SlideShare a Scribd company logo

NET308_VPC Design Scenarios for Real-Life Use Cases

Amazon Web Services
Amazon Web Services

In this session, we seek to address the many real-life conditions that lead to different VPC design scenarios. We break down the reasons why customers choose to deploy a single VPC as opposed to a multi-VPC approach. We also explore the architectures that lead to customers deploying advanced VPC designs, such as shared services VPCs or multi-region transit VPCs. The session explores in detail the tools you need to support these architectures, such as AWS Direct Connect, VPC peering, VPN, AWS Identity and Access Management (IAM), and resource tagging.

1 of 26
Download to read offline
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS re:INVENT VPC Design Scenarios for Real-Life Use Cases D a v i d M u r r a y , E n t e r p r i s e S o l u t i o n s A r c h i t e c t m u r r a y d a @ a m a z o n . c o m G e n e T i n g , S o l u t i o n s A r c h i t e c t g e n e t i n g @ a m a z o n . c o m N o v e m b e r 2 8 , 2 0 1 7 N E T 3 0 8
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AGENDA • Single/Few VPC Architectures • Multi-VPC Architectures • Accounts and VPC Designs – A Marriage Made in Heaven • Global VPC Architectures • Use Cases • What Next • Scenarios – Collaborative Architectures • Where do I go to after this?
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. “Anyone who sits on top of the largest hydrogen-oxygen fueled system in the world, knowing they’re going to light the bottom, and doesn’t get a little worried, does not fully understand the situation.” John Young, Astronaut, About to embark on a life-changing adventure
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Single-VPC Architecture Image Credit NASA
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Single-VPC Architecture Account 1 Quick Setup Tight Perimeter Control Single Network Topology Single BGP Session • Complexity • Limits • Tagging • IAM • Cost Control
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Use Cases - Single VPC • Start Ups • Small Enterprises • Single Geographical Region • Developer Mindset Image Credit NASA
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Multi-VPC Architecture Image Credit NASA
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Multi-VPC Architecture Account 1 Account 2 Account 3Minimal Blast Radius Tight Limit & Cost Control Access Control Multi-Account Administration Tedious Endpoint Security Complex DNS Strategy BGP per VPC Complex Address Management
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Use Cases – Multi-VPC • Complex Enterprises • Granular Billing Requirements • Infrastructure Mindset Image Credit NASA
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. • VPC decisions usually spawn out of the account structure conversation • Account structures are usually built around the need for how granular you need control of: • Security • Billing • AWS Limits • Blast Radius • Larger enterprises tend to want granular controls around security and billing Accounts and VPCs – A Happy Marriage Image Credit NASA
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Shared Services VPC Architecture Image Credit NASA
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Typical Shared Services VPC Resources Account 1 DNSDirectory Services Security Appliances Central Repositories Reduced Cost and Overhead Centralized Management Visibility Must Design for Resilience Discipline Network Design Direct Connect
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Shared Services VPC Communications AWS Region Shared Services
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Use Cases - Shared Services VPC • Infrastructure Mindset • Resource Consolidation • Centralized Security Image Credit NASA
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Global Transit VPC Architecture Image Credit Pexel
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Transit VPC at a Glance Direct Connect Global network connectivity AWS Network Backbone More complex engineering
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Transit VPC Architecture
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Use Cases – Transit VPC • Inter-VPC Communications • Multi-Region Architectures • Third-Party Cloud Connectivity Image Credit NASA
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Where do I start? Image Credit Pexels
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. • Start With Your Business • How Complex is my business? • How many Business Units do I have? • How do we budget across the business units? • A single IT budget • Each BU controls own budget • Does each BU work on its own project or share the workload? • What are our Security/Compliance requirements? Where do I start? Image Credit Blue Origin
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. • Then look at the people? • Do we have an Infrastructure or Developer Mindset? • Who will be managing the cloud environment? • Do they have a traditional infrastructure background? • Will developers be building and running their own environment(s)? Where do I start? Image Credit NASA
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. • Finally look at the technical requirements • Do we require Hybrid connectivity to on premise? • Do we need a multi region architecture ? • How comfortable are we with using native cloud based security to control access between workloads? • Do we have requirements for expensive vendor equipment? Where do I start? Image Credit Pexels
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. What Next Image Credit NASA
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Break into teams … Image Credit NASA
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. • SID331: Architecting Security and Governance Across a Multi-Account Strategy (Session) • SID335: Implementing Security and Governance Across a Multi-Account Strategy (Chalk Talk) • ENT324: Automating and Auditing Cloud Governance and Compliance in Multi-Account Environments (Session) • SID311: Designing Security and Governance Across a Multi-Account Strategy (Workshop) • SID308: Multi-Account Strategies (Chalk Talk) Take one giant step … to these sessions Image Credit NASA
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Thank you!

