A Case Study In Virtual Private Cloud
1y ago
20 Views
1 Downloads
2.82 MB
23 Pages
Report/dmca
Download PDF

Transcription

A Case Study in Virtual PrivateCloudGerry MillerChief TechnologistCloudticity

What is Virtual Private Cloud?Your datacenter connected to dynamic private resources in a public cloud

Application ArchitectureOutside ServicesOracleWeb BrowserServices ServerData ProxyServicesContent Management SystemWeb Service ProxyService BusPostalsoftMarketing AppEmail MarketingSalesforce.comCMSMarketingPeopleDatabase ServerServicesStaging

VPC ArchitectureAmazon.com AWS Cloud Configuration forVirtual Private Cloud connected tocorporate network via VPNInternal192.168.92.128/25Domain Controller192.168.92.218DEV Web Server192.168.92.88 (internal)184.xxx.xxx.xxx (external)AWS Internal ConnectionsInternetUsersDEV SQL Server192.168.92.237QA SQL Server192.168.92.197QA Web Server192.168.92.92 (internal)184.xxx.xxx.xxx (external)DEV Enterprise Service Bus192.168.92.147QA Enterprise Service Bus192.168.92.188Amazon Internet GatewayAmazon FirewallInternetAll external trafficrouted to Internet(must include 80, 443,DNS, NTP, Amazon VPN GatewayPort 50000bidirectionalOracle DEVPorts 80, 443, andfull SMB access toUNC locations onXMPie servers(unidirectionalfrom VPC)Routes traffic for192.168.92.0/24subnetXMPie (DEV, QA, PROD)Oracle QAPostalSoft DEVPort 50002bidirectionalOracle PRODPort 50001bidirectionalCorporate NetworkCorp FirewallPorts 21, 80, 443from VPC toserver(unidirectional)Corp VPN Device212.14.xx.xx

VPC Subnetsud Configuration foronnected toVPNDomain Controller192.168.92.218DEV Web Server192.168.92.88 (internal)184.xxx.xxx.xxx (external)InternetUsersAWS Internal Connections43, andcess toInternal192.168.92.128/25DEV SQL Server192.168.92.237QA SQL Server192.168.92.197QA Web Server192.168.92.92 (internal)184.xxx.xxx.xxx (external)DEV Enterprise Service Bus192.168.92.147QA Enterprise Service Bus192.168.92.188Amazon Internet GatewayAmazon FirewallInternetAll external trafficrouted to Internet(must include 80, 443,DNS, NTP, Amazon VPN GatewayPort 50000bidirectionalOracle DEV

VPC ArchitectureAmazon.com AWS Cloud Configuration forVirtual Private Cloud connected tocorporate network via VPNInternal192.168.92.128/25Domain Controller192.168.92.218DEV Web Server192.168.92.88 (internal)184.xxx.xxx.xxx (external)AWS Internal ConnectionsInternetUsersDEV SQL Server192.168.92.237QA SQL Server192.168.92.197QA Web Server192.168.92.92 (internal)184.xxx.xxx.xxx (external)DEV Enterprise Service Bus192.168.92.147QA Enterprise Service Bus192.168.92.188Amazon Internet GatewayAmazon FirewallInternetAll external trafficrouted to Internet(must include 80, 443,DNS, NTP, Amazon VPN GatewayPort 50000bidirectionalOracle DEVPorts 80, 443, andfull SMB access toUNC locations onXMPie servers(unidirectionalfrom VPC)Routes traffic for192.168.92.0/24subnetXMPie (DEV, QA, PROD)Oracle QAPostalSoft DEVPort 50002bidirectionalOracle PRODPort 50001bidirectionalCorporate NetworkCorp FirewallPorts 21, 80, 443from VPC toserver(unidirectional)Corp VPN Device212.14.xx.xx

AWS Internal ConnectionsDEV SQL Server192.168.92.237QA SQL Server192.168.92.197VPC Connection to DatacenterQA Web Server192.168.92.92 (internal)184.xxx.xxx.xxx (external)DEV Enterprise Service Bus192.168.92.147QA Enterprise Service Bus192.168.92.188Amazon Internet GatewayAmazon Firewallernal trafficd to Internetude 80, 443,S, NTP, etc.)nd-initiatedonlyExternal192.168.92.0/25Amazon VPN GatewayOracle DEVRoutes traffic for192.168.92.0/24subnetOracle QAPort 50001bidirectionalCorporate NetworkCorp FirewallCorp VPN Device212.14.xx.xx

VPC ArchitectureAmazon.com AWS Cloud Configuration forVirtual Private Cloud connected tocorporate network via VPNInternal192.168.92.128/25Domain Controller192.168.92.218DEV Web Server192.168.92.88 (internal)184.xxx.xxx.xxx (external)AWS Internal ConnectionsInternetUsersDEV SQL Server192.168.92.237QA SQL Server192.168.92.197QA Web Server192.168.92.92 (internal)184.xxx.xxx.xxx (external)DEV Enterprise Service Bus192.168.92.147QA Enterprise Service Bus192.168.92.188Amazon Internet GatewayAmazon FirewallInternetAll external trafficrouted to Internet(must include 80, 443,DNS, NTP, Amazon VPN GatewayPort 50000bidirectionalOracle DEVPorts 80, 443, andfull SMB access toUNC locations onXMPie servers(unidirectionalfrom VPC)Routes traffic for192.168.92.0/24subnetXMPie (DEV, QA, PROD)Oracle QAPostalSoft DEVPort 50002bidirectionalOracle PRODPort 50001bidirectionalCorporate NetworkCorp FirewallPorts 21, 80, 443from VPC toserver(unidirectional)Corp VPN Device212.14.xx.xx

QA Web Server192.168.92.92 (internal)184.xxx.xxx.xxx (external)VPC Using Internal ResourcesDEV Enterprise Service B192.168.92.147Amazon Internet GatewayInternetAll external trafficrouted to Internet(must include 80, 443,DNS, NTP, AmPort 50000bidirectionalOracle DEVPorts 80, 443, andfull SMB access toUNC locations onXMPie servers(unidirectionalfrom VPC)Routes traffic for192.168.92.0/24subnetXMPie (DEV, QA, PROD)Ports 21, 80, 443from VPC toserver(unidirectional)Oracle QAPostalSoft DEVPort 50002bidirectionalOracle PRODPort 50001bidirectionalCorporate NetworkCorp FirewallCorp VPN Device212.14.xx.xx

VPC ArchitectureAmazon.com AWS Cloud Configuration forVirtual Private Cloud connected tocorporate network via VPNInternal192.168.92.128/25Domain Controller192.168.92.218DEV Web Server192.168.92.88 (internal)184.xxx.xxx.xxx (external)AWS Internal ConnectionsInternetUsersDEV SQL Server192.168.92.237QA SQL Server192.168.92.197QA Web Server192.168.92.92 (internal)184.xxx.xxx.xxx (external)DEV Enterprise Service Bus192.168.92.147QA Enterprise Service Bus192.168.92.188Amazon Internet GatewayAmazon FirewallInternetAll external trafficrouted to Internet(must include 80, 443,DNS, NTP, Amazon VPN GatewayPort 50000bidirectionalOracle DEVPorts 80, 443, andfull SMB access toUNC locations onXMPie servers(unidirectionalfrom VPC)Routes traffic for192.168.92.0/24subnetXMPie (DEV, QA, PROD)Oracle QAPostalSoft DEVPort 50002bidirectionalOracle PRODPort 50001bidirectionalCorporate NetworkCorp FirewallPorts 21, 80, 443from VPC toserver(unidirectional)Corp VPN Device212.14.xx.xx

azon.com AWS Cloud Configuration forual Private Cloud connected toporate network via VPNCustomer Access to System192.1DEV Web Server192.168.92.88 (internal)184.xxx.xxx.xxx (external)InternetUsersQA Web Server192.168.92.92 (internal)184.xxx.xxx.xxx (external)Amazon Internet Gateway

VPC ArchitectureAmazon.com AWS Cloud Configuration forVirtual Private Cloud connected tocorporate network via VPNInternal192.168.92.128/25Domain Controller192.168.92.218DEV Web Server192.168.92.88 (internal)184.xxx.xxx.xxx (external)AWS Internal ConnectionsInternetUsersDEV SQL Server192.168.92.237QA SQL Server192.168.92.197QA Web Server192.168.92.92 (internal)184.xxx.xxx.xxx (external)DEV Enterprise Service Bus192.168.92.147QA Enterprise Service Bus192.168.92.188Amazon Internet GatewayAmazon FirewallInternetAll external trafficrouted to Internet(must include 80, 443,DNS, NTP, Amazon VPN GatewayPort 50000bidirectionalOracle DEVPorts 80, 443, andfull SMB access toUNC locations onXMPie servers(unidirectionalfrom VPC)Routes traffic for192.168.92.0/24subnetXMPie (DEV, QA, PROD)Oracle QAPostalSoft DEVPort 50002bidirectionalOracle PRODPort 50001bidirectionalCorporate NetworkCorp FirewallPorts 21, 80, 443from VPC toserver(unidirectional)Corp VPN Device212.14.xx.xx

VPC Security owsFirewallESB & DBServerAuth & ACLsWindowsFirewallWebServerAuth & ACLsAmazonRoutingACLsWindowsFirewallCorp server auth and ACLs across all internal datacenters

Things We Learned

Thank You!Any Questions?Gerry rangle the Cloud

Service Bus Data Proxy Services Marketing App Outside Services Oracle Postalsoft Email Marketing Salesforce.com. VPC Architecture DEV Web Server 192.168.92.88 (internal) 184.xxx.xxx.xxx (external) QA Web Server 192.168.92.92 (internal) 184.xxx.xxx.xxx (external) Domain Controller 192.168.92.218

Related Books

USMLE Step 3 Lecture Notes 2017-2018: Internal Medicine .

USMLE Step 3 Lecture Notes 2017-2018: Internal Medicine .

Turkish4kids'İn Çocuklara İli̇şki̇n Gi̇zli̇li̇k Poli̇ti̇kasi

Turkish4kids'İn Çocuklara İli̇şki̇n Gi̇zli̇li̇k Poli̇ti̇kasi

Case Study of a 13-year-old Boy Suffering from

Case Study of a 13-year-old Boy Suffering from

Social Engineering: The Art of Human Hacking

Social Engineering: The Art of Human Hacking

Your one stop shop for deli container packaging - Pactiv

Your one stop shop for deli container packaging - Pactiv

Black-box and Gray-box Strategies for Virtual Machine Migration

Black-box and Gray-box Strategies for Virtual Machine Migration

Virtual Isilon Install Guide - Dell

Virtual Isilon Install Guide - Dell

Virtual Work 0910 - colincaprani

Virtual Work 0910 - colincaprani

Virtual Hadoop: The Study and Implementation of Hadoop in Virtual .

Virtual Hadoop: The Study and Implementation of Hadoop in Virtual .

International Infrastructure Business Case Guidance Case Study

International Infrastructure Business Case Guidance Case Study

Advanced Metering Infrastructure and Customer Systems .

Advanced Metering Infrastructure and Customer Systems .

Dell EMC SC Series Storage: CommVault Version 11

Dell EMC SC Series Storage: CommVault Version 11

PopularTags

Recent Views