This document discusses extending your data center into AWS. It provides examples of using Amazon VPC to isolate projects, expand existing systems securely into the cloud without public exposure, and expose systems to the public while hosted in the cloud. It also discusses using VPC for branch office access. The document outlines models for isolated projects, expanding existing systems into the cloud without public access, and expanding systems into the cloud with public internet access. It introduces AWS Virtual Private Cloud and describes some of its networking capabilities. Finally, it provides examples of companies using EC2 and discusses strategies for migrating applications to the cloud.
10. Models of Data Centre Extension
Isolated project
Expand existing systems into the cloud – no public
exposure
Expose systems to the public - hosted in the cloud
Branch office access
11. Isolated Project
! Dev/Test. Corporate
Users
! Proof of Concept.
! “Fail Fast” projects.
! Time bound/ephemeral. Router & Firewall
! No need for internal system access of
resources.
AWS
12. Expanding Existing Systems Into The Cloud
! Leverage additional processing nodes. Corporate
! Host entire stack in the cloud with secure data centre Corporate
Users
LAN/WAN access.
• E.g. Sharepoint, CMS, CRM, etc
! Dev/Test. Router & Firewall
! Disaster Recovery.
! Big Data analysis. VPN Connection
! Use existing management tools.
! No Internet access to systems.
AWS
13. Expanding Systems Into The Cloud, with
Public Internet Access
! Enable access by customers/partners to Corporate
systems.
data centre Corporate
Users
! Enable internal systems to be involved
and accessed by applications. Router & Firewall
! Secure segregation of components and
network access. VPN Connection
Customers/
Partners
AWS
14. Branch Office Access
Branch Office Users
! Enabling remote users & offices Router & Firewall
to have secure access to
VPN Connection
resources.
! Centralised systems with
minimal infrastructure. AWS
VPN Connection VPN Connection
Router & Firewall Router & Firewall
Branch Office Users Branch Office Users
16. Introducing AWS Virtual Private Cloud
! User-defined virtual IP networking for EC2
! Private or mixed private/public addressing and
secured ingress/egress
! Re-use of proven and well-understood
networking concepts and technologies
17. Corporate
Data Center
Availability Zone 1
DirectConnect
Location
10G
Private Subnet
Router
Customer VPN Gateway
Gateway
(BGP/NoBGP)
Corporate
Headquarters
Internet Public Subnet
Gateway
Amazon VPC
Availability Zone 2
Branch Offices
S3 SQS/SNS/SES SWF Elastic SimpleDB DynamoDB
New Enterprise IT Beanstalk
AWS Region
Network Architecture
18. VPC Capabilities in a Nutshell
! User-defined address space up to /16
• 65,534 addresses
! Up to 20* user-defined subnets up to /16
! User-defined:
• Virtual routing, DHCP servers, and NAT instances
• Internet gateways, ACLs, ingress/egress security groups and VPN
tunnels
! Private IPs stable once assigned
! Elastic Network Interfaces
19. Internet
VPC customers can launch instances in their own isolated network
10.134.2.3
10.1.2.3 10.218.5.17
10.27.45.16
10.243.3.5
10.8.55.5 10.141.9.8
10.99.42.97 10.155.6.7
10.131.7.28
10.6.78.201 Zone a10.16.22.33
Availability Availability Zone b
Customer 1 Customer 2 Customer 3 VPC Customer
20. Internet
VPCcan assign your launch instancesthetheir own isolated network
You customers can own IP range to in VPC network
10.0.1.5 10.0.1.6
10.0.0.5
10.0.0.6 10.0.1.8
10.0.3.5
10.0.1.25
10.0.3.17
Availability Zone a Availability Zone b
VPC Customer
21. Rich Capabilities in VPC
! Elastic Load Balancer, AutoScaling, CloudWatch, Alarms
! Relational Database
! Elastic MapReduce
! CloudFormation
! Cluster Compute
! And many others, with more to come…
22. VPN Connectivity Options
! Hardware VPN - $0.05 per VPN Connection
Hour
• $36 per month.
• Cisco, Juniper, Yamaha, Astaro, Fortinet, Vyatta,etc
(even Windows 2008 R2 instance)
Internet
! Now supports both BPG & static-routing
! Setup via the console
! Runs two VPN tunnels by default from your
router to cater for routine maintenance
! Up to 10 VPNs per VPC
23. DirectConnect: Private X-Connect to AWS
! Dedicated bandwidth to AWS border
network in 1Gbps or 10Gbps chunks.
! Full access to public endpoints, EC2 Internet
standard & VPCs.
• VLAN tagging maps to public side or VPCs
! Benefits:
• Faster / more consistent throughput
• Increased isolation and control
! Great companion technology to VPC.
24. Dedicated Instances
! Option to ensure physical hosts are not
shared with other customers Single Tenant
Compute Instance
! $10/hr flat fee per Region + small hourly
charge
! Can identify specific Instances as
dedicated
! Optionally configure entire VPC as
dedicated
25. 15 Daily Newspapers
50 Web Sites
62 MM unique users per month
Over 1 Billion page views per month
36. Extra Good Technical Stuff!
! Elastic Network Interfaces
• Maintain the state of a network interface separately from the lifecycle of an
instance
• Enable same instance to be part of multiple subnets
• Static MAC address, etc
• Up to 8 ENIs depending on instance size
! Multi-IP
• Relies on ENI
• Up to 30 addresses per ENI
• Private & Public addresses
! DHCP Option Sets
• Specify your own domain name for instances
• Specify your own DNS & NTP
! And lots more!!
37. Migrating to the Cloud
Cloud
New
Build a Benefits
Cloud-Ready
applications
Design Zero upfront investment
Cloud On-demand provisioning
Strategy “No-brainer to Instant scalability
move” Apps
Existing Auto scaling and elasticity
Applications
Planned Pay as you go
Phased Removes undifferentiated
Migration heavy lifting
Developer productivity
Automation
38. “No-brainer to move” Apps
• Dev/Test applications
• Self-contained Web Applications
• Social Media Product Marketing
Campaigns
• Customer Training Sites
• Video Portals (Transcoding and
Hosting)
• Pre-sales Demo Portal
• Software Downloads
• Trial Applications
39. Cloud Migration : a Phased-driven
Strategy Whitepaper
http://aws.amazon.com/whitepapers
40. A Bridge to the IT Capabilities
Your Business Needs