Recommended

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a serviceAmazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 

Recommended

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a serviceAmazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWSAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising EssentialsAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 
Come costruire un'architettura Serverless nel Cloud AWS
Come costruire un'architettura Serverless nel Cloud AWSCome costruire un'architettura Serverless nel Cloud AWS
Come costruire un'architettura Serverless nel Cloud AWSAmazon Web Services
 
AWS Serverless per startup: come innovare senza preoccuparsi dei server
AWS Serverless per startup: come innovare senza preoccuparsi dei serverAWS Serverless per startup: come innovare senza preoccuparsi dei server
AWS Serverless per startup: come innovare senza preoccuparsi dei serverAmazon Web Services
 
Crea dashboard interattive con Amazon QuickSight
Crea dashboard interattive con Amazon QuickSightCrea dashboard interattive con Amazon QuickSight
Crea dashboard interattive con Amazon QuickSightAmazon Web Services
 
Costruisci modelli di Machine Learning con Amazon SageMaker Autopilot
Costruisci modelli di Machine Learning con Amazon SageMaker AutopilotCostruisci modelli di Machine Learning con Amazon SageMaker Autopilot
Costruisci modelli di Machine Learning con Amazon SageMaker AutopilotAmazon Web Services
 
Migra le tue file shares in cloud con FSx for Windows
Migra le tue file shares in cloud con FSx for Windows Migra le tue file shares in cloud con FSx for Windows
Migra le tue file shares in cloud con FSx for Windows Amazon Web Services
 
La tua organizzazione è pronta per adottare una strategia di cloud ibrido?
La tua organizzazione è pronta per adottare una strategia di cloud ibrido?La tua organizzazione è pronta per adottare una strategia di cloud ibrido?
La tua organizzazione è pronta per adottare una strategia di cloud ibrido?Amazon Web Services
 
Protect your applications from DDoS/BOT & Advanced Attacks
Protect your applications from DDoS/BOT & Advanced AttacksProtect your applications from DDoS/BOT & Advanced Attacks
Protect your applications from DDoS/BOT & Advanced AttacksAmazon Web Services
 
Track 6 Session 6_ 透過 AWS AI 服務模擬、部署機器人於產業之應用
Track 6 Session 6_ 透過 AWS AI 服務模擬、部署機器人於產業之應用Track 6 Session 6_ 透過 AWS AI 服務模擬、部署機器人於產業之應用
Track 6 Session 6_ 透過 AWS AI 服務模擬、部署機器人於產業之應用Amazon Web Services
 

More Related Content

More from Amazon Web Services

Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 
Come costruire un'architettura Serverless nel Cloud AWS
Come costruire un'architettura Serverless nel Cloud AWSCome costruire un'architettura Serverless nel Cloud AWS
Come costruire un'architettura Serverless nel Cloud AWSAmazon Web Services
 
AWS Serverless per startup: come innovare senza preoccuparsi dei server
AWS Serverless per startup: come innovare senza preoccuparsi dei serverAWS Serverless per startup: come innovare senza preoccuparsi dei server
AWS Serverless per startup: come innovare senza preoccuparsi dei serverAmazon Web Services
 
Crea dashboard interattive con Amazon QuickSight
Crea dashboard interattive con Amazon QuickSightCrea dashboard interattive con Amazon QuickSight
Crea dashboard interattive con Amazon QuickSightAmazon Web Services
 
Costruisci modelli di Machine Learning con Amazon SageMaker Autopilot
Costruisci modelli di Machine Learning con Amazon SageMaker AutopilotCostruisci modelli di Machine Learning con Amazon SageMaker Autopilot
Costruisci modelli di Machine Learning con Amazon SageMaker AutopilotAmazon Web Services
 
Migra le tue file shares in cloud con FSx for Windows
Migra le tue file shares in cloud con FSx for Windows Migra le tue file shares in cloud con FSx for Windows
Migra le tue file shares in cloud con FSx for Windows Amazon Web Services
 
La tua organizzazione è pronta per adottare una strategia di cloud ibrido?
La tua organizzazione è pronta per adottare una strategia di cloud ibrido?La tua organizzazione è pronta per adottare una strategia di cloud ibrido?
La tua organizzazione è pronta per adottare una strategia di cloud ibrido?Amazon Web Services
 
Protect your applications from DDoS/BOT & Advanced Attacks
Protect your applications from DDoS/BOT & Advanced AttacksProtect your applications from DDoS/BOT & Advanced Attacks
Protect your applications from DDoS/BOT & Advanced AttacksAmazon Web Services
 
Track 6 Session 6_ 透過 AWS AI 服務模擬、部署機器人於產業之應用
Track 6 Session 6_ 透過 AWS AI 服務模擬、部署機器人於產業之應用Track 6 Session 6_ 透過 AWS AI 服務模擬、部署機器人於產業之應用
Track 6 Session 6_ 透過 AWS AI 服務模擬、部署機器人於產業之應用Amazon Web Services
 

More from Amazon Web Services (20)

Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 
Come costruire un'architettura Serverless nel Cloud AWS
Come costruire un'architettura Serverless nel Cloud AWSCome costruire un'architettura Serverless nel Cloud AWS
Come costruire un'architettura Serverless nel Cloud AWS
 
AWS Serverless per startup: come innovare senza preoccuparsi dei server
AWS Serverless per startup: come innovare senza preoccuparsi dei serverAWS Serverless per startup: come innovare senza preoccuparsi dei server
AWS Serverless per startup: come innovare senza preoccuparsi dei server
 
Crea dashboard interattive con Amazon QuickSight
Crea dashboard interattive con Amazon QuickSightCrea dashboard interattive con Amazon QuickSight
Crea dashboard interattive con Amazon QuickSight
 
Costruisci modelli di Machine Learning con Amazon SageMaker Autopilot
Costruisci modelli di Machine Learning con Amazon SageMaker AutopilotCostruisci modelli di Machine Learning con Amazon SageMaker Autopilot
Costruisci modelli di Machine Learning con Amazon SageMaker Autopilot
 
Migra le tue file shares in cloud con FSx for Windows
Migra le tue file shares in cloud con FSx for Windows Migra le tue file shares in cloud con FSx for Windows
Migra le tue file shares in cloud con FSx for Windows
 
La tua organizzazione è pronta per adottare una strategia di cloud ibrido?
La tua organizzazione è pronta per adottare una strategia di cloud ibrido?La tua organizzazione è pronta per adottare una strategia di cloud ibrido?
La tua organizzazione è pronta per adottare una strategia di cloud ibrido?
 
Protect your applications from DDoS/BOT & Advanced Attacks
Protect your applications from DDoS/BOT & Advanced AttacksProtect your applications from DDoS/BOT & Advanced Attacks
Protect your applications from DDoS/BOT & Advanced Attacks
 
Track 6 Session 6_ 透過 AWS AI 服務模擬、部署機器人於產業之應用
Track 6 Session 6_ 透過 AWS AI 服務模擬、部署機器人於產業之應用Track 6 Session 6_ 透過 AWS AI 服務模擬、部署機器人於產業之應用
Track 6 Session 6_ 透過 AWS AI 服務模擬、部署機器人於產業之應用
 

NET308_VPC Design Scenarios for Real-Life Use Cases

  • 1. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS re:INVENT VPC Design Scenarios for Real-Life Use Cases D a v i d M u r r a y , E n t e r p r i s e S o l u t i o n s A r c h i t e c t m u r r a y d a @ a m a z o n . c o m G e n e T i n g , S o l u t i o n s A r c h i t e c t g e n e t i n g @ a m a z o n . c o m N o v e m b e r 2 8 , 2 0 1 7 N E T 3 0 8
  • 2. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AGENDA • Single/Few VPC Architectures • Multi-VPC Architectures • Accounts and VPC Designs – A Marriage Made in Heaven • Global VPC Architectures • Use Cases • What Next • Scenarios – Collaborative Architectures • Where do I go to after this?
  • 3. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. “Anyone who sits on top of the largest hydrogen-oxygen fueled system in the world, knowing they’re going to light the bottom, and doesn’t get a little worried, does not fully understand the situation.” John Young, Astronaut, About to embark on a life-changing adventure
  • 4. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Single-VPC Architecture Image Credit NASA
  • 5. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Single-VPC Architecture Account 1 Quick Setup Tight Perimeter Control Single Network Topology Single BGP Session • Complexity • Limits • Tagging • IAM • Cost Control
  • 6. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Use Cases - Single VPC • Start Ups • Small Enterprises • Single Geographical Region • Developer Mindset Image Credit NASA
  • 7. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Multi-VPC Architecture Image Credit NASA
  • 8. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Multi-VPC Architecture Account 1 Account 2 Account 3Minimal Blast Radius Tight Limit & Cost Control Access Control Multi-Account Administration Tedious Endpoint Security Complex DNS Strategy BGP per VPC Complex Address Management
  • 9. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Use Cases – Multi-VPC • Complex Enterprises • Granular Billing Requirements • Infrastructure Mindset Image Credit NASA
  • 10. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. • VPC decisions usually spawn out of the account structure conversation • Account structures are usually built around the need for how granular you need control of: • Security • Billing • AWS Limits • Blast Radius • Larger enterprises tend to want granular controls around security and billing Accounts and VPCs – A Happy Marriage Image Credit NASA
  • 11. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Shared Services VPC Architecture Image Credit NASA
  • 12. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Typical Shared Services VPC Resources Account 1 DNSDirectory Services Security Appliances Central Repositories Reduced Cost and Overhead Centralized Management Visibility Must Design for Resilience Discipline Network Design Direct Connect
  • 13. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Shared Services VPC Communications AWS Region Shared Services
  • 14. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Use Cases - Shared Services VPC • Infrastructure Mindset • Resource Consolidation • Centralized Security Image Credit NASA
  • 15. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Global Transit VPC Architecture Image Credit Pexel
  • 16. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Transit VPC at a Glance Direct Connect Global network connectivity AWS Network Backbone More complex engineering
  • 17. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Transit VPC Architecture
  • 18. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Use Cases – Transit VPC • Inter-VPC Communications • Multi-Region Architectures • Third-Party Cloud Connectivity Image Credit NASA
  • 19. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Where do I start? Image Credit Pexels
  • 20. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. • Start With Your Business • How Complex is my business? • How many Business Units do I have? • How do we budget across the business units? • A single IT budget • Each BU controls own budget • Does each BU work on its own project or share the workload? • What are our Security/Compliance requirements? Where do I start? Image Credit Blue Origin
  • 21. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. • Then look at the people? • Do we have an Infrastructure or Developer Mindset? • Who will be managing the cloud environment? • Do they have a traditional infrastructure background? • Will developers be building and running their own environment(s)? Where do I start? Image Credit NASA
  • 22. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. • Finally look at the technical requirements • Do we require Hybrid connectivity to on premise? • Do we need a multi region architecture ? • How comfortable are we with using native cloud based security to control access between workloads? • Do we have requirements for expensive vendor equipment? Where do I start? Image Credit Pexels
  • 23. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. What Next Image Credit NASA
  • 24. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Break into teams … Image Credit NASA
  • 25. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. • SID331: Architecting Security and Governance Across a Multi-Account Strategy (Session) • SID335: Implementing Security and Governance Across a Multi-Account Strategy (Chalk Talk) • ENT324: Automating and Auditing Cloud Governance and Compliance in Multi-Account Environments (Session) • SID311: Designing Security and Governance Across a Multi-Account Strategy (Workshop) • SID308: Multi-Account Strategies (Chalk Talk) Take one giant step … to these sessions Image Credit NASA
  • 26. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Thank you!