AWS Summit 2013 | Singapore - Extending your Datacenter with Amazon VPC

1,337 views

Published on

As more organizations seek to leverage the power and benefits of the cloud, they also need to combine new systems with exiting on-premises systems. Services such as Virtual Private Cloud, VPN and DirectConnect enable AWS customers to combine on-premises and cloud-based resources easily and effectively. This session will walk customers through the 4 main patterns of connectivity and will include a ""real time"" demonstration of how easy it is to setup your own VPC and start working in your own private section of the AWS Cloud.

Published in: Technology
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,337
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
0
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

AWS Summit 2013 | Singapore - Extending your Datacenter with Amazon VPC

  1. 1. Mark Statham Solution Architect ASEAN, AWS July 18, 2013 @markstatham Extending your Data Centre with VPC
  2. 2. Agenda • Why? • What? • How Much? • Customer Examples • “Goodies” in VPC
  3. 3. WHY?
  4. 4. Capacity Power Elasticity Agility
  5. 5. WHAT?
  6. 6. VPC Overview • Bring your own network Your network goes here
  7. 7. VPC Overview • Bring your own network • Create your own subnets Subnet 1 Subnet 2 Subnet ‘n’ …
  8. 8. VPC Overview • Control instance placement Availability Zone ‘A’ Availability Zone ‘B’
  9. 9. VPC Overview • Control instance placement and traffic – Security Groups & NACLs Availability Zone ‘A’ Availability Zone ‘B’
  10. 10. VPC Overview • Control instance placement and traffic – Security Groups & NACLs – Routing Rules Availability Zone ‘A’ Availability Zone ‘B’
  11. 11. VPC Overview • VPC Gateways – Virtual Private Gateway – Internet Gateway Customer Network
  12. 12. VPC Overview • Virtual Private Gateway – IPSEC VPN Customer Network
  13. 13. VPC Overview • Virtual Private Gateway – Dynamic Routing (Route-based VPN) – Static Routing (Policy-based VPN) Customer Network
  14. 14. VPC Overview • Virtual Private Gateway – IPSEC VPN – Direct Connect Customer NetworkDX Location Customer/Partner WAN
  15. 15. VPC Overview • Virtual Private Gateway • Internet Gateway Customer Network
  16. 16. VPC Overview • Connecting to Instances – Private IP – Elastic IP (publically routable) Customer Network
  17. 17. VPC Overview • Connecting to Instances – Load Balancers Customer Network
  18. 18. VPC Building Blocks Summary Virtual Private Cloud Subnets Route Tables, Security Groups, NACLs Elastic IPs and Load Balancers Virtual Private Gateway AWS Direct Connect Internet Gateway
  19. 19. VPC Connectivity Options
  20. 20. Connectivity Option #1 • Lollipop network (“DC-on-a-stick”) – Internet VPN Customer Network
  21. 21. Connectivity Option #1 • Lollipop network (“DC-on-a-stick”) – Dual Redundancy Customer Location #2 Customer Location #1
  22. 22. Connectivity Option #1 • Lollipop network (“DC-on-a-stick”) – AWS VPN CloudHub Customer Location #2 Customer Location #1
  23. 23. Connectivity Option #1 • Lollipop network (“DC-on-a-stick”) – Direct Connect Customer NetworkDX Location Customer/Partner WAN
  24. 24. Connectivity Option #2 • Hybrid Integration – Internal & Internet Access – Internet VPN Customer Network
  25. 25. Connectivity Option #2 • Hybrid Integration – Internal & Internet Access – Internet VPN – DirectConnect Customer NetworkDX Location
  26. 26. Connectivity Option #3 • Integration between VPCs – DirectConnect DX Location
  27. 27. Connectivity Option #3 • Integration between VPCs – DirectConnect – Software VPN to Hardware (VGW)
  28. 28. Connectivity Option #3 • Integration between VPCs – DirectConnect – Software VPN to Software VPN
  29. 29. Connectivity Option #4 • Remote Access Solution – Microsoft RAS – Checkpoint – OpenVPN – Sophos – Vyatta Customer Network Remote Access Server
  30. 30. Non-Standard VPN Requirements • Software VPN Appliance – Overlapping (unknown) customer network addresses – Customer MUST manage both sides of VPN Customer Network Remote Access Server
  31. 31. Nonstandard VPN Requirements • ZenOSS SaaS example – Managed monitoring service – Extend AWS into ZenOSS Customer Networks Customer “1” Shared Mgmt Network Customer “2” Customer “n” …
  32. 32. VPC Connectivity Options Summary Lollipop network or data-center-on-a-stick Hybrid integration – Internal & Internet Access Integration between Amazon VPCs Mobile/Remote access solution
  33. 33. HOW MUCH?
  34. 34. VPC $0 Hardware VPN $0.05/ Hour Inbound Data $0.00 Outbound Data (SIN) $0.19 per GB (first GB free) Direct connect 1 Gbps Port $0.30/ Hour 10 Gbps Port $2.25/ Hour Inbound Data $0.00 Outbound Data (SIN) $0.045 per GB (first GB free)
  35. 35. VPC $0 Hardware VPN $438 Direct connect 1 Gbps Port $2,628 10 Gbps Port $19,710 *Plus Outgoing data & private connection costs For A Year
  36. 36. CUSTOMER EXAMPLES
  37. 37. Lionsgate uses AWS To host SharePoint & SAP Amazon VPC Avoided data center build out Saved $1M over 3 years 50% lower cost than hosting options
  38. 38. Nasdaq used AWS to Build a New Line of Business
  39. 39. PRE-BUILT ARCHITECTURES
  40. 40. SharePoint - Intranet
  41. 41. SharePoint - Internet
  42. 42. “Goodies” in VPC
  43. 43. Goodies • Control over Ingress & Egress of data – Security Groups • Dynamic allocation of Security Groups to Instances • Elastic Network Interfaces – up to 8 depending on instance • DNS Resolution – Default or use your own • ElastiCache in VPC (joining RDS, EMR, ElasticBeanstalk, Redshift, OpsWorks, etc) • RDS IP Addresses - option to have RDS publically accessible
  44. 44. Flexible Agile Cost Effective Integrated
  45. 45. ARCHITECTURE CENTER http://aws.amazon.com/architecture TECHNICAL ARTICLES http://aws.amazon.com/articles PODCAST http://aws.amazon.com/podcast BLOG http://aws.typepad.com
  46. 46. Technical Track

×