Creating Your Virtual Data Center

Similar documents
Creating your Virtual Data Centre

Creating Your Virtual Data Center

Crear un centro de datos virtual en AWS

AWS Networking Fundamentals

Amazon Virtual Private Cloud Deep Dive

MyIGW Main. Oregon. MyVPC /16. MySecurityGroup / us-west-2b. Type Port Source SSH /0 HTTP

Amazon Virtual Private Cloud Deep Dive

Top 30 AWS VPC Interview Questions and Answers Pdf

AWS Solutions Architect Associate (SAA-C01) Sample Exam Questions

Configuring AWS for Zerto Virtual Replication

Transit Network VPC. AWS Reference Deployment Guide. Last updated: May 10, Aviatrix Systems, Inc. 411 High Street Palo Alto, CA USA

Transit VPC Deployment Using AWS CloudFormation Templates. White Paper

Amazon Virtual Private Cloud. User Guide API Version

25 Best Practice Tips for architecting Amazon VPC

Extending Enterprise Security to Multicloud and Public Cloud

Amazon Web Services Hands- On VPC

Microsoft Azure for AWS Experts

Overview. AWS networking services including: VPC Extend your network into a virtual private cloud. EIP Elastic IP

Building a Modular and Scalable Virtual Network Architecture with Amazon VPC

Sichere Netzwerke in der Cloud

A Reference Design. VPN user access and VPC networking. Version Copyright Aviatrix Systems, Inc. All rights reserved.

Getting Started with AWS Security

2013 AWS Worldwide Public Sector Summit Washington, D.C.

Security on AWS(overview) Bertram Dorn EMEA Specialized Solutions Architect Security and Compliance

AWS: Basic Architecture Session SUNEY SHARMA Solutions Architect: AWS

Deploying Transit VPC for Amazon Web Services

Course Outline. Module 1: Microsoft Azure for AWS Experts Course Overview

1. VPC and Subnet Layout

Oracle Cloud Infrastructure Virtual Cloud Network Overview and Deployment Guide ORACLE WHITEPAPER JANUARY 2018 VERSION 1.0

How to Install Forcepoint NGFW in Amazon AWS TECHNICAL DOCUMENT

FortiGate. on OCB FE Configuration Guide. 6 th December 2018 Version 1.0

Deploy VPN IPSec Tunnels on Oracle Cloud Infrastructure. White Paper September 2017 Version 1.0

NGF0502 AWS Student Slides

Virtual Cloud Network Level 200. Jamal Arif November 2018

Configuring High Availability

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

EdgeConnect for Amazon Web Services (AWS)

40390: Microsoft Azure for AWS Experts

Deploy the Firepower Management Center Virtual On the AWS Cloud

Overlay Engine. VNS3 Plugins Guide 2018

Amazon Virtual Private Cloud. Getting Started Guide

Configuring Aviatrix Encryption

How to Configure a Site-To-Site IPsec VPN to the Amazon AWS VPN Gateway

VMware Cloud on AWS Operations Guide. 18 July 2018 VMware Cloud on AWS

MCR Google Cloud Partner Interconnect

Advanced Techniques for DDoS Mitigation and Web Application Defense

Securely Access Services Over AWS PrivateLink. January 2019

Virtual Private Cloud. User Guide. Issue 03 Date

SAA-C01. AWS Solutions Architect Associate. Exam Summary Syllabus Questions

ActiveNET. #202, Manjeera Plaza, Opp: Aditya Park Inn, Ameerpetet HYD

Remote Desktop Gateway on the AWS Cloud

Oracle Integration Cloud Service Project. Author: Gopinath Soundarrajan Oracle Infrastructure Cloud Architect Date: 03/Dec/2016

Pass4test Certification IT garanti, The Easy Way!

Understanding Perimeter Security

AWS Solution Architect (AWS SA)

How to set up a Virtual Private Cloud (VPC)

AWS Reference Architecture - CloudGen Firewall Auto Scaling Cluster

Virtual Private Cloud. User Guide. Issue 21 Date HUAWEI TECHNOLOGIES CO., LTD.

SAM 8.0 SP2 Deployment at AWS. Version 1.0

How to Configure Azure Route Tables (UDR) using Azure Portal and ARM

Microsoft SharePoint Server 2013 on the AWS Cloud: Quick Start Reference Deployment

Puppet on the AWS Cloud

AWS_SOA-C00 Exam. Volume: 758 Questions

How to Deploy the Barracuda NG Firewall in an Amazon Virtual Private Cloud

FortiMail AWS Deployment Guide

How to Configure an IPsec Site-to-Site VPN to a Windows Azure VPN Gateway

25 Best Practice Tips for architecting Amazon VPC. 25 Best Practice Tips for architecting Amazon VPC. Harish Ganesan- CTO- 8KMiles

Networking in AWS. Carl Simpson Technical Architect, Zen Internet Limited

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

AppGate for AWS Step-by-Step Setup Guide. Last revised April 28, 2017

NGFWv & ASAv in Public Cloud (AWS & Azure)

VMware Cloud on AWS Getting Started. 18 DEC 2017 VMware Cloud on AWS

SD-WAN Deployment Guide (CVD)

Getting started with AWS security

Hosting DesktopNow in Amazon Web Services. Ivanti DesktopNow powered by AppSense

VMware Cloud on AWS. A Closer Look. Frank Denneman Senior Staff Architect Cloud Platform BU

Pexip Infinity and Amazon Web Services Deployment Guide

Junos Security (JSEC)

Virtual Cloud Network Best Practices Level 201. Jamal Arif November 2018

JIRA Software and JIRA Service Desk Data Center on the AWS Cloud

Configuring VPC Peering For AWS

How to Configure an IKEv1 IPsec Site-to-Site VPN to the Static Microsoft Azure VPN Gateway

Virtual Private Cloud. User Guide

Amazon Web Services Training. Training Topics:

Cloud Native Security. OpenShift Commons Briefing

Advanced CSR Lab with High Availability and Transit VPC

WAF on AWS Deployment Kit. On Demand. Configuration Guide

LINUX, WINDOWS(MCSE),

Best Practices for Extending the WAN into AWS (IaaS) with SD-WAN

Security: Michael South Americas Regional Leader, Public Sector Security & Compliance Business Acceleration

Cloudera s Enterprise Data Hub on the Amazon Web Services Cloud: Quick Start Reference Deployment October 2014

Amazon Web Services (AWS) Solutions Architect Intermediate Level Course Content

TestkingPass. Reliable test dumps & stable pass king & valid test questions

CloudN Startup Guide. Version Copyright Aviatrix Systems, Inc. All rights reserved. Aviatrix Systems Page 0

Cradlepoint to Palo Alto VPN Example. Summary. Standard IPSec VPN Topology. Global Leader in 4G LTE Network Solutions

AWS Solution Architect Associate

Oracle WebLogic Server 12c on AWS. December 2018

8/3/17. Encryption and Decryption centralized Single point of contact First line of defense. Bishop

Amazon AppStream 2.0: SOLIDWORKS Deployment Guide

Example - Configuring a Site-to-Site IPsec VPN Tunnel

Transcription:

Creating Your Virtual Data Center VPC Fundamentals and Connectivity Options Giulio Soro, Sr. Solutions Architect AWS Antonio Sglavo, Head of Data Center Transformation - ENEL AWS Summit, 2016 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

What to Expect from the Session Get familiar with VPC concepts Walk through a basic VPC setup See some more advanced possibilities Learn about the ways to connect your on premises datacenter to the VPC

Walkthrough: Setting Up an Internet-Connected VPC

Creating an Internet-Connected VPC: Steps Choosing an address range Setting up subnets in Availability Zones Creating a route to the Internet Authorizing traffic to/from the VPC

Choose address ranges

CIDR notation review CIDR range example: 172.31.0.0/16 1010 1100 0001 1111 0000 0000 0000 0000

Choosing IP address ranges for your VPC 172.31.0.0/16 Recommended: RFC1918 range Recommended: /16 (64K addresses)

Set up subnets

Choosing IP address ranges for your subnets 172.31.0.0/16 eu-west-1a eu-west-1b eu-west-1c 172.31.0.0/24 172.31.1.0/24 172.31.2.0/24 VPC subnet VPC subnet VPC subnet Availability Zone Availability Zone Availability Zone

Auto-assign Public IP: All instances will get an automatically-assigned public IP

More on subnets Recommended for most customers: /16 VPC (64K addresses) /24 Subnets (251 addresses) One subnet per Availability Zone When might you do something else?

Create a route to the Internet

Routing in your VPC Route tables contain rules for which packets go where Your VPC has a default route table but you can assign different route tables to different subnets

Traffic destined for my VPC stays in my VPC

Internet Gateway Send packets here if you want them to reach the Internet

Everything that isn t destined for the VPC: Send to the Internet

Authorizing traffic: Network ACLs Security Groups

Network ACLs = stateless firewall rules Can be applied on a subnet basis English translation: Allow all traffic in

Security Groups follow the structure of your application MyWebServers Security Group Allow only MyWebServers MyBackends Security Group

Security Groups = stateful firewall In English: Hosts in this group are reachable from the Internet on port 80 (HTTP)

Security Groups = stateful firewall In English: Only instances in the MyWebServers Security Group can reach instances in this Security Group

Security Groups in VPCs: Additional notes VPC allows creation of egress as well as ingress Security Group rules Best practice: Whenever possible, specify allowed traffic by reference (other Security Groups) Many application architectures lend themselves to a 1:1 relationship between Security Groups (who can reach me) and IAM roles (what I can do).

Connectivity Options For VPCs

Beyond Internet connectivity Subnet routing options Connecting to other VPCs Connecting to your corporate network

Routing on a subnet basis: Internal-facing subnets

Different route tables for different subnets Has route to Internet VPC subnet Has no route to Internet VPC subnet

0.0.0.0/0 Internet Access via NAT Gateway Public IP: 54.161.0.39 0.0.0.0/0 NAT Gateway VPC subnet VPC subnet

Connecting to other VPCs: VPC Peering

Shared services VPC using VPC peering Common/core services Authentication/directory Monitoring Logging Remote administration Scanning

Steps to establish a peering: Initiate request 172.31.0.0/16 10.55.0.0/16 Step 1 Initiate peering request

Steps to establish a peering: Initiate request

Steps to establish a peering: Accept request 172.31.0.0/16 10.55.0.0/16 Step 1 Initiate peering request Step 2 Accept peering request

Steps to establish a peering: Accept request

Steps to establish a peering: Create route 172.31.0.0/16 Step 1 10.55.0.0/16 In English: Initiate Traffic peering destined request for the peered VPC should go to the peering Step 2 Accept peering request Step 3 Create routes

Connecting to your network: Virtual Private Network & Direct Connect

Extend your own network into your VPC VPN Direct Connect

VPN: What you need to know 192.168.0.0/16 172.31.0.0/16 Customer Gateway Virtual Gateway 192.168/16 Two IPSec tunnels Your networking device

Routing to a Virtual Private Gateway In English: Traffic to my 192.168.0.0/16 network goes out the VPN tunnel

An example use case: AD Replication

VPN vs DirectConnect Both allow secure connections between your network and your VPC VPN is a pair of IPSec tunnels over the Internet DirectConnect is a dedicated line with lower per-gb data transfer rates For highest availability: Use both

CloudFormation Take advantage of AWS Infrastructure as a code capabilities: Create templates to describe the resources required to run your application Use the template to deploy resources Modify/Update the template to edit your environment Use the CloudFormation Designer if you prefer a visual environment

Remember to complete your evaluations!

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback