SlideShare a Scribd company logo

Lessons Learned from 2,000 Amazon VPC Configurations

Download as PPTX, PDF
Buurst
Buurst

The SoftNAS engineering and support teams have configured over 2,000 Amazon Virtual Private Cloud (VPC) configurations for SMBs to Fortune 500 companies. In this webinar, we share the lessons learned in configuring VPCs, including undocumented tips and tricks. Amazon’s Virtual Private Cloud enables you to launch Amazon Web Services (AWS) resources, like EC2 instances, into a virtual network that you’ve defined. They are flexible, secure and a core building block of AWS deployments. In this webinar, we covered: -How do packets really flow in a VPC? -Common security group mis-configurations -Why end-points are good things -To NAT or not? -VPNs and VPCs: a good thing? -Best practices for VPC management Learn more at https://www.softnas.com/aws

Technology
1 of 26
Lessons Learned from 2,000 Amazon VPC Configurations EricOlson VP Engineering SoftNAS February 22, 2017
Agenda © 2017 SoftNAS, Inc. 2 • What is aVirtual Private Cloud (VPC)? • 10 Lessons Learned • How SoftNAS UsesVPCs • SoftNASCloud Overview • Q&A
We’ve Configured Over 2,000 AmazonVPCs
© 2017 SoftNAS, Inc. 4 What is SoftNAS Cloud? • Powerful enterprise-class storage products for public, private and hybrid clouds • Easy to use – rapid time to value • Freedom from platform lock-in – Works with most popular cloud computing platforms • Amazon EC2®,VMware vSphere®, Microsoft® Azure™, CenturyLink Cloud® We believe in powerful, hassle-free storage
AmazonVPCs © 2017 SoftNAS, Inc.
6 What is aVirtual Private Cloud (VPC)? • A virtual network dedicated to your AWS environment • Logically isolated from other virtual networks in the AWS cloud • A location for launchingAWS resources, such as Amazon EC2 instances, • Highly configurable virtual private network infrastructure – Set IP address range – Create subnets – Configure route tables – Define network gateways (VPN) (IGW) – Configure security settings/ACL © 2017 SoftNAS, Inc.
© 2017 SoftNAS, Inc. 7 What is aVirtual Private Cloud? • Control – IP address ranges, how routing works.VPN access, subnet architecture • Security – Security Groups and ACL’s as well as routing rules • Features – Multiple NIC interfaces, static private IP’s,T2/M4/C4 and other instances only in VPC • Hybrid Cloud – Direct Connect can be leveraged to extend premise into AWS cloud • Networking Advantages – VPC peering – within your organization or to others – Endpoint flow logs help with troubleshooting
© 2017 SoftNAS, Inc. 8 VPCTopology • AVPC is used in a single region but can be multi-AZ • Each subnet lives in a singleAZ • All subnets can route to each other by default • Network size can be set between a /16- /28 forVPC CIDR • Choose your IP prefix
Accessing theVPC © 2017 SoftNAS, Inc. 9 • Gateways – Internet Gateway (IGW): ingress and egress Internet access – Virtual Private Gateway (VPG):AWS side ofVPN connection – Customer Gateway (CG): customer side of aVPN connection • VPNs – Direct Connect • Dedicated bandwidth toVPC – Hardware basedVPN • On-premises toAWS over Internet • MajorVPN vendors supported
© 2017 SoftNAS, Inc. 10 AWSVPC Packet Flow VPC Router Subnet 1 10.0.0.0/24 Subnet 2 10.0.1.0/24 Subnet 3 10.0.2.0/24 Elastic network interface Instance B Instance A Instance C 10.0.0.197 10.0.0.211 10.0.1.99 10.0.2.176
© 2017 SoftNAS, Inc. 11 AWSVPC Packet Flow Subnet 1 – 10.0.0.0/24 Instance A 10.0.0.197 Instance B 10.0.0.211 RoutingTable ARPTable Firewall Outbound Firewall Outbound Source / Dest Check Security Group Outbound Source / Dest Check Security Group Inbound
© 2017 SoftNAS, Inc. 12 AWSVPC Packet Flow Instance B – 10.0.0.211 / 10.0.1.99 Subnet 1 Instance C – 10.0.2.176 Subnet 3Subnet 2 IP Routing Policy DB RteTbl 1 RteTbl 2 Firewall Outbound Src/Dst Check Sec Group Out RouteTable Net ACL Out Src/Dst Check Sec Group Out RouteTable Net ACL Out Firewall Inbound Src/Dst Check Sec Group In Net ACL In
10 Lessons Learned © 2017 SoftNAS, Inc.
OrganizeYour AWS Environment © 2017 SoftNAS, Inc. 14 1. Use tagging (you will thank me later) 2. Plan your CIDR block carefully!! – Go bigger – not smaller – AWS reserves 5 IP addresses per subnet – Avoid overlappingCIDR – Save space for future expansion – You can never Add more IP’s to
SubnetYourWay to Success © 2017 SoftNAS, Inc. 15 3. Control network properly 4. Define your subnet strategy 5. If your subnets are not associated to a specific route table then they are associated to the main route 6. Align subnets to tiers, if possible – DMZ/Proxy, ELB, App, DB 7. Set subnet permissions to private by default for everything – ELB filtering/monitoring in public – Use NAT to gain access to public networks – VPC peering for access to otherVPCs – Endpoints for access to services like S3
ControlYour Access © 2017 SoftNAS, Inc. 16 8. Do not set default route to Internet Gateway 9. Use redundant NAT instances (size properly) – Some Cloud FormationTemplates exist to make this easier 10. Use IAM for access control – IAM can now be installed on a running instance  – Attach IAM role to existing EC2 instance
How SoftNAS UsesVPCs © 2017 SoftNAS, Inc.
High-AvailabilityArchitecture © 2017 SoftNAS, Inc. 18 • SNAP™ HA – Provides high availability seamless failover across zones – Leverages secure block replication with SoftNAS SnapReplicate • Recommended: SNAP HA in high-availability mode = 99.999% uptime
Cross-Zone HA: AWS Elastic IP © 2017 SoftNAS, Inc. 19
Cross-Zone HA: PrivateVirtual IP Addresses © 2017 SoftNAS, Inc. 20
Common Mistakes © 2017 SoftNAS, Inc. 21 • Need to deploy 2 ENI on each SoftNAS instance • Both NIC’s need to be in the same subnet • Security groups not open to allow ICMP health check • No access to S3 either via NAT or endpoint • For Private HA aVIP IP must not be in the CIDR of theVPC
SoftNAS Cloud Overview © 2017 SoftNAS, Inc.
Flexible,AdaptableArchitecture LinuxVirtual Appliance ARCHITECTURE INTEGRATION DATA SERVICES • API and CLI • Cross data center • Cross-zone VPC • Easy administration • File gateway • HTML5Admin UI • Software filer • ZFS on Linux • AWS • Azure • CenturyLink cloud • CIFS w/ Active directory • FC SAN • iSCSI LUN • iSCSI SAN • NFS • S3 Objects • SSD • VMware vSphere • Block replication • Cloud disks • Compression • Inline deduplication • Instant snapshots • Multi-level caching • Storage pools • Thin provisioning • Writable SnapClones™ • Encryption © 2017 SoftNAS, Inc.
Technology Partners © 2017 SoftNAS, Inc.
Earn $100 AWS Credit! First 100 attendees to register ter.li/gky7u1 © 2017 SoftNAS, Inc.
Try SoftNAS Cloud® Free for 30 Days onAWS 26 Learn More softnas.com/aws FreeTrial (30 Days) softnas.com/tryaws Contact Us softnas.com/contact Support softnas.com/helpdesk softnas.com/tryaws© 2017 SoftNAS, Inc.

Recommended

6 Storage Workloads Ideal for Microsoft Azure
6 Storage Workloads Ideal for Microsoft Azure6 Storage Workloads Ideal for Microsoft Azure
6 Storage Workloads Ideal for Microsoft AzureBuurst
 
Should you keep your On-Premises NAS: Upgrade, Pay Maintenance or Public Cloud?
Should you keep your On-Premises NAS: Upgrade, Pay Maintenance or Public Cloud?Should you keep your On-Premises NAS: Upgrade, Pay Maintenance or Public Cloud?
Should you keep your On-Premises NAS: Upgrade, Pay Maintenance or Public Cloud?Buurst
 
Championing the Cloud Internally, Dan Powers, VP, AWS
Championing the Cloud Internally, Dan Powers, VP, AWSChampioning the Cloud Internally, Dan Powers, VP, AWS
Championing the Cloud Internally, Dan Powers, VP, AWSAmazon Web Services
 
Cohesive Networks Support Docs: VNS3 Configuration for Amazon VPC
Cohesive Networks Support Docs: VNS3 Configuration for Amazon VPC Cohesive Networks Support Docs: VNS3 Configuration for Amazon VPC
Cohesive Networks Support Docs: VNS3 Configuration for Amazon VPC Cohesive Networks
 
Creating Your Virtual Data Center: Amazon VPC Fundamentals and Connectivity O...
Creating Your Virtual Data Center: Amazon VPC Fundamentals and Connectivity O...Creating Your Virtual Data Center: Amazon VPC Fundamentals and Connectivity O...
Creating Your Virtual Data Center: Amazon VPC Fundamentals and Connectivity O...Amazon Web Services
 
Compliance in the Cloud Using Security by Design
Compliance in the Cloud Using Security by DesignCompliance in the Cloud Using Security by Design
Compliance in the Cloud Using Security by DesignAmazon Web Services
 
Building a Hybrid Cloud with AWS and VMware vSphere
Building a Hybrid Cloud with AWS and VMware vSphereBuilding a Hybrid Cloud with AWS and VMware vSphere
Building a Hybrid Cloud with AWS and VMware vSphereBuurst
 
Building an AWS Hybrid Cloud
Building an AWS Hybrid CloudBuilding an AWS Hybrid Cloud
Building an AWS Hybrid CloudBuurst
 

Recommended

6 Storage Workloads Ideal for Microsoft Azure
6 Storage Workloads Ideal for Microsoft Azure6 Storage Workloads Ideal for Microsoft Azure
6 Storage Workloads Ideal for Microsoft AzureBuurst
 
Should you keep your On-Premises NAS: Upgrade, Pay Maintenance or Public Cloud?
Should you keep your On-Premises NAS: Upgrade, Pay Maintenance or Public Cloud?Should you keep your On-Premises NAS: Upgrade, Pay Maintenance or Public Cloud?
Should you keep your On-Premises NAS: Upgrade, Pay Maintenance or Public Cloud?Buurst
 
Championing the Cloud Internally, Dan Powers, VP, AWS
Championing the Cloud Internally, Dan Powers, VP, AWSChampioning the Cloud Internally, Dan Powers, VP, AWS
Championing the Cloud Internally, Dan Powers, VP, AWSAmazon Web Services
 
Cohesive Networks Support Docs: VNS3 Configuration for Amazon VPC
Cohesive Networks Support Docs: VNS3 Configuration for Amazon VPC Cohesive Networks Support Docs: VNS3 Configuration for Amazon VPC
Cohesive Networks Support Docs: VNS3 Configuration for Amazon VPC Cohesive Networks
 
Creating Your Virtual Data Center: Amazon VPC Fundamentals and Connectivity O...
Creating Your Virtual Data Center: Amazon VPC Fundamentals and Connectivity O...Creating Your Virtual Data Center: Amazon VPC Fundamentals and Connectivity O...
Creating Your Virtual Data Center: Amazon VPC Fundamentals and Connectivity O...Amazon Web Services
 
Compliance in the Cloud Using Security by Design
Compliance in the Cloud Using Security by DesignCompliance in the Cloud Using Security by Design
Compliance in the Cloud Using Security by DesignAmazon Web Services
 
Building a Hybrid Cloud with AWS and VMware vSphere
Building a Hybrid Cloud with AWS and VMware vSphereBuilding a Hybrid Cloud with AWS and VMware vSphere
Building a Hybrid Cloud with AWS and VMware vSphereBuurst
 
Building an AWS Hybrid Cloud
Building an AWS Hybrid CloudBuilding an AWS Hybrid Cloud
Building an AWS Hybrid CloudBuurst
 
(ARC403) From One To Many: Evolving VPC Design
(ARC403) From One To Many: Evolving VPC Design(ARC403) From One To Many: Evolving VPC Design
(ARC403) From One To Many: Evolving VPC DesignAmazon Web Services
 
AWS re:Invent 2016: Moving Mission Critical Apps from One Region to Multi-Reg...
AWS re:Invent 2016: Moving Mission Critical Apps from One Region to Multi-Reg...AWS re:Invent 2016: Moving Mission Critical Apps from One Region to Multi-Reg...
AWS re:Invent 2016: Moving Mission Critical Apps from One Region to Multi-Reg...Amazon Web Services
 
Getting Started with Serverless Architectures
Getting Started with Serverless ArchitecturesGetting Started with Serverless Architectures
Getting Started with Serverless ArchitecturesAmazon Web Services
 
Respuesta ONUDC exportación de coca
Respuesta ONUDC exportación de cocaRespuesta ONUDC exportación de coca
Respuesta ONUDC exportación de cocaAlejandra Prado
 
(SDD422) Amazon VPC Deep Dive | AWS re:Invent 2014
(SDD422) Amazon VPC Deep Dive | AWS re:Invent 2014(SDD422) Amazon VPC Deep Dive | AWS re:Invent 2014
(SDD422) Amazon VPC Deep Dive | AWS re:Invent 2014Amazon Web Services
 
AWS re:Invent 2016: Deep Dive on AWS Cloud Data Migration Services (ENT210)
AWS re:Invent 2016: Deep Dive on AWS Cloud Data Migration Services (ENT210)AWS re:Invent 2016: Deep Dive on AWS Cloud Data Migration Services (ENT210)
AWS re:Invent 2016: Deep Dive on AWS Cloud Data Migration Services (ENT210)Amazon Web Services
 
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer ToolsDevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer ToolsAmazon Web Services
 
AWS re:Invent 2016: Creating Your Virtual Data Center: VPC Fundamentals and C...
AWS re:Invent 2016: Creating Your Virtual Data Center: VPC Fundamentals and C...AWS re:Invent 2016: Creating Your Virtual Data Center: VPC Fundamentals and C...
AWS re:Invent 2016: Creating Your Virtual Data Center: VPC Fundamentals and C...Amazon Web Services
 
From One to Many: Evolving VPC Design
From One to Many: Evolving VPC DesignFrom One to Many: Evolving VPC Design
From One to Many: Evolving VPC DesignAmazon Web Services
 
AWS re:Invent 2016: Workshop: Adhere to the Principle of Least Privilege by U...
AWS re:Invent 2016: Workshop: Adhere to the Principle of Least Privilege by U...AWS re:Invent 2016: Workshop: Adhere to the Principle of Least Privilege by U...
AWS re:Invent 2016: Workshop: Adhere to the Principle of Least Privilege by U...Amazon Web Services
 
High Availability Application Architectures in Amazon VPC (ARC202) | AWS re:I...
High Availability Application Architectures in Amazon VPC (ARC202) | AWS re:I...High Availability Application Architectures in Amazon VPC (ARC202) | AWS re:I...
High Availability Application Architectures in Amazon VPC (ARC202) | AWS re:I...Amazon Web Services
 
AWS re:Invent 2016: Cloud agility and faster connectivity with AT&T NetBond a...
AWS re:Invent 2016: Cloud agility and faster connectivity with AT&T NetBond a...AWS re:Invent 2016: Cloud agility and faster connectivity with AT&T NetBond a...
AWS re:Invent 2016: Cloud agility and faster connectivity with AT&T NetBond a...Amazon Web Services
 
監査ログをもっと身近に!〜統合監査のすすめ〜
監査ログをもっと身近に!〜統合監査のすすめ〜監査ログをもっと身近に!〜統合監査のすすめ〜
監査ログをもっと身近に!〜統合監査のすすめ〜Michitoshi Yoshida
 
AWS re:Invent 2016: [JK REPEAT] Deep Dive on Amazon EC2 Instances, Featuring ...
AWS re:Invent 2016: [JK REPEAT] Deep Dive on Amazon EC2 Instances, Featuring ...AWS re:Invent 2016: [JK REPEAT] Deep Dive on Amazon EC2 Instances, Featuring ...
AWS re:Invent 2016: [JK REPEAT] Deep Dive on Amazon EC2 Instances, Featuring ...Amazon Web Services
 
AWS re:Invent 2016: Reduce Your Blast Radius by Using Multiple AWS Accounts P...
AWS re:Invent 2016: Reduce Your Blast Radius by Using Multiple AWS Accounts P...AWS re:Invent 2016: Reduce Your Blast Radius by Using Multiple AWS Accounts P...
AWS re:Invent 2016: Reduce Your Blast Radius by Using Multiple AWS Accounts P...Amazon Web Services
 
AWS re:Invent 2016: Design Patterns for High Availability: Lessons from Amazo...
AWS re:Invent 2016: Design Patterns for High Availability: Lessons from Amazo...AWS re:Invent 2016: Design Patterns for High Availability: Lessons from Amazo...
AWS re:Invent 2016: Design Patterns for High Availability: Lessons from Amazo...Amazon Web Services
 
16 Topics For A Healthcare Blog
16 Topics For A Healthcare Blog16 Topics For A Healthcare Blog
16 Topics For A Healthcare BlogMarie Ennis-O'Connor
 
Cloud Data Migration Strategies - AWS May 2016 Webinar Series
Cloud Data Migration Strategies - AWS May 2016 Webinar SeriesCloud Data Migration Strategies - AWS May 2016 Webinar Series
Cloud Data Migration Strategies - AWS May 2016 Webinar SeriesAmazon Web Services
 
Teaching Elephants to Dance (and Fly!) A Developer's Journey to Digital Trans...
Teaching Elephants to Dance (and Fly!) A Developer's Journey to Digital Trans...Teaching Elephants to Dance (and Fly!) A Developer's Journey to Digital Trans...
Teaching Elephants to Dance (and Fly!) A Developer's Journey to Digital Trans...Burr Sutter
 
Gamification 101 session 1
Gamification 101 session 1Gamification 101 session 1
Gamification 101 session 1Alireza Ranjbar SHourabi
 
Three Strategies to Increase Performance for Your Applications in AWS.
Three Strategies to Increase Performance for Your Applications in AWS.Three Strategies to Increase Performance for Your Applications in AWS.
Three Strategies to Increase Performance for Your Applications in AWS.Buurst
 
Top Reasons to Partner with Buurst
Top Reasons to Partner with BuurstTop Reasons to Partner with Buurst
Top Reasons to Partner with BuurstBuurst
 

More Related Content

Viewers also liked

(ARC403) From One To Many: Evolving VPC Design
(ARC403) From One To Many: Evolving VPC Design(ARC403) From One To Many: Evolving VPC Design
(ARC403) From One To Many: Evolving VPC DesignAmazon Web Services
 
AWS re:Invent 2016: Moving Mission Critical Apps from One Region to Multi-Reg...
AWS re:Invent 2016: Moving Mission Critical Apps from One Region to Multi-Reg...AWS re:Invent 2016: Moving Mission Critical Apps from One Region to Multi-Reg...
AWS re:Invent 2016: Moving Mission Critical Apps from One Region to Multi-Reg...Amazon Web Services
 
Getting Started with Serverless Architectures
Getting Started with Serverless ArchitecturesGetting Started with Serverless Architectures
Getting Started with Serverless ArchitecturesAmazon Web Services
 
Respuesta ONUDC exportación de coca
Respuesta ONUDC exportación de cocaRespuesta ONUDC exportación de coca
Respuesta ONUDC exportación de cocaAlejandra Prado
 
(SDD422) Amazon VPC Deep Dive | AWS re:Invent 2014
(SDD422) Amazon VPC Deep Dive | AWS re:Invent 2014(SDD422) Amazon VPC Deep Dive | AWS re:Invent 2014
(SDD422) Amazon VPC Deep Dive | AWS re:Invent 2014Amazon Web Services
 
AWS re:Invent 2016: Deep Dive on AWS Cloud Data Migration Services (ENT210)
AWS re:Invent 2016: Deep Dive on AWS Cloud Data Migration Services (ENT210)AWS re:Invent 2016: Deep Dive on AWS Cloud Data Migration Services (ENT210)
AWS re:Invent 2016: Deep Dive on AWS Cloud Data Migration Services (ENT210)Amazon Web Services
 
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer ToolsDevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer ToolsAmazon Web Services
 
AWS re:Invent 2016: Creating Your Virtual Data Center: VPC Fundamentals and C...
AWS re:Invent 2016: Creating Your Virtual Data Center: VPC Fundamentals and C...AWS re:Invent 2016: Creating Your Virtual Data Center: VPC Fundamentals and C...
AWS re:Invent 2016: Creating Your Virtual Data Center: VPC Fundamentals and C...Amazon Web Services
 
From One to Many: Evolving VPC Design
From One to Many: Evolving VPC DesignFrom One to Many: Evolving VPC Design
From One to Many: Evolving VPC DesignAmazon Web Services
 
AWS re:Invent 2016: Workshop: Adhere to the Principle of Least Privilege by U...
AWS re:Invent 2016: Workshop: Adhere to the Principle of Least Privilege by U...AWS re:Invent 2016: Workshop: Adhere to the Principle of Least Privilege by U...
AWS re:Invent 2016: Workshop: Adhere to the Principle of Least Privilege by U...Amazon Web Services
 
High Availability Application Architectures in Amazon VPC (ARC202) | AWS re:I...
High Availability Application Architectures in Amazon VPC (ARC202) | AWS re:I...High Availability Application Architectures in Amazon VPC (ARC202) | AWS re:I...
High Availability Application Architectures in Amazon VPC (ARC202) | AWS re:I...Amazon Web Services
 
AWS re:Invent 2016: Cloud agility and faster connectivity with AT&T NetBond a...
AWS re:Invent 2016: Cloud agility and faster connectivity with AT&T NetBond a...AWS re:Invent 2016: Cloud agility and faster connectivity with AT&T NetBond a...
AWS re:Invent 2016: Cloud agility and faster connectivity with AT&T NetBond a...Amazon Web Services
 
監査ログをもっと身近に!〜統合監査のすすめ〜
監査ログをもっと身近に!〜統合監査のすすめ〜監査ログをもっと身近に!〜統合監査のすすめ〜
監査ログをもっと身近に!〜統合監査のすすめ〜Michitoshi Yoshida
 
AWS re:Invent 2016: [JK REPEAT] Deep Dive on Amazon EC2 Instances, Featuring ...
AWS re:Invent 2016: [JK REPEAT] Deep Dive on Amazon EC2 Instances, Featuring ...AWS re:Invent 2016: [JK REPEAT] Deep Dive on Amazon EC2 Instances, Featuring ...
AWS re:Invent 2016: [JK REPEAT] Deep Dive on Amazon EC2 Instances, Featuring ...Amazon Web Services
 
AWS re:Invent 2016: Reduce Your Blast Radius by Using Multiple AWS Accounts P...
AWS re:Invent 2016: Reduce Your Blast Radius by Using Multiple AWS Accounts P...AWS re:Invent 2016: Reduce Your Blast Radius by Using Multiple AWS Accounts P...
AWS re:Invent 2016: Reduce Your Blast Radius by Using Multiple AWS Accounts P...Amazon Web Services
 
AWS re:Invent 2016: Design Patterns for High Availability: Lessons from Amazo...
AWS re:Invent 2016: Design Patterns for High Availability: Lessons from Amazo...AWS re:Invent 2016: Design Patterns for High Availability: Lessons from Amazo...
AWS re:Invent 2016: Design Patterns for High Availability: Lessons from Amazo...Amazon Web Services
 
Cloud Data Migration Strategies - AWS May 2016 Webinar Series
Cloud Data Migration Strategies - AWS May 2016 Webinar SeriesCloud Data Migration Strategies - AWS May 2016 Webinar Series
Cloud Data Migration Strategies - AWS May 2016 Webinar SeriesAmazon Web Services
 
Teaching Elephants to Dance (and Fly!) A Developer's Journey to Digital Trans...
Teaching Elephants to Dance (and Fly!) A Developer's Journey to Digital Trans...Teaching Elephants to Dance (and Fly!) A Developer's Journey to Digital Trans...
Teaching Elephants to Dance (and Fly!) A Developer's Journey to Digital Trans...Burr Sutter
 

Viewers also liked (20)

(ARC403) From One To Many: Evolving VPC Design
(ARC403) From One To Many: Evolving VPC Design(ARC403) From One To Many: Evolving VPC Design
(ARC403) From One To Many: Evolving VPC Design
 
AWS re:Invent 2016: Moving Mission Critical Apps from One Region to Multi-Reg...
AWS re:Invent 2016: Moving Mission Critical Apps from One Region to Multi-Reg...AWS re:Invent 2016: Moving Mission Critical Apps from One Region to Multi-Reg...
AWS re:Invent 2016: Moving Mission Critical Apps from One Region to Multi-Reg...
 
Getting Started with Serverless Architectures
Getting Started with Serverless ArchitecturesGetting Started with Serverless Architectures
Getting Started with Serverless Architectures
 
Respuesta ONUDC exportación de coca
Respuesta ONUDC exportación de cocaRespuesta ONUDC exportación de coca
Respuesta ONUDC exportación de coca
 
(SDD422) Amazon VPC Deep Dive | AWS re:Invent 2014
(SDD422) Amazon VPC Deep Dive | AWS re:Invent 2014(SDD422) Amazon VPC Deep Dive | AWS re:Invent 2014
(SDD422) Amazon VPC Deep Dive | AWS re:Invent 2014
 
AWS re:Invent 2016: Deep Dive on AWS Cloud Data Migration Services (ENT210)
AWS re:Invent 2016: Deep Dive on AWS Cloud Data Migration Services (ENT210)AWS re:Invent 2016: Deep Dive on AWS Cloud Data Migration Services (ENT210)
AWS re:Invent 2016: Deep Dive on AWS Cloud Data Migration Services (ENT210)
 
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer ToolsDevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
 
AWS re:Invent 2016: Creating Your Virtual Data Center: VPC Fundamentals and C...
AWS re:Invent 2016: Creating Your Virtual Data Center: VPC Fundamentals and C...AWS re:Invent 2016: Creating Your Virtual Data Center: VPC Fundamentals and C...
AWS re:Invent 2016: Creating Your Virtual Data Center: VPC Fundamentals and C...
 
From One to Many: Evolving VPC Design
From One to Many: Evolving VPC DesignFrom One to Many: Evolving VPC Design
From One to Many: Evolving VPC Design
 
AWS re:Invent 2016: Workshop: Adhere to the Principle of Least Privilege by U...
AWS re:Invent 2016: Workshop: Adhere to the Principle of Least Privilege by U...AWS re:Invent 2016: Workshop: Adhere to the Principle of Least Privilege by U...
AWS re:Invent 2016: Workshop: Adhere to the Principle of Least Privilege by U...
 
High Availability Application Architectures in Amazon VPC (ARC202) | AWS re:I...
High Availability Application Architectures in Amazon VPC (ARC202) | AWS re:I...High Availability Application Architectures in Amazon VPC (ARC202) | AWS re:I...
High Availability Application Architectures in Amazon VPC (ARC202) | AWS re:I...
 
AWS re:Invent 2016: Cloud agility and faster connectivity with AT&T NetBond a...
AWS re:Invent 2016: Cloud agility and faster connectivity with AT&T NetBond a...AWS re:Invent 2016: Cloud agility and faster connectivity with AT&T NetBond a...
AWS re:Invent 2016: Cloud agility and faster connectivity with AT&T NetBond a...
 
監査ログをもっと身近に!〜統合監査のすすめ〜
監査ログをもっと身近に!〜統合監査のすすめ〜監査ログをもっと身近に!〜統合監査のすすめ〜
監査ログをもっと身近に!〜統合監査のすすめ〜
 
AWS re:Invent 2016: [JK REPEAT] Deep Dive on Amazon EC2 Instances, Featuring ...
AWS re:Invent 2016: [JK REPEAT] Deep Dive on Amazon EC2 Instances, Featuring ...AWS re:Invent 2016: [JK REPEAT] Deep Dive on Amazon EC2 Instances, Featuring ...
AWS re:Invent 2016: [JK REPEAT] Deep Dive on Amazon EC2 Instances, Featuring ...
 
AWS re:Invent 2016: Reduce Your Blast Radius by Using Multiple AWS Accounts P...
AWS re:Invent 2016: Reduce Your Blast Radius by Using Multiple AWS Accounts P...AWS re:Invent 2016: Reduce Your Blast Radius by Using Multiple AWS Accounts P...
AWS re:Invent 2016: Reduce Your Blast Radius by Using Multiple AWS Accounts P...
 
AWS re:Invent 2016: Design Patterns for High Availability: Lessons from Amazo...
AWS re:Invent 2016: Design Patterns for High Availability: Lessons from Amazo...AWS re:Invent 2016: Design Patterns for High Availability: Lessons from Amazo...
AWS re:Invent 2016: Design Patterns for High Availability: Lessons from Amazo...
 
16 Topics For A Healthcare Blog
16 Topics For A Healthcare Blog16 Topics For A Healthcare Blog
16 Topics For A Healthcare Blog
 
Cloud Data Migration Strategies - AWS May 2016 Webinar Series
Cloud Data Migration Strategies - AWS May 2016 Webinar SeriesCloud Data Migration Strategies - AWS May 2016 Webinar Series
Cloud Data Migration Strategies - AWS May 2016 Webinar Series
 
Teaching Elephants to Dance (and Fly!) A Developer's Journey to Digital Trans...
Teaching Elephants to Dance (and Fly!) A Developer's Journey to Digital Trans...Teaching Elephants to Dance (and Fly!) A Developer's Journey to Digital Trans...
Teaching Elephants to Dance (and Fly!) A Developer's Journey to Digital Trans...
 
Gamification 101 session 1
Gamification 101 session 1Gamification 101 session 1
Gamification 101 session 1
 

More from Buurst

Three Strategies to Increase Performance for Your Applications in AWS.
Three Strategies to Increase Performance for Your Applications in AWS.Three Strategies to Increase Performance for Your Applications in AWS.
Three Strategies to Increase Performance for Your Applications in AWS.Buurst
 
Top Reasons to Partner with Buurst
Top Reasons to Partner with BuurstTop Reasons to Partner with Buurst
Top Reasons to Partner with BuurstBuurst
 
Three Ways to Slash your Enterprise Cloud Storage Cost
Three Ways to Slash your Enterprise Cloud Storage Cost Three Ways to Slash your Enterprise Cloud Storage Cost
Three Ways to Slash your Enterprise Cloud Storage Cost Buurst
 
Learn the new rules of cloud storage
Learn the new rules of cloud storageLearn the new rules of cloud storage
Learn the new rules of cloud storageBuurst
 
How to Guarantee High Performance for Application Data in the Cloud
How to Guarantee High Performance for Application Data in the CloudHow to Guarantee High Performance for Application Data in the Cloud
How to Guarantee High Performance for Application Data in the CloudBuurst
 
File Server and Storage Consolidation in the Cloud
File Server and Storage Consolidation in the CloudFile Server and Storage Consolidation in the Cloud
File Server and Storage Consolidation in the CloudBuurst
 
How to Reduce Public Cloud Storage Costs
How to Reduce Public Cloud Storage CostsHow to Reduce Public Cloud Storage Costs
How to Reduce Public Cloud Storage CostsBuurst
 
Make a Move to AWS Now
Make a Move to AWS Now Make a Move to AWS Now
Make a Move to AWS Now Buurst
 
Make a Move to the Azure Cloud with SoftNAS
Make a Move to the Azure Cloud with SoftNASMake a Move to the Azure Cloud with SoftNAS
Make a Move to the Azure Cloud with SoftNASBuurst
 
Consolidating File Servers into the Cloud
Consolidating File Servers into the CloudConsolidating File Servers into the Cloud
Consolidating File Servers into the CloudBuurst
 
12 Architectural Requirements for Protecting Business Data in the Cloud
12 Architectural Requirements for Protecting Business Data in the Cloud12 Architectural Requirements for Protecting Business Data in the Cloud
12 Architectural Requirements for Protecting Business Data in the CloudBuurst
 
Migrate Existing Applications to AWS without Re-engineering
Migrate Existing Applications to AWS without Re-engineeringMigrate Existing Applications to AWS without Re-engineering
Migrate Existing Applications to AWS without Re-engineeringBuurst
 
SoftNAS Cloud NAS vs. Basic File Services
SoftNAS Cloud NAS vs. Basic File ServicesSoftNAS Cloud NAS vs. Basic File Services
SoftNAS Cloud NAS vs. Basic File ServicesBuurst
 
SoftNAS Architecture on AWS
SoftNAS Architecture on AWSSoftNAS Architecture on AWS
SoftNAS Architecture on AWSBuurst
 
Implementing SoftNAS Cloud with Docker
Implementing SoftNAS Cloud with DockerImplementing SoftNAS Cloud with Docker
Implementing SoftNAS Cloud with DockerBuurst
 
How to Build Highly Available Shared Storage on Microsoft Azure
How to Build Highly Available Shared Storage on Microsoft AzureHow to Build Highly Available Shared Storage on Microsoft Azure
How to Build Highly Available Shared Storage on Microsoft AzureBuurst
 

More from Buurst (16)

Three Strategies to Increase Performance for Your Applications in AWS.
Three Strategies to Increase Performance for Your Applications in AWS.Three Strategies to Increase Performance for Your Applications in AWS.
Three Strategies to Increase Performance for Your Applications in AWS.
 
Top Reasons to Partner with Buurst
Top Reasons to Partner with BuurstTop Reasons to Partner with Buurst
Top Reasons to Partner with Buurst
 
Three Ways to Slash your Enterprise Cloud Storage Cost
Three Ways to Slash your Enterprise Cloud Storage Cost Three Ways to Slash your Enterprise Cloud Storage Cost
Three Ways to Slash your Enterprise Cloud Storage Cost
 
Learn the new rules of cloud storage
Learn the new rules of cloud storageLearn the new rules of cloud storage
Learn the new rules of cloud storage
 
How to Guarantee High Performance for Application Data in the Cloud
How to Guarantee High Performance for Application Data in the CloudHow to Guarantee High Performance for Application Data in the Cloud
How to Guarantee High Performance for Application Data in the Cloud
 
File Server and Storage Consolidation in the Cloud
File Server and Storage Consolidation in the CloudFile Server and Storage Consolidation in the Cloud
File Server and Storage Consolidation in the Cloud
 
How to Reduce Public Cloud Storage Costs
How to Reduce Public Cloud Storage CostsHow to Reduce Public Cloud Storage Costs
How to Reduce Public Cloud Storage Costs
 
Make a Move to AWS Now
Make a Move to AWS Now Make a Move to AWS Now
Make a Move to AWS Now
 
Make a Move to the Azure Cloud with SoftNAS
Make a Move to the Azure Cloud with SoftNASMake a Move to the Azure Cloud with SoftNAS
Make a Move to the Azure Cloud with SoftNAS
 
Consolidating File Servers into the Cloud
Consolidating File Servers into the CloudConsolidating File Servers into the Cloud
Consolidating File Servers into the Cloud
 
12 Architectural Requirements for Protecting Business Data in the Cloud
12 Architectural Requirements for Protecting Business Data in the Cloud12 Architectural Requirements for Protecting Business Data in the Cloud
12 Architectural Requirements for Protecting Business Data in the Cloud
 
Migrate Existing Applications to AWS without Re-engineering
Migrate Existing Applications to AWS without Re-engineeringMigrate Existing Applications to AWS without Re-engineering
Migrate Existing Applications to AWS without Re-engineering
 
SoftNAS Cloud NAS vs. Basic File Services
SoftNAS Cloud NAS vs. Basic File ServicesSoftNAS Cloud NAS vs. Basic File Services
SoftNAS Cloud NAS vs. Basic File Services
 
SoftNAS Architecture on AWS
SoftNAS Architecture on AWSSoftNAS Architecture on AWS
SoftNAS Architecture on AWS
 
Implementing SoftNAS Cloud with Docker
Implementing SoftNAS Cloud with DockerImplementing SoftNAS Cloud with Docker
Implementing SoftNAS Cloud with Docker
 
How to Build Highly Available Shared Storage on Microsoft Azure
How to Build Highly Available Shared Storage on Microsoft AzureHow to Build Highly Available Shared Storage on Microsoft Azure
How to Build Highly Available Shared Storage on Microsoft Azure
 

Recently uploaded

Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 

Recently uploaded (20)

Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 

Lessons Learned from 2,000 Amazon VPC Configurations

  • 1. Lessons Learned from 2,000 Amazon VPC Configurations EricOlson VP Engineering SoftNAS February 22, 2017
  • 2. Agenda © 2017 SoftNAS, Inc. 2 • What is aVirtual Private Cloud (VPC)? • 10 Lessons Learned • How SoftNAS UsesVPCs • SoftNASCloud Overview • Q&A
  • 3. We’ve Configured Over 2,000 AmazonVPCs
  • 4. © 2017 SoftNAS, Inc. 4 What is SoftNAS Cloud? • Powerful enterprise-class storage products for public, private and hybrid clouds • Easy to use – rapid time to value • Freedom from platform lock-in – Works with most popular cloud computing platforms • Amazon EC2®,VMware vSphere®, Microsoft® Azure™, CenturyLink Cloud® We believe in powerful, hassle-free storage
  • 6. 6 What is aVirtual Private Cloud (VPC)? • A virtual network dedicated to your AWS environment • Logically isolated from other virtual networks in the AWS cloud • A location for launchingAWS resources, such as Amazon EC2 instances, • Highly configurable virtual private network infrastructure – Set IP address range – Create subnets – Configure route tables – Define network gateways (VPN) (IGW) – Configure security settings/ACL © 2017 SoftNAS, Inc.
  • 7. © 2017 SoftNAS, Inc. 7 What is aVirtual Private Cloud? • Control – IP address ranges, how routing works.VPN access, subnet architecture • Security – Security Groups and ACL’s as well as routing rules • Features – Multiple NIC interfaces, static private IP’s,T2/M4/C4 and other instances only in VPC • Hybrid Cloud – Direct Connect can be leveraged to extend premise into AWS cloud • Networking Advantages – VPC peering – within your organization or to others – Endpoint flow logs help with troubleshooting
  • 8. © 2017 SoftNAS, Inc. 8 VPCTopology • AVPC is used in a single region but can be multi-AZ • Each subnet lives in a singleAZ • All subnets can route to each other by default • Network size can be set between a /16- /28 forVPC CIDR • Choose your IP prefix
  • 9. Accessing theVPC © 2017 SoftNAS, Inc. 9 • Gateways – Internet Gateway (IGW): ingress and egress Internet access – Virtual Private Gateway (VPG):AWS side ofVPN connection – Customer Gateway (CG): customer side of aVPN connection • VPNs – Direct Connect • Dedicated bandwidth toVPC – Hardware basedVPN • On-premises toAWS over Internet • MajorVPN vendors supported
  • 10. © 2017 SoftNAS, Inc. 10 AWSVPC Packet Flow VPC Router Subnet 1 10.0.0.0/24 Subnet 2 10.0.1.0/24 Subnet 3 10.0.2.0/24 Elastic network interface Instance B Instance A Instance C 10.0.0.197 10.0.0.211 10.0.1.99 10.0.2.176
  • 11. © 2017 SoftNAS, Inc. 11 AWSVPC Packet Flow Subnet 1 – 10.0.0.0/24 Instance A 10.0.0.197 Instance B 10.0.0.211 RoutingTable ARPTable Firewall Outbound Firewall Outbound Source / Dest Check Security Group Outbound Source / Dest Check Security Group Inbound
  • 12. © 2017 SoftNAS, Inc. 12 AWSVPC Packet Flow Instance B – 10.0.0.211 / 10.0.1.99 Subnet 1 Instance C – 10.0.2.176 Subnet 3Subnet 2 IP Routing Policy DB RteTbl 1 RteTbl 2 Firewall Outbound Src/Dst Check Sec Group Out RouteTable Net ACL Out Src/Dst Check Sec Group Out RouteTable Net ACL Out Firewall Inbound Src/Dst Check Sec Group In Net ACL In
  • 13. 10 Lessons Learned © 2017 SoftNAS, Inc.
  • 14. OrganizeYour AWS Environment © 2017 SoftNAS, Inc. 14 1. Use tagging (you will thank me later) 2. Plan your CIDR block carefully!! – Go bigger – not smaller – AWS reserves 5 IP addresses per subnet – Avoid overlappingCIDR – Save space for future expansion – You can never Add more IP’s to
  • 15. SubnetYourWay to Success © 2017 SoftNAS, Inc. 15 3. Control network properly 4. Define your subnet strategy 5. If your subnets are not associated to a specific route table then they are associated to the main route 6. Align subnets to tiers, if possible – DMZ/Proxy, ELB, App, DB 7. Set subnet permissions to private by default for everything – ELB filtering/monitoring in public – Use NAT to gain access to public networks – VPC peering for access to otherVPCs – Endpoints for access to services like S3
  • 16. ControlYour Access © 2017 SoftNAS, Inc. 16 8. Do not set default route to Internet Gateway 9. Use redundant NAT instances (size properly) – Some Cloud FormationTemplates exist to make this easier 10. Use IAM for access control – IAM can now be installed on a running instance  – Attach IAM role to existing EC2 instance
  • 17. How SoftNAS UsesVPCs © 2017 SoftNAS, Inc.
  • 18. High-AvailabilityArchitecture © 2017 SoftNAS, Inc. 18 • SNAP™ HA – Provides high availability seamless failover across zones – Leverages secure block replication with SoftNAS SnapReplicate • Recommended: SNAP HA in high-availability mode = 99.999% uptime
  • 19. Cross-Zone HA: AWS Elastic IP © 2017 SoftNAS, Inc. 19
  • 20. Cross-Zone HA: PrivateVirtual IP Addresses © 2017 SoftNAS, Inc. 20
  • 21. Common Mistakes © 2017 SoftNAS, Inc. 21 • Need to deploy 2 ENI on each SoftNAS instance • Both NIC’s need to be in the same subnet • Security groups not open to allow ICMP health check • No access to S3 either via NAT or endpoint • For Private HA aVIP IP must not be in the CIDR of theVPC
  • 22. SoftNAS Cloud Overview © 2017 SoftNAS, Inc.
  • 23. Flexible,AdaptableArchitecture LinuxVirtual Appliance ARCHITECTURE INTEGRATION DATA SERVICES • API and CLI • Cross data center • Cross-zone VPC • Easy administration • File gateway • HTML5Admin UI • Software filer • ZFS on Linux • AWS • Azure • CenturyLink cloud • CIFS w/ Active directory • FC SAN • iSCSI LUN • iSCSI SAN • NFS • S3 Objects • SSD • VMware vSphere • Block replication • Cloud disks • Compression • Inline deduplication • Instant snapshots • Multi-level caching • Storage pools • Thin provisioning • Writable SnapClones™ • Encryption © 2017 SoftNAS, Inc.
  • 25. Earn $100 AWS Credit! First 100 attendees to register ter.li/gky7u1 © 2017 SoftNAS, Inc.
  • 26. Try SoftNAS Cloud® Free for 30 Days onAWS 26 Learn More softnas.com/aws FreeTrial (30 Days) softnas.com/tryaws Contact Us softnas.com/contact Support softnas.com/helpdesk softnas.com/tryaws© 2017 SoftNAS, Inc.