Singapore | July 18http://amzn.to/UIdArf
  40. 40. AWS Summits Canberra | May 23 Auckland | May 30http://amzn.to/ZWjox2
  41. 41. SurveyPlease fill out the survey at the end for $25 USD in AWS Credits
  42. 42. Thank youaws.amazon.com/vpc Joseph Ziegler Technical Evangelist zieglerj@amazon.com @jiyosub

×