Amazon Virtual Private Cloud

Last updated
Amazon Virtual Private Cloud
Original author(s) Amazon.com, Inc.
Developer(s) Amazon.com
Initial releaseSeptember 25, 2009;14 years ago (2009-09-25)
Operating system Microsoft Windows, Linux, FreeBSD
Available inEnglish
Type Virtual Private Server
License Proprietary software
Website aws.amazon.com/vpc/

Amazon Virtual Private Cloud (VPC) is a commercial cloud computing service that provides a virtual private cloud, by provisioning a logically isolated section of Amazon Web Services (AWS) Cloud. [1] Enterprise customers can access the Amazon Elastic Compute Cloud (EC2) over an IPsec based virtual private network. [2] [3] Unlike traditional EC2 instances which are allocated internal and external IP numbers by Amazon, the customer can assign IP numbers of their choosing from one or more subnets. [4]

Contents

Comparison to private clouds

Amazon Virtual Private Cloud aims to provide a service similar to private clouds using technology such as OpenStack or HPE Helion Eucalyptus. However, private clouds typically use technology such as OpenShift application hosting and various database systems. Cloud security experts warn that there can be compliance risks, such as a loss of control or service cancellation in using public resources [5] which do not exist with in-house systems. If transaction records are requested from Amazon about a VPC using a national security letter they may not be legally allowed to inform the customer of the breach of the security of their system. This would be true even if the actual VPC resources were in another country. [6] The API used by AWS is only partly compatible with that of HPE Helion Eucalyptus and is not compatible with other private cloud systems, so migration from AWS may be difficult. This has led to warnings of the possibility of a lock-in to a specific technology. [5]

IP Addressing

IP Addressing in Amazon Virtual Private Cloud (VPC) refers to the assignment of IP addresses to the resources within a VPC. VPC is Amazon Web Services (AWS) solution for providing isolated network environments for AWS resources. IP addresses in a VPC are used for communication between resources within the VPC, as well as for communication between the VPC and the Internet.

There are two types of IP addresses used in a VPC: private IP addresses and public IP addresses. Private IP addresses are used for communication between instances within the VPC, while public IP addresses are used for communication between the VPC and the Internet.

Amazon VPC provides several options for IP address management, including the use of IPv4 and IPv6 addresses, the automatic assignment of private IP addresses, and the ability to assign static private IP addresses. Additionally, Amazon VPC provides the option to associate Elastic IP addresses with instances to ensure persistent public IP addresses.

By using Amazon VPC, customers can have full control over the network configuration of their AWS resources, providing increased security and isolation compared to the traditional shared-tenancy model of public cloud computing.

Connectivity

AWS VPC allows users to connect to the Internet, a user's corporate data center, and other users' VPCs. [7]

Users can connect to the Internet by adding an Internet Gateway to their VPC, which assigns the VPC a public IPv4 Address. [8]

Users can connect to a data center by setting up a hardware virtual private network connection between the data center and the VPC. This connection allows the user to “interact with Amazon EC2 instances within a VPC as if they were within [the user's] existing network.” [7]

Users are also able to route traffic from one VPC to another VPC using private IP addresses and can communicate as if they were on the same network. Peering can be achieved by connecting a route between two VPCs on the same account or two VPCs on different accounts in the same region. VPC peering is a one-to-one connection, but users can connect to more than one VPC at a time. [9]

To achieve a one-to-many connection between VPCs, you can deploy a transit gateway (TGW). [10] [11] [12] In addition, you can connect your VPCs to your on-premise systems by employing the transit gateway.

Security

AWS VPC's security is two-fold: firstly, AWS VPC uses security groups as a firewall to control traffic at the instance level, while it also uses network access control lists as a firewall to control traffic at the subnet level. [13] As another measure of privacy, AWS VPC provides users with the ability to create "dedicated instances" on hardware, physically isolating the dedicated instances from non-dedicated instances and instances owned by other accounts. [14] [ non-primary source needed ] [15]

AWS VPC is free, with users only paying for the consumption of EC2 resources. However, if users choose to access VPC via a Virtual Private Network (VPN), there is a charge.

See also

Related Research Articles

<span class="mw-page-title-main">Amazon Web Services</span> On-demand cloud computing company

Amazon Web Services, Inc. (AWS) is a subsidiary of Amazon that provides on-demand cloud computing platforms and APIs to individuals, companies, and governments, on a metered, pay-as-you-go basis. Clients will often use this in combination with autoscaling. These cloud computing web services provide various services related to networking, compute, storage, middleware, IoT and other processing capacity, as well as software tools via AWS server farms. This frees clients from managing, scaling, and patching hardware and operating systems. One of the foundational services is Amazon Elastic Compute Cloud (EC2), which allows users to have at their disposal a virtual cluster of computers, with extremely high availability, which can be interacted with over the internet via REST APIs, a CLI or the AWS console. AWS's virtual computers emulate most of the attributes of a real computer, including hardware central processing units (CPUs) and graphics processing units (GPUs) for processing; local/RAM memory; Hard-disk(HDD)/SSD storage; a choice of operating systems; networking; and pre-loaded application software such as web servers, databases, and customer relationship management (CRM).

A virtual appliance is a pre-configured virtual machine image, ready to run on a hypervisor; virtual appliances are a subset of the broader class of software appliances. Installation of a software appliance on a virtual machine and packaging that into an image creates a virtual appliance. Like software appliances, virtual appliances are intended to eliminate the installation, configuration and maintenance costs associated with running complex stacks of software.

Cloud storage is a model of computer data storage in which data, said to be on "the cloud", is stored remotely in logical pools and is accessible to users over a network, typically the Internet. The physical storage spans multiple servers, and the physical environment is typically owned and managed by a cloud computing provider. These cloud storage providers are responsible for keeping the data available and accessible, and the physical environment secured, protected, and running. People and organizations buy or lease storage capacity from the providers to store user, organization, or application data.

<span class="mw-page-title-main">Amazon Elastic Compute Cloud</span> Cloud computing platform

Amazon Elastic Compute Cloud (EC2) is a part of Amazon.com's cloud-computing platform, Amazon Web Services (AWS), that allows users to rent virtual computers on which to run their own computer applications. EC2 encourages scalable deployment of applications by providing a web service through which a user can boot an Amazon Machine Image (AMI) to configure a virtual machine, which Amazon calls an "instance", containing any software desired. A user can create, launch, and terminate server-instances as needed, paying by the second for active servers – hence the term "elastic". EC2 provides users with control over the geographical location of instances that allows for latency optimization and high levels of redundancy. In November 2010, Amazon switched its own retail website platform to EC2 and AWS.

<span class="mw-page-title-main">Cloud computing</span> Form of shared Internet-based computing

Cloud computing is the on-demand availability of computer system resources, especially data storage and computing power, without direct active management by the user. Large clouds often have functions distributed over multiple locations, each of which is a data center. Cloud computing relies on sharing of resources to achieve coherence and typically uses a pay-as-you-go model, which can help in reducing capital expenses but may also lead to unexpected operating expenses for users.

Eucalyptus is a paid and open-source computer software for building Amazon Web Services (AWS)-compatible private and hybrid cloud computing environments, originally developed by the company Eucalyptus Systems. Eucalyptus is an acronym for Elastic Utility Computing Architecture for Linking Your Programs To Useful Systems. Eucalyptus enables pooling compute, storage, and network resources that can be dynamically scaled up or down as application workloads change. Mårten Mickos was the CEO of Eucalyptus. In September 2014, Eucalyptus was acquired by Hewlett-Packard and then maintained by DXC Technology. After DXC stopped developing the product in late 2017, AppScale Systems forked the code and started supporting Eucalyptus customers.

An Amazon Machine Image (AMI) is a special type of virtual appliance that is used to create a virtual machine within the Amazon Elastic Compute Cloud ("EC2"). It serves as the basic unit of deployment for services delivered using EC2.

<span class="mw-page-title-main">Virtual private cloud</span> Pool of shared resources allocated within a public cloud environment

A virtual private cloud (VPC) is an on-demand configurable pool of shared resources allocated within a public cloud environment, providing a certain level of isolation between the different organizations (denoted as users hereafter) using the resources. The isolation between one VPC user and all other users of the same cloud (other VPC users as well as other public cloud users) is achieved normally through allocation of a private IP subnet and a virtual communication construct (such as a VLAN or a set of encrypted communication channels) per user. In a VPC, the previously described mechanism, providing isolation within the cloud, is accompanied with a virtual private network (VPN) function (again, allocated per VPC user) that secures, by means of authentication and encryption, the remote access of the organization to its VPC resources. With the introduction of the described isolation levels, an organization using this service is in effect working on a 'virtually private' cloud (that is, as if the cloud infrastructure is not shared with other users), and hence the name VPC.

Amazon Relational Database Service is a distributed relational database service by Amazon Web Services (AWS). It is a web service running "in the cloud" designed to simplify the setup, operation, and scaling of a relational database for use in applications. Administration processes like patching the database software, backing up databases and enabling point-in-time recovery are managed automatically. Scaling storage and compute resources can be performed by a single API call to the AWS control plane on-demand. AWS does not offer an SSH connection to the underlying virtual machine as part of the managed service.

<span class="mw-page-title-main">OpenNebula</span> Cloud-computing platform for managing heterogeneous distributed infrastructure

OpenNebula is an open source cloud computing platform for managing heterogeneous data center, public cloud and edge computing infrastructure resources. OpenNebula manages on-premises and remote virtual infrastructure to build private, public, or hybrid implementations of Infrastructure as a Service and multi-tenant Kubernetes deployments. The two primary uses of the OpenNebula platform are data center virtualization and cloud deployments based on the KVM hypervisor, LXD/LXC system containers, and AWS Firecracker microVMs. The platform is also capable of offering the cloud infrastructure necessary to operate a cloud on top of existing VMware infrastructure. In early June 2020, OpenNebula announced the release of a new Enterprise Edition for corporate users, along with a Community Edition. OpenNebula CE is free and open-source software, released under the Apache License version 2. OpenNebula CE comes with free access to patch releases containing critical bug fixes but with no access to the regular EE maintenance releases. Upgrades to the latest minor/major version is only available for CE users with non-commercial deployments or with significant open source contributions to the OpenNebula Community. OpenNebula EE is distributed under a closed-source license and requires a commercial Subscription.

A cloud database is a database that typically runs on a cloud computing platform and access to the database is provided as-a-service. There are two common deployment models: users can run databases on the cloud independently, using a virtual machine image, or they can purchase access to a database service, maintained by a cloud database provider. Of the databases available on the cloud, some are SQL-based and some use a NoSQL data model.

Amazon Route 53 is a scalable and highly available Domain Name System (DNS) service. Released on December 5, 2010, it is part of Amazon.com's cloud computing platform, Amazon Web Services (AWS). The name is a possible reference to U.S. Routes, and "53" is a reference to the TCP/UDP port 53, where DNS server requests are addressed. In addition to being able to route users to various AWS services, including EC2 instances, Route 53 also enables AWS customers to route users to non-AWS infrastructure and to monitor the health of their application and its endpoints. Route 53's servers are distributed throughout the world. Amazon Route 53 supports full, end-to-end DNS resolution over IPv6. Recursive DNS resolvers on IPv6 networks can use either IPv4 or IPv6 transport to send DNS queries to Amazon Route 53.

Google Compute Engine (GCE) is the Infrastructure as a Service (IaaS) component of Google Cloud Platform which is built on the global infrastructure that runs Google's search engine, Gmail, YouTube and other services. Google Compute Engine enables users to launch virtual machines (VMs) on demand. VMs can be launched from the standard images or custom images created by users. GCE users must authenticate based on OAuth 2.0 before launching the VMs. Google Compute Engine can be accessed via the Developer Console, RESTful API or command-line interface (CLI).

<span class="mw-page-title-main">HP Cloud</span> Set of cloud computing services

HP Cloud was a set of cloud computing services available from Hewlett-Packard. It was the combination of the previous HP Converged Cloud business unit and HP Cloud Services, an OpenStack-based public cloud. It was marketed to enterprise organizations to combine public cloud services with internal IT resources to create hybrid clouds, or a mix of private and public cloud environments, from around 2011 to 2016.

<span class="mw-page-title-main">VNS3</span>

VNS3 is a software-only virtual appliance that allows users to control access and network topology and secure data in motion across public and private clouds. VNS3 is a virtual router, switch, firewall, protocol re-distributor, and SSL/IPSec VPN concentrator. The Network Virtualization Software creates a customer-controlled overlay network over top of the underlying network backbone.

Autoscaling, also spelled auto scaling or auto-scaling, and sometimes also called automatic scaling, is a method used in cloud computing that dynamically adjusts the amount of computational resources in a server farm - typically measured by the number of active servers - automatically based on the load on the farm. For example, the number of servers running behind a web application may be increased or decreased automatically based on the number of active users on the site. Since such metrics may change dramatically throughout the course of the day, and servers are a limited resource that cost money to run even while idle, there is often an incentive to run "just enough" servers to support the current load while still being able to support sudden and large spikes in activity. Autoscaling is helpful for such needs, as it can reduce the number of active servers when activity is low, and launch new servers when activity is high. Autoscaling is closely related to, and builds upon, the idea of load balancing.

<span class="mw-page-title-main">AWS Lambda</span> Serverless computing platform

AWS Lambda is an event-driven, serverless computing platform provided by Amazon as a part of Amazon Web Services. It is designed to enable developers to run code without provisioning or managing servers. It executes code in response to events and automatically manages the computing resources required by that code. It was introduced on November 13, 2014.

This is a timeline of Amazon Web Services, which offers a suite of cloud computing services that make up an on-demand computing platform.

Amazon Neptune is a managed graph database product published by Amazon.com. It is used as a web service and is part of Amazon Web Services (AWS). It was announced on November 29, 2017. Amazon Neptune supports popular graph models property graph and W3C's RDF, and their respective query languages Apache TinkerPop's Gremlin, openCypher, and SPARQL, including other Amazon Web Services products.

Self-hosting is the practice of running and maintaining a website or service using a private web server, instead of using a service outside of someone's own control. Self-hosting allows users to have more control over their data, privacy, and computing infrastructure, as well as potentially saving costs and improving skills.

References

  1. "Amazon Virtual Private Cloud (VPC)". Amazon Web Services, Inc.
  2. "Amazon to soothe Enterprise fears with Virtual Private Cloud". arstechnica.com. 27 August 2009.
  3. "Latest Topics - ZDNet". ZDNet. Archived from the original on 2009-10-05. Retrieved 2009-08-28.
  4. "Amazon Integrates With Datacenter Using Private Clouds". PCWorld. 26 August 2009.[ permanent dead link ]
  5. 1 2 John R. Vacca (2012-11-05), Computer and Information Security Handbook, Newnes, p. 99, ISBN   9780123946126
  6. Whittaker, Zack. "Microsoft admits Patriot Act can access EU-based cloud data | ZDNet". ZDNet. Retrieved 2018-07-05.
  7. 1 2 "Amazon VPC FAQs". Amazon Web Services, Inc.
  8. "Internet Gateways - Amazon Virtual Private Cloud". docs.aws.amazon.com.
  9. "VPC Peering - Amazon Virtual Private Cloud". docs.aws.amazon.com.
  10. "AWS Transit Gateway". Amazon Web Services, Inc. Retrieved 2021-04-19.
  11. "What is a transit gateway? - Amazon Virtual Private Cloud". docs.aws.amazon.com.
  12. "Acc to success net worth" . Retrieved 11 March 2024.
  13. "Amazon Virtual Private Cloud Security" (PDF). uci.edu.
  14. "Dedicated Instances - Amazon Elastic Compute Cloud". docs.aws.amazon.com.
  15. "How AWS VPC Traffic Mirroring works | TechTarget". SearchAWS. Retrieved 2023-10-05.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.