• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 267
  • Last Modified:

Cloud Apps, VPN and security

Hello everyone,

I'm currently taking a look at cloud computing and cloud databases. In my project I'd like to use VPN (ie. Amazon VPC) to increase the security.

In fact, the setup will be 2 folded:

a) a VPN side which will permit my in-house computers to connect to a cloud and handle Cloud DBs and Cloud Apps.
b) some user in the internet must be able to connect to Cloud Apps to receive some real time data send from my in-house computers through the VPN to the cloud apps which will relay to an application than runs on a customer machine.

The cloud app must have one leg in the VPC and another with public accessible. Image one server with 2 network cards, one mapped to a company VPN, the other one mapped to the office LAN.

My questions:

1) Is it possible to create cloud VPNs which have a public and a private part?
2) Is it necessary to create a bridge between the public and the VPN part of the cloud?

Thanks for your help :)
0
SMaton
Asked:
SMaton
  • 2
1 Solution
 
shalomcCommented:
Amazon VPC is by definition an extension of your private network. You provide the address space and the dhcp service, and it may be incompatible with the rest of EC2.
Therefore, because of security and address incompatibility, once you have a server running in a VPC, this server can be accessed in two modes.
All servers in the same VPC can access each other without any special definitions.
Any other resources who need your VPC server must be routed there thru the VPN by you.
That sounds trivial until you realize that a public EC2 instance that may run side by side in the same cabinet with your VPC instance, has 0 access to your VPC instance. It must traverse thru your organizational firewall and back to the VPC via the VPN connection.

Therefore, you must treat VPC just like another segment on your enterprise network. All access to it must pass your firewall. If you want it to be publicly accessible - you must NAT it or do some other routing voodoo.
0
 
SMatonAuthor Commented:
Closed this a little bit late... sorry :)
0
 
shalomcCommented:
thats ok.

Things have changed a bit since 2011. Today VPC has a feature called "Internet gateway" that allows a server in VPC to connect directly to the internet.

http://aws.amazon.com/vpc/faqs/#C2
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now