SlideShare uma empresa Scribd logo

打破時空藩籬-輕鬆存取您的雲端工作負載

Amazon Web Services
Amazon Web Services

Access Your Cloud Workloads From Anywhere 打破時空藩籬,輕鬆存取您的雲端工作負載 Level: 300, 中文演講 講師: Bruce Wang, Solutions Architect, AWS 在這堂議程中,您將學習到如何運用 AWS 網路服務 (Networking services) 為網際網路、虛擬私有雲 (VPC) 連結以及混合雲建立高可用性且可靠的網路架構。 聯繫銷售: https://aws.amazon.com/tw/contact-us/ 與銷售線上聊天: https://pages.awscloud.com/tw-hkt-sales-chat.html

1 de 38
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Access Your Cloud Workloads From Anywhere Bruce Wang Partner Solutions Architect Amazon Web Services
What to expect from this session You will learn how to integrate variety of AWS networking services to build a reliable and scalable architecture in three common cloud access scenarios. Access from internet Access from other VPCs Access from your on-premises S U M M I T
Access from Internet S U M M I T workloads INTERNET
Public subnet Our starting point AWS Cloud Availability Zone 1 VPC Instance Internet Gateway Elastic IP Route 53 DNS query User S U M M I T
Private subnet Private subnet Auto-Scaling and Load Balancing in VPC VPC AWS Cloud Availability Zone 1 Instance Internet Gateway Availability Zone 2 Instance Application Load Balancing Route 53 DNS query (CNAME/ALIAS) Auto-Scaling UsersUser S U M M I T
Elastic Load Balancing security tools S U M M I T
Private subnet Private subnet Global reachability VPC AWS Cloud Availability Zone 1 Instance Internet Gateway Availability Zone 2 Instance Application Load Balancing Route 53 CloudFront Edge Location DNS query (CNAME/ALIAS) Users Auto-scaling S U M M I T
Private subnet Private subnet Secure your web applications VPC AWS Cloud Availability Zone 1 Instance Internet Gateway Availability Zone 2 Instance Application Load Balancing Route 53 CloudFront Edge Location DNS query Web Application Firewall Hackers Users SQL Injection WAF Managed Rule Auto-scaling S U M M I T
Private subnet Private subnet VPC AWS Cloud Availability Zone 1 Instance Internet Gateway Availability Zone 2 Instance Application Load Balancing Route 53 CloudFront Edge Location DNS query Web Application Firewall DDoS Users Shield Advance Auto-scaling DDoS Mitigation S U M M I T
Private subnet Private subnet I have a TCP service (non-http/s) VPC AWS Cloud Availability Zone 1 Instance Internet Gateway Availability Zone 2 Instance Network Load Balancing Route 53 DNS query Shield Advance Global Accelerator Auto-scaling Users Application Load Balancing CloudFront Edge Location Static anycast IP TCP S U M M I T
I run UDP based games Public subnet Public subnet VPC AWS Cloud Availability Zone 1 Instance Internet Gateway Availability Zone 2 Instance Network Load Balancing Route 53 DNS query Shield Advance Global Accelerator Auto-scaling Users Static anycast IP EIP EIP UDP S U M M I T
Local ISP Network A B C D E F Access Application! Accessing your application is not this straightforward!It can take many networks to reach the application Paths to and from the application may differ Each hop impacts performance and can introduce risk Introducing AWS Global Accelerator S U M M I T
Local ISP AWS Network Accessing your web applications with AWS Global Accelerator Adding AWS Global Accelerator removes these inefficiencies Leverages the Global AWS Network Resulting in improved performance S U M M I T
