Your SlideShare is downloading. ×
0
AWS$201$
Using$Amazon$Virtual$Private$Cloud$
(VPC)$
Markku$Lepistö$B$Technology$Evangelist$
@markkulepisto$
Housekeeping
•  Presentation ~40mins
•  Post Questions Online
•  Q&A at the end using the online chat
•  Reminder – Fill i...
What is Hybrid IT?
Hybrid IT: A Definition
$
$
$
$
$
hIp://www.gartner.com/technology/research/technicalBprofessionals/hybridBcloud.jsp$
“Hyb...
$
$
$
$
$
hIp://www.gartner.com/technology/research/technicalBprofessionals/hybridBcloud.jsp$
“Hybrid IT is the result of ...
Build$ Deliver$
Hybrid IT: A Definition
Services( Business(
Outcomes(
Solu1ons(
AWS Service Building Blocks
Services: AWS Platform
AWS Global Infrastructure
Application Services
Networking
Deployment & Administration
DatabaseStora...
Our “Hybrid” Focus
Cloud AppsOn-Premise Apps
Private Connections
Workload Migrations
Access Control Integration
Work with ...
Tools to Support Hybrid IT Architectures
VM Import/Export
VPC Network
IAM Policies
Virtual Images
On-Premise Apps
Private ...
Services: Networking: VPC
Compute$ Storage$
AWS$Global$Infrastructure$
Database$
App$Services$
Deployment$&$AdministraVon$...
Compute$ Storage$
AWS$Global$Infrastructure$
Database$
App$Services$
Deployment$&$AdministraVon$
Networking$
Services: Net...
Integrate your network with Amazon VPC
•  Connect via standard IPSEC Internet VPN tunnels, or
•  Private link to AWS Direc...
Demo step 1
Create a new VPC in Singapore
VPN
Tunnels$
Office VPN
Gateway$
Workstation
VPC Configuration - Singapore
•  VPC CIDR Network: 10.100.0.0/16
•  VPC Subne...
Demo starts
You can create multi-tier architectures
VPC A - 10.0.0.0/16
AvailabilityZoneA
10.0.1.0/24
10.0.2.0/24
10.0.3.0/24
EC2(
10....
Firewall every single compute instance
VPC A - 10.0.0.0/16
AvailabilityZoneA
10.0.1.0/24
10.0.2.0/24
10.0.3.0/24
EC2(
10.0...
Enable Network Access Control on every subnet
VPC A - 10.0.0.0/16
AvailabilityZoneA
10.0.1.0/24
10.0.2.0/24
10.0.3.0/24
EC...
Control every Internet connection
VPC A - 10.0.0.0/16
AvailabilityZoneA
10.0.1.0/24
10.0.2.0/24
EC2(
10.0.3.0/24
EC2(
10.0...
Connect in private to your existing datacenters
VPC A - 10.0.0.0/16
AvailabilityZoneA
10.0.1.0/24
10.0.2.0/24
EC2(
10.0.3....
You can route to the Internet using your gateway
VPC A - 10.0.0.0/16
AvailabilityZoneA
10.0.1.0/24
10.0.2.0/24
EC2(
10.0.3...
Common Hybrid Workloads
Disaster Recovery
Application
Server$
Virtual
Server$
File
Server$
Database
Server$
Backup
Server$
Cloud on standby DR set...
Disaster Recovery
Amazon S3$
Application
Server$
Virtual
Server$
File
Server$
Database
Server$
Cloud on standby DR invocat...
App A$
App B$ App C$
Development and Test
Development VPC$ Test VPC$
Corporate Network
App A$
App B$ App C$
AWS Elastic Be...
Development and Test
Development VPC$
Corporate Network
App A$
App B$ App C$
AWS Elastic Beanstalk$
AWS Opsworks$
AWS Clou...
Corporate Network
Proof Of Concept – Big Data Analytics
Deploy Proof Of Concept environments
•  Test new products or new v...
Demo step 2 –
Create IPSEC VPN tunnels between
the VPC and our Office,
Deploy a CMS within the VPC
Drupal
Server$
Availability Zone A Availability Zone B
Router /
VPN GW$
Workstation
Our Office - Tokyo$
Our VPC
Singapore$
Demo continues
Thank$you$
Markku$Lepistö$B$Technology$Evangelist$
@markkulepisto$
Your$feedback$is$important$
Let’s$have$a$Poll!$
Let$us$know$what$you$want$to$see$next$
Your$feedback$is$important$
Please$complete$the$
Survey!$
What’s$good,$what’s$not$
What$you$want$to$see$at$these$events$
W...
Q&A
Upcoming SlideShare
Loading in...5
×

Webinar AWS 201 - Using Amazon Virtual Private Cloud (VPC)

1,316

Published on

Webinar AWS 201 - Using Amazon Virtual Private Cloud (VPC)

Published in: Technology
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,316
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
138
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

Transcript of "Webinar AWS 201 - Using Amazon Virtual Private Cloud (VPC)"

  1. 1. AWS$201$ Using$Amazon$Virtual$Private$Cloud$ (VPC)$ Markku$Lepistö$B$Technology$Evangelist$ @markkulepisto$
  2. 2. Housekeeping •  Presentation ~40mins •  Post Questions Online •  Q&A at the end using the online chat •  Reminder – Fill in the survey!
  3. 3. What is Hybrid IT?
  4. 4. Hybrid IT: A Definition $ $ $ $ $ hIp://www.gartner.com/technology/research/technicalBprofessionals/hybridBcloud.jsp$ “Hybrid IT is the result of combining internal and external services, usually from a combination of internal and public clouds, in support of a business outcome.”
  5. 5. $ $ $ $ $ hIp://www.gartner.com/technology/research/technicalBprofessionals/hybridBcloud.jsp$ “Hybrid IT is the result of combining internal and external services, usually from a combination of internal and public clouds, in support of a business outcome.” Hybrid IT: A Definition
  6. 6. Build$ Deliver$ Hybrid IT: A Definition Services( Business( Outcomes( Solu1ons(
  7. 7. AWS Service Building Blocks
  8. 8. Services: AWS Platform AWS Global Infrastructure Application Services Networking Deployment & Administration DatabaseStorageCompute
  9. 9. Our “Hybrid” Focus Cloud AppsOn-Premise Apps Private Connections Workload Migrations Access Control Integration Work with Existing Management Tools Your Data Centers
  10. 10. Tools to Support Hybrid IT Architectures VM Import/Export VPC Network IAM Policies Virtual Images On-Premise Apps Private Network Your Data Centers VPC Corporate Directory Your Cloud Apps Your Data Our Storage
  11. 11. Services: Networking: VPC Compute$ Storage$ AWS$Global$Infrastructure$ Database$ App$Services$ Deployment$&$AdministraVon$ Networking$ Extend your data center with Amazon VPC
  12. 12. Compute$ Storage$ AWS$Global$Infrastructure$ Database$ App$Services$ Deployment$&$AdministraVon$ Networking$ Services: Networking: VPC Extend your data center with Amazon VPC •  Create logically isolated section of AWS Cloud using your own network address space •  Complete control over your virtual networking environment including creation of subnets, IP addressing, routing tables and network gateways •  Create private or public subnets in multiple Availability Zones •  You choose where to deploy EC2 instances •  You manage network security at subnet level using NACLs •  You manage EC2 Instance Security Groups, providing stateful network firewall per instance 10.100.0.0/16(Application Server$ Availability Zone BAvailability Zone A 10.100.2.0/23$10.100.0.0/23$
  13. 13. Integrate your network with Amazon VPC •  Connect via standard IPSEC Internet VPN tunnels, or •  Private link to AWS Direct Connect peering location, or a combination of both •  Connection port speeds from 50M to 10G, you choose the connection speed you want •  Connect multiple VPCs using industry standard VLANs and layer 3 routing protocols •  Integrate your network to your private VPC resources •  Deploy your own network equipment into Direct Connect peering location, e.g. WAN Optimization Devices Compute$ Storage$ AWS$Global$Infrastructure$ Database$ App$Services$ Deployment$&$AdministraVon$ Networking$ Customer VPC Internet VPN Connection$ Customer IPSEC Router/Firewall$ Customer Direct Connect Router$ Private$Direct$ Connect Customer Corporate Network Services: Networking: VPN & Direct Connect
  14. 14. Demo step 1 Create a new VPC in Singapore
  15. 15. VPN Tunnels$ Office VPN Gateway$ Workstation VPC Configuration - Singapore •  VPC CIDR Network: 10.100.0.0/16 •  VPC Subnet 1: 10.100.0.0/23 •  VPC Subnet 2: 10.100.2.0/23 •  VPN Type: Dynamic BGP Office Configuration - Tokyo •  Corporate Network: 10.96.0.0/16 •  Office Network: 10.96.24.0/21 •  VPN Gateway: 54.178.135.26 (public IP) Our First Virtual Private Cloud Availability Zone BAvailability Zone A
  16. 16. Demo starts
  17. 17. You can create multi-tier architectures VPC A - 10.0.0.0/16 AvailabilityZoneA 10.0.1.0/24 10.0.2.0/24 10.0.3.0/24 EC2( 10.0.5.0/24 Bas1on( 10.0.4.0/24 EC2(App( Log( EC2(Web( Load( balancing(
  18. 18. Firewall every single compute instance VPC A - 10.0.0.0/16 AvailabilityZoneA 10.0.1.0/24 10.0.2.0/24 10.0.3.0/24 EC2( 10.0.5.0/24 Bas1on( 10.0.4.0/24 EC2(App( “Web servers will accept Port 80 from load balancers” “App servers will accept Port 8080 from web servers” “Allow SSH access only from Bastion hosts” Log( EC2(Web( Load( balancing(
  19. 19. Enable Network Access Control on every subnet VPC A - 10.0.0.0/16 AvailabilityZoneA 10.0.1.0/24 10.0.2.0/24 10.0.3.0/24 EC2( 10.0.5.0/24 Bas1on( 10.0.4.0/24 EC2(App( Log( EC2(Web( “Deny all traffic between the web server subnet and the database server subnet” Load( balancing(
  20. 20. Control every Internet connection VPC A - 10.0.0.0/16 AvailabilityZoneA 10.0.1.0/24 10.0.2.0/24 EC2( 10.0.3.0/24 EC2( 10.0.4.0/24 EC2(App( EC2(Web(EC2(Web(EC2(EC2(Web( Internet$Gateway$ Control(Internet(rou1ng( •  Create$Public$subnets$and$ Private$subnets$ •  Create(Internet(Gateways(or$ NAT(instances(for$controlling$ internetBfacing$traffic$ •  Allocate$Elas1c(IP(addresses( •  Implement$DMZ$ architectures$as$per$normal$ best$pracVces$ Load( balancing(
  21. 21. Connect in private to your existing datacenters VPC A - 10.0.0.0/16 AvailabilityZoneA 10.0.1.0/24 10.0.2.0/24 EC2( 10.0.3.0/24 EC2( 10.0.4.0/24 EC2(App( EC2(Web(EC2(Web(EC2(EC2(Web( Use Internet VPNs or use AWS Direct Connect Your(office(/(DC( Load( balancing(
  22. 22. You can route to the Internet using your gateway VPC A - 10.0.0.0/16 AvailabilityZoneA 10.0.1.0/24 10.0.2.0/24 EC2( 10.0.3.0/24 EC2( 10.0.4.0/24 EC2(App( EC2(Web(EC2(Web(EC2(EC2(Web( Use Internet VPNs or use AWS Direct Connect Load( balancing( Your(office(/(DC(
  23. 23. Common Hybrid Workloads
  24. 24. Disaster Recovery Application Server$ Virtual Server$ File Server$ Database Server$ Backup Server$ Cloud on standby DR setup •  Eliminate need for DR data center •  Reduce capital expense for duplicate infrastructure •  Pay for only what you use •  Real-time, secure, database replication from on-premise to down-sized database server running on AWS •  Application backups and virtual server images stored on S3 •  Storage appliance volume data preserved on S3 as snapshot Amazon S3$ Database Server$
  25. 25. Disaster Recovery Amazon S3$ Application Server$ Virtual Server$ File Server$ Database Server$ Cloud on standby DR invocation •  AWS services available within minutes •  Pay only for services used during DR failover •  Ability to test DR by replicating entire environment in another VPC with same configuration •  Amazon EC2 instances created, data restored from backup •  Database server resized to production requirements •  Storage appliances started on EC2 •  File server data preserved on S3 as image snapshot •  Virtual Servers restored via VMimport process Users
  26. 26. App A$ App B$ App C$ Development and Test Development VPC$ Test VPC$ Corporate Network App A$ App B$ App C$ AWS Elastic Beanstalk$ AWS Opsworks$ AWS CloudFormation$
  27. 27. Development and Test Development VPC$ Corporate Network App A$ App B$ App C$ AWS Elastic Beanstalk$ AWS Opsworks$ AWS CloudFormation$ Archive to Amazon S3$
  28. 28. Corporate Network Proof Of Concept – Big Data Analytics Deploy Proof Of Concept environments •  Test new products or new version of existing products •  Create POC environments in isolated VPCs •  Alleviate need for capital investments •  Deploy with pre-defined templates •  Leverage AWS Marketplace for range of different solutions, pay by the hour for enterprise software BI Analytics Platform$ Amazon S3$ AWS Redshift$ Amazon EMR$
  29. 29. Demo step 2 – Create IPSEC VPN tunnels between the VPC and our Office, Deploy a CMS within the VPC
  30. 30. Drupal Server$ Availability Zone A Availability Zone B Router / VPN GW$ Workstation Our Office - Tokyo$ Our VPC Singapore$
  31. 31. Demo continues
  32. 32. Thank$you$ Markku$Lepistö$B$Technology$Evangelist$ @markkulepisto$
  33. 33. Your$feedback$is$important$ Let’s$have$a$Poll!$ Let$us$know$what$you$want$to$see$next$
  34. 34. Your$feedback$is$important$ Please$complete$the$ Survey!$ What’s$good,$what’s$not$ What$you$want$to$see$at$these$events$ What$you$want$AWS$to$deliver$for$you$
  35. 35. Q&A
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×