Solved

Cloud Apps, VPN and security

Posted on 2011-02-14
3
262 Views
Last Modified: 2013-02-18
Hello everyone,

I'm currently taking a look at cloud computing and cloud databases. In my project I'd like to use VPN (ie. Amazon VPC) to increase the security.

In fact, the setup will be 2 folded:

a) a VPN side which will permit my in-house computers to connect to a cloud and handle Cloud DBs and Cloud Apps.
b) some user in the internet must be able to connect to Cloud Apps to receive some real time data send from my in-house computers through the VPN to the cloud apps which will relay to an application than runs on a customer machine.

The cloud app must have one leg in the VPC and another with public accessible. Image one server with 2 network cards, one mapped to a company VPN, the other one mapped to the office LAN.

My questions:

1) Is it possible to create cloud VPNs which have a public and a private part?
2) Is it necessary to create a bridge between the public and the VPN part of the cloud?

Thanks for your help :)
0
Comment
Question by:SMaton
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 33

Accepted Solution

by:
shalomc earned 500 total points
ID: 35065040
Amazon VPC is by definition an extension of your private network. You provide the address space and the dhcp service, and it may be incompatible with the rest of EC2.
Therefore, because of security and address incompatibility, once you have a server running in a VPC, this server can be accessed in two modes.
All servers in the same VPC can access each other without any special definitions.
Any other resources who need your VPC server must be routed there thru the VPN by you.
That sounds trivial until you realize that a public EC2 instance that may run side by side in the same cabinet with your VPC instance, has 0 access to your VPC instance. It must traverse thru your organizational firewall and back to the VPC via the VPN connection.

Therefore, you must treat VPC just like another segment on your enterprise network. All access to it must pass your firewall. If you want it to be publicly accessible - you must NAT it or do some other routing voodoo.
0
 

Author Closing Comment

by:SMaton
ID: 38896623
Closed this a little bit late... sorry :)
0
 
LVL 33

Expert Comment

by:shalomc
ID: 38901152
thats ok.

Things have changed a bit since 2011. Today VPC has a feature called "Internet gateway" that allows a server in VPC to connect directly to the internet.

http://aws.amazon.com/vpc/faqs/#C2
0

Featured Post

Salesforce Made Easy to Use

On-screen guidance at the moment of need enables you & your employees to focus on the core, you can now boost your adoption rates swiftly and simply with one easy tool.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
Learn how the use of a bunch of disparate tools requiring a lot of manual attention led to a series of unfortunate backup events for one company.
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question