This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
James Fogerson – Sr. Solution Architect, Robert Half
November 29, 2016
Hybrid Architecture DesignConnecting Your On-Premises Workloads
to the Cloud
Should I migrate everything to AWS?
No, this is more than a binary choice.
On-Premises Cloud
Should I migrate everything to AWS?
We just need to figure out the connectivity…
On-Premises Cloud?
Hybrid networkingOr more commonly referred to as… networking.
Instance A
10.1.1.11/24Instance B
10.1.2.11/24
Managed
NAT GatewayAWS Lambda
inside VPC
AWS networking
Lets get distracted by new
things:
Virtual Private Endpoints for S3
Gives you the ability to connect
privately to S3
AWS Lambda inside a VPC
Access Lambda without having to go
through a VGW
NAT Gateway
Use NAT gateway within a VPC for
manage NAT to the Internet
Availability Zone A Availability Zone B
Instance C
10.1.3.33/24
Public SubnetPublic Subnet
Private Subnet Private Subnet
Instance D
10.1.4.44/24
VPC CIDR 10.1.0.0/16
Connecting to AWSIGWs, VGWs, VPNs, and AWS Direct Connect
On-Premises
VPN connectivityProvisioning VPN connections
1. Build your AWS infrastructure
2. Create your Virtual Private Gateway (VGW) and attach to
your Virtual Private Cloud (VPC)
3. Define your customer gateway (CGW)
4. Create your VPN connection between the VGW and CGW
5. Download your template configuration
6. Configure your CGW and watch your tunnels come up and
enjoy encrypted connectivity!
Internet Access
IPsec Tunnel 1 - Primary
IPsec Tunnel 2- Secondary
The Internet
! Amazon Web Services! Virtual Private Cloud
! AWS utilizes unique identifiers to manipulate the configuration of ! a VPN Connection. Each VPN Connection is assigned an identifier and is ! associated with two other identifiers, namely the ! Customer Gateway Identifier and Virtual Private Gateway Identifier.!! Your VPN Connection ID : vpn-52cd203b! Your Virtual Private Gateway ID : vgw-9c987bf5! Your Customer Gateway ID : cgw-c39d7eaa!!! This configuration consists of two tunnels. Both tunnels must be ! configured on your Customer Gateway.!!!!!! --------------------------------------------------------------------------------! IPSec Tunnel #1
Sample VPN configuration
AWS Direct Connect – Provisioning
on-premises
Colocation Facility – e.g. Equinix SV1
Private VIF
Public VIF
VLAN B
VLAN A
AWS Direct
Connect POP
Customer or
Partner Cage
1. Build your AWS infrastructure
2. Create your Virtual Private Gateway (VGW)
and attach to your Virtual Private Cloud (VPC)
3. Order an AWS Direct Connect from the
console or through a Direct Connect Partner
4. Have your cross connect provisioned from the
AWS router to your device or your partners
device (or use a partners NNI)
5. Build connectivity if not already available
through partner back to on-premises
6. Provision your Virtual interfaces (private or
public) and start using your AWS Direct
Connect.
Service Provider
Network
+ More
Common hybrid use casesWhat kind of hybrid architectures can we build?
Customer-facing applications
External apps
on AWS
Scalability and Elasticity
Auto Scaling infrastructure to required
capacity and match spending to
actual utilization
High Availability
Application deployments that span
across multiple facilities with
adequate load balancing
Global Reach
Highly available global services on
edge locations across the world
Maintainability
Fully managed service portfolio for
most common application components
DNS CDN Load B. Load B.Front App Back end Database