Solved

Cloud Apps, VPN and security

Posted on 2011-02-14
3
257 Views
Last Modified: 2013-02-18
Hello everyone,

I'm currently taking a look at cloud computing and cloud databases. In my project I'd like to use VPN (ie. Amazon VPC) to increase the security.

In fact, the setup will be 2 folded:

a) a VPN side which will permit my in-house computers to connect to a cloud and handle Cloud DBs and Cloud Apps.
b) some user in the internet must be able to connect to Cloud Apps to receive some real time data send from my in-house computers through the VPN to the cloud apps which will relay to an application than runs on a customer machine.

The cloud app must have one leg in the VPC and another with public accessible. Image one server with 2 network cards, one mapped to a company VPN, the other one mapped to the office LAN.

My questions:

1) Is it possible to create cloud VPNs which have a public and a private part?
2) Is it necessary to create a bridge between the public and the VPN part of the cloud?

Thanks for your help :)
0
Comment
Question by:SMaton
  • 2
3 Comments
 
LVL 33

Accepted Solution

by:
shalomc earned 500 total points
ID: 35065040
Amazon VPC is by definition an extension of your private network. You provide the address space and the dhcp service, and it may be incompatible with the rest of EC2.
Therefore, because of security and address incompatibility, once you have a server running in a VPC, this server can be accessed in two modes.
All servers in the same VPC can access each other without any special definitions.
Any other resources who need your VPC server must be routed there thru the VPN by you.
That sounds trivial until you realize that a public EC2 instance that may run side by side in the same cabinet with your VPC instance, has 0 access to your VPC instance. It must traverse thru your organizational firewall and back to the VPC via the VPN connection.

Therefore, you must treat VPC just like another segment on your enterprise network. All access to it must pass your firewall. If you want it to be publicly accessible - you must NAT it or do some other routing voodoo.
0
 

Author Closing Comment

by:SMaton
ID: 38896623
Closed this a little bit late... sorry :)
0
 
LVL 33

Expert Comment

by:shalomc
ID: 38901152
thats ok.

Things have changed a bit since 2011. Today VPC has a feature called "Internet gateway" that allows a server in VPC to connect directly to the internet.

http://aws.amazon.com/vpc/faqs/#C2
0

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
Is your company's data protection keeping pace with virtualization? Here are 7 dynamic ways to adapt to rapid breakthroughs in technology.
This Micro Tutorial will explain how to export DynamoDB tables in Amazon Web Services.
Need to grow your business through quality cloud solutions? With everything required to build a cloud platform and solution, you may feel like the distance between you and the cloud is quite long. Help is here. Spend some time learning about the Con…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now