How fixed IP address helps Migration between endpoint types Whitelisting of IP addresses in security applications Scaling of applications to new AWS Regions or AZs Stack upgrades and performance testing No client facing changes S U M M I T
Access from other VPCs S U M M I T
VPC to VPC VPCVPC Region VPC Peering VPCVPC Region1 Inter-region VPC Peering Region2 Region1 Region2 vRouter w/ EIP vRouter w/ EIPVPN Connection Region1 Region2 vRouter w/ EIP VPN Connection VPN Gateway S U M M I T
VPC to VPCs – VPC peering Pros • AWS managed service • Easy to deploy • Inter-region support • Security groups across VPCs • Private DNS name support • Encryption (inter-region) Cons • Do not support transitive routing • 125 peering connection per VPC • Max. full-mesh VPCs: 14 ( limit of VPC route table ) VPC Peering PROD DEV TEST SEC Shared Services X S U M M I T
VPC to VPCs – Transit VPC Pros • Scalable for VPC expanding • Central routing control • East-west routing • Automation with partners solution • Cross account • Encryption Cons • Bandwidth constrained • Complex management • Instance and licensing costs Transit VPC Virtual Private Gateway IPSec Tunnel Software Router/Firewall I want to run full-mesh connectivity between all VPCs AZ 1 AZ 2 VPC 1 VPC 10 VPC N VPC N+1 S U M M I T
VPC to VPCs – AWS PrivateLink Benefits • Highly scalable • Support overlapping CIDRs • Support all TCP based services • All traffic is transmitted privately • Three types of services accessible over PrivateLink  AWS Services  Customer hosted internal services  3rd Party services (SaaS) Network Load Balancing I need to solve the issue of IP overlap Interface endpoint 10.1.1.0/24 10.1.1.0/24 10.1.1.0/24 10.1.1.0/24 PrivateLink endpoint service AZ 1 AZ 2 10.1.1.0/24 Unidirectional access only S U M M I T
VPC to VPCs – AWS PrivateLink Can I provide my services in different region? Service provider Inter-region VPC Peering Service VPC Network Load Balancing 10.1.1.0/24 10.1.1.0/24 10.1.1.0/24 10.1.1.0/24 PrivateLink endpoint service 10.1.1.0/24 Region 1 Region 2Region 3 Inter-region VPC Peering Service consumer Interface endpoint Network Load Balancing PrivateLink endpoint service Service provider Region 1 S U M M I T
VPCs to VPCs – before AWS re:Invent 2018 Transit VPC Virtual Private Gateway IPSec Tunnel Software Router/Firewall AZ 1 AZ 2 VPC 1 VPC 10 VPC N VPC N+1 Performance constrained Complex management Instance and licensing costs S U M M I T
AWS Transit Gateway AWS Transit Gateway radically evolved and simplified cloud networking. Using Transit Gateway, we reduced the time to interconnect new VPCs and on-premise networks from weeks to minutes while attaining consistent and more reliable network performance! Khoder Shamy, Director, Cloud Platform and Infrastructure, Fuze “ ” S U M M I T
VPCs to VPCs – after AWS re:Invent 2018 Benefits • Highly scalable ~ 5000 attachments • High performance ~50Gbps per VPC • Many-to-many or one-to-many • Routing domain segmentation • Site-to-site VPN with ECMP • Direct Connect Gateway support Routing domain AWS Transit Gateway Transit Gateway EN I EN I AZ 1 AZ 2 10.1.0.0/16 EN I EN I AZ 1 AZ 2 10.2.0.0/16 EN I EN I AZ 1 AZ 2 10.3.0.0/16 EN I EN I AZ 1 AZ 2 Shared services 10.4.0.0/16 VPC Attachment VPC Route Table Route Destination 10.4.0.0/16 Local 10.0.0.0/8 tgw-xxxxxxxxx VPC Route Table Route Destination 10.3.0.0/16 Local 10.0.0.0/8 tgw-xxxxxxxxx Transit Gateway Route Table Route Destination 10.1.0.0/16 vpc-att-1xxxxxxx 10.2.0.0/16 vpc-att-2xxxxxxx 10.3.0.0/16 vpc-att-3xxxxxxx 10.4.0.0/16 vpc-att-4xxxxxxx S U M M I T
VPCs to VPCs – VPC Segmentation AWS Transit Gateway Transit Gateway EN I EN I AZ 1 AZ 2 10.1.0.0/16 EN I EN I AZ 1 AZ 2 10.2.0.0/16 EN I EN I AZ 1 AZ 2 10.3.0.0/16 EN I EN I AZ 1 AZ 2 Shared services 10.4.0.0/16 VPC Attachment VPC Route Table Route Destination 10.4.0.0/16 Local 10.0.0.0/8 tgw-xxxxxxxxx VPC Route Table Route Destination 10.3.0.0/16 Local 10.0.0.0/8 tgw-xxxxxxxxx Transit Gateway Route Table Route Destination 10.4.0.0/16 vpc-att-4xxxxxxx VPC Shared services Transit Gateway Route Table Route Destination 10.1.0.0/16 vpc-att-1xxxxxxx 10.2.0.0/16 vpc-att-2xxxxxxx 10.3.0.0/16 vpc-att-3xxxxxxx 10.4.0.0/16 vpc-att-4xxxxxxx VPC Route Table Route Destination 10.1.0.0/16 Local 10.0.0.0/8 tgw-xxxxxxxxx No route entry for 10.2.0.0/16 S U M M I T
Access from on-premises S U M M I T
Virtual Private Gateway Pros • Cost effective • Easy install, minutes to set up • Support static routing and BGP • VPN Gateway is managed service Cons • Bandwidth constrained (up to 1.25G) • Hard to manage • Repeat for every VPC • No ECMP support Corporate data center Customer Gateway VPN Gateway Corporate data center Customer Gateway VPN Gateway2 VPN Connections 4 VPN tunnels Create two customer gateways for high availability 1 VPN Connection 2 VPN tunnels The VPN tunnels are active/standby by default, you configure BGP attributes for active/active. S U M M I T
AWS Direct Connect Pros • Consistent networking performance • LAG support(1Gbps * 4) • Lower data transfer charges • BGP routing policy (AS path, BGP communities) Cons • Lead time could take weeks • Local loop monthly charges • Single region only AWS DX Router Local loop VGW associated Private VIF 1 VPN Gateway 10.1.0.0/16 Corporate data center Customer Router 172.16.0.0/16 172.16.0.0/16 10.1.0.0/16 AWS DX Router Private VIF 2 AS prepend S U M M I T
AWS Direct Connect + VPN backup AWS DX Router Local loop VGW associated Private VIF 1 VPN Gateway 10.1.0.0/16 Corporate data center Customer Router 172.16.0.0/16 172.16.0.0/16 AWS DX Router Private VIF 2 1 Connection 2 VPN tunnels 172.16.0.0/16 AS prepend AWS routing preference • 1st – local route to the VPC • 2nd – longest prefix match • 3rd – static route preferred over dynamic • 4th – dynamic routes • prefer DX BGP routes • VPN static routes • BGP routes from VPN 172.16.0.0/16 S U M M I T
Before Direct Connect Gateway Access multiple VPCs in different regions VGW Region1 One VIF per VPC Hard to manage Multiple BGP sessions Max. of 50 VIFs per DX AWS DX Router VGW associatedCorporate data center Customer Router 172.16.0.0/16 VGW Region2 AWS DX Router VGW associated VGW Region3 AWS DX Router VGW associated S U M M I T
After Direct Connect Gateway Access multiple VPCs in different regions Region1 DX Gateway disallowed path • Private VIF to Private VIF • VGW to VGW • Private VIF to VPN AWS DX Router VGW associatedCorporate data center Customer Router 172.16.0.0/16 Region2 AWS DX Router VGW associated Region3 AWS DX Router VGW associated Private VIF Direct Connect Gateway 10.1.0.0/16 10.2.0.0/16 10.3.0.0/16 10.1.0.0/16 10.2.0.0/16 10.3.0.0/16 172.16.0.0/16 VGW associated VGW associated VGW associated DX Gateway limits • 200 DX Gateways per account • 30 VIF attachments per DXG • 10 VGW associations per DXG S U M M I T
Direct Connect Gateway with TGW Transit Gateway EN I EN I AZ 1 AZ 2 10.1.0.0/16 EN I EN I AZ 1 AZ 2 10.2.0.0/16 EN I EN I AZ 1 AZ 2 10.3.0.0/16 EN I EN I AZ 1 AZ 2 Shared services 10.4.0.0/16 VPC Attachment VPC Route Table Route Destination 10.3.0.0/16 Local 10.0.0.0/8 tgw-xxxxxxxxx 172.16.0.0/16 tgw-xxxxxxxxx Transit Gateway Route Table Route Destination 10.4.0.0/16 vpc-att-4xxxxxxx 172.16.0.0/16 dxg-att-5xxxxxxx VPC Shared services Transit Gateway Route Table Route Destination 10.1.0.0/16 vpc-att-1xxxxxxx 10.2.0.0/16 vpc-att-2xxxxxxx 10.3.0.0/16 vpc-att-3xxxxxxx 10.4.0.0/16 vpc-att-4xxxxxxx 172.16.0.0/16 dxg-att-5xxxxxxx Corporate data center Customer Router 172.16.0.0/16 DX location Transit VIF VPC Route Table Route Destination 10.3.0.0/16 Local 10.0.0.0/8 tgw-xxxxxxxxx 172.16.0.0/16 tgw-xxxxxxxxx VPC Route Table Route Destination 10.3.0.0/16 Local 10.0.0.0/8 tgw-xxxxxxxxx 172.16.0.0/16 tgw-xxxxxxxxx DX Gateway S U M M I T
Site–to-site VPN with TGW Transit Gateway EN I EN I AZ 1 AZ 2 10.1.0.0/16 EN I EN I AZ 1 AZ 2 10.2.0.0/16 EN I EN I AZ 1 AZ 2 10.3.0.0/16 EN I EN I AZ 1 AZ 2 Shared services 10.4.0.0/16 VPC Attachment VPC Shared services Corporate data center Customer Router 172.16.0.0/16 DX location Transit VIF DX Gateway Benefits • Consolidate VPN at the Transit Gateway (TGW) • ECMP support with BGP multi- path (1.25 * 8 = 10Gbps) • 50Gbps throughput • Support full-mesh between all attached networks (on- premises behind DX, on- premises behind VPN and VPC) Branch office 172.17.0.0/16 Customer Router S U M M I T
Client VPN S U M M I T
Access your cloud workloads from anywhere OpenVPN Tunnel AWS AD Client VPN Endpoints Transit Gateway EN I EN I AZ 1 AZ 2 10.1.0.0/16 EN I EN I AZ 1 AZ 2 10.2.0.0/16 EN I EN I AZ 1 AZ 2 10.3.0.0/16 AZ 1 AZ 2 Shared services 10.4.0.0/16 VPC Attachment VPC Shared services Corporate data center Customer Router 172.16.0.0/16 DX location Transit VIF DX Gateway Branch office 172.17.0.0/16 Customer Router AWS AD VPN ENI VPN ENI TGW-RT Shared service Route Destination 10.1.0.0/16 vpc-att-1xxxxxxx 10.2.0.0/16 vpc-att-2xxxxxxx 10.3.0.0/16 vpc-att-3xxxxxxx 10.4.0.0/16 vpc-att-4xxxxxxx 172.16.0.0/16 dxg-att-5xxxxxxx VPC Route Table Route Destination 10.3.0.0/16 Local 10.0.0.0/8 tgw-xxxxxxxxx 172.16.0.0/16 tgw-xxxxxxxxx TGW-RT VPC Route Destination 10.4.0.0/16 vpc-att-4xxxxxxx 172.16.0.0/16 dxg-att-5xxxxxxx SSH 10.1.0.1 S U M M I T
Hybrid DNS architecture OpenVPN Tunnel AWS AD Client VPN Endpoints Transit Gateway EN I EN I AZ 1 AZ 2 10.1.0.0/16 AZ 1 AZ 2 Shared services 10.4.0.0/16 VPC Shared services Corporate data center Router 172.16.0.0/16 DX location Transit VIF DX Gateway AWS AD VPN ENI VPN ENI access ssh.abc.com Route 53 Private Hosted Zone ssh.abc.com - 10.1.0.1 Inbound Resolver 10.4.1.2/10.4.2.2 Outbound Resolve 10.4.1.3/10.4.2.3 Outbound rule example.com  172.16.1.2 DNS Resolver DNS Resolver DNS 172.16.1.2 DNS query ssh.abc.com Inbound Resolver 10.4.1.2/10.4.2.2 Private Hosted Zone DNS reply 10.1.0.1 www.example.com 172.16.1.10 Outbound Resolver 10.4.1.3/10.4.2.3 DNS query www.example.com DNS 172.16.1.2 DNS reply 172.16.1.10 S U M M I T
Route 53 Resolver Managed DNS resolver service from Route 53 Enables hybrid DNS resolution over Direct Connect and VPN Create conditional forwarding rules to re-direct query traffic S U M M I T
Hybrid connectivity solutions S U M M I T Transit Gateway
Thank you! S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Bruce Wang ykwang@amazon.com

Recomendados

打破時空藩籬,輕鬆存取您的雲端工作負載
打破時空藩籬,輕鬆存取您的雲端工作負載打破時空藩籬,輕鬆存取您的雲端工作負載
打破時空藩籬,輕鬆存取您的雲端工作負載Amazon Web Services
 
Building-Modern-Distributed-Applications
Building-Modern-Distributed-ApplicationsBuilding-Modern-Distributed-Applications
Building-Modern-Distributed-ApplicationsAmazon Web Services
 
AWS App Mesh (Service Mesh Magic)- AWS Container Day 2019 Barcelona
AWS App Mesh (Service Mesh Magic)- AWS Container Day 2019 BarcelonaAWS App Mesh (Service Mesh Magic)- AWS Container Day 2019 Barcelona
AWS App Mesh (Service Mesh Magic)- AWS Container Day 2019 BarcelonaAmazon Web Services
 
Modern-Application-Design-with-Amazon-ECS
Modern-Application-Design-with-Amazon-ECSModern-Application-Design-with-Amazon-ECS
Modern-Application-Design-with-Amazon-ECSAmazon Web Services
 
Essential capabilities behind Microservices
Essential capabilities behind MicroservicesEssential capabilities behind Microservices
Essential capabilities behind MicroservicesAmazon Web Services
 
Modernizing legacy applications with Amazon EKS - MAD301 - Chicago AWS Summit
Modernizing legacy applications with Amazon EKS - MAD301 - Chicago AWS SummitModernizing legacy applications with Amazon EKS - MAD301 - Chicago AWS Summit
Modernizing legacy applications with Amazon EKS - MAD301 - Chicago AWS SummitAmazon Web Services
 
Accelerating your cloud migration with VMware Cloud on AWS - CMP205 - Chicago...
Accelerating your cloud migration with VMware Cloud on AWS - CMP205 - Chicago...Accelerating your cloud migration with VMware Cloud on AWS - CMP205 - Chicago...
Accelerating your cloud migration with VMware Cloud on AWS - CMP205 - Chicago...Amazon Web Services
 
Automatically scaling your Kubernetes workloads - SVC210-S - Santa Clara AWS ...
Automatically scaling your Kubernetes workloads - SVC210-S - Santa Clara AWS ...Automatically scaling your Kubernetes workloads - SVC210-S - Santa Clara AWS ...
Automatically scaling your Kubernetes workloads - SVC210-S - Santa Clara AWS ...Amazon Web Services
 

Recomendados

打破時空藩籬,輕鬆存取您的雲端工作負載
打破時空藩籬,輕鬆存取您的雲端工作負載打破時空藩籬,輕鬆存取您的雲端工作負載
打破時空藩籬,輕鬆存取您的雲端工作負載Amazon Web Services
 
Building-Modern-Distributed-Applications
Building-Modern-Distributed-ApplicationsBuilding-Modern-Distributed-Applications
Building-Modern-Distributed-ApplicationsAmazon Web Services
 
AWS App Mesh (Service Mesh Magic)- AWS Container Day 2019 Barcelona
AWS App Mesh (Service Mesh Magic)- AWS Container Day 2019 BarcelonaAWS App Mesh (Service Mesh Magic)- AWS Container Day 2019 Barcelona
AWS App Mesh (Service Mesh Magic)- AWS Container Day 2019 BarcelonaAmazon Web Services
 
Modern-Application-Design-with-Amazon-ECS
Modern-Application-Design-with-Amazon-ECSModern-Application-Design-with-Amazon-ECS
Modern-Application-Design-with-Amazon-ECSAmazon Web Services
 
Essential capabilities behind Microservices
Essential capabilities behind MicroservicesEssential capabilities behind Microservices
Essential capabilities behind MicroservicesAmazon Web Services
 
Modernizing legacy applications with Amazon EKS - MAD301 - Chicago AWS Summit
Modernizing legacy applications with Amazon EKS - MAD301 - Chicago AWS SummitModernizing legacy applications with Amazon EKS - MAD301 - Chicago AWS Summit
Modernizing legacy applications with Amazon EKS - MAD301 - Chicago AWS SummitAmazon Web Services
 
Accelerating your cloud migration with VMware Cloud on AWS - CMP205 - Chicago...
Accelerating your cloud migration with VMware Cloud on AWS - CMP205 - Chicago...Accelerating your cloud migration with VMware Cloud on AWS - CMP205 - Chicago...
Accelerating your cloud migration with VMware Cloud on AWS - CMP205 - Chicago...Amazon Web Services
 
Automatically scaling your Kubernetes workloads - SVC210-S - Santa Clara AWS ...
Automatically scaling your Kubernetes workloads - SVC210-S - Santa Clara AWS ...Automatically scaling your Kubernetes workloads - SVC210-S - Santa Clara AWS ...
Automatically scaling your Kubernetes workloads - SVC210-S - Santa Clara AWS ...Amazon Web Services
 
如何成功的完成混合雲遷移專案
如何成功的完成混合雲遷移專案如何成功的完成混合雲遷移專案
如何成功的完成混合雲遷移專案Amazon Web Services
 
從業人員指南-如何像技術專家一樣守護您的雲端安全
從業人員指南-如何像技術專家一樣守護您的雲端安全從業人員指南