Solved

Cloud Apps, VPN and security

Posted on 2011-02-14
3
255 Views
Last Modified: 2013-02-18
Hello everyone,

I'm currently taking a look at cloud computing and cloud databases. In my project I'd like to use VPN (ie. Amazon VPC) to increase the security.

In fact, the setup will be 2 folded:

a) a VPN side which will permit my in-house computers to connect to a cloud and handle Cloud DBs and Cloud Apps.
b) some user in the internet must be able to connect to Cloud Apps to receive some real time data send from my in-house computers through the VPN to the cloud apps which will relay to an application than runs on a customer machine.

The cloud app must have one leg in the VPC and another with public accessible. Image one server with 2 network cards, one mapped to a company VPN, the other one mapped to the office LAN.

My questions:

1) Is it possible to create cloud VPNs which have a public and a private part?
2) Is it necessary to create a bridge between the public and the VPN part of the cloud?

Thanks for your help :)
0
Comment
Question by:SMaton
  • 2
3 Comments
 
LVL 32

Accepted Solution

by:
shalomc earned 500 total points
ID: 35065040
Amazon VPC is by definition an extension of your private network. You provide the address space and the dhcp service, and it may be incompatible with the rest of EC2.
Therefore, because of security and address incompatibility, once you have a server running in a VPC, this server can be accessed in two modes.
All servers in the same VPC can access each other without any special definitions.
Any other resources who need your VPC server must be routed there thru the VPN by you.
That sounds trivial until you realize that a public EC2 instance that may run side by side in the same cabinet with your VPC instance, has 0 access to your VPC instance. It must traverse thru your organizational firewall and back to the VPC via the VPN connection.

Therefore, you must treat VPC just like another segment on your enterprise network. All access to it must pass your firewall. If you want it to be publicly accessible - you must NAT it or do some other routing voodoo.
0
 

Author Closing Comment

by:SMaton
ID: 38896623
Closed this a little bit late... sorry :)
0
 
LVL 32

Expert Comment

by:shalomc
ID: 38901152
thats ok.

Things have changed a bit since 2011. Today VPC has a feature called "Internet gateway" that allows a server in VPC to connect directly to the internet.

http://aws.amazon.com/vpc/faqs/#C2
0

Featured Post

Why do Marketing keep bothering you?

Is your marketing department constantly asking for new email signature updates? Are they requesting a different design for every department? Do they need yet another banner added? Don’t let it get you down! There is an easy way to manage all of these requests...

Join & Write a Comment

Moving your enterprise fax infrastructure from in-house fax machines and servers to the cloud makes sense — from both an efficiency and productivity standpoint. But does migrating to a cloud fax solution mean you will no longer be able to send or re…
Companies keep a much closer eye on costs today, so changing to new Technology – Microsoft Office 365 is the smartest move to take.
This Micro Tutorial will explain how to export DynamoDB tables in Amazon Web Services.
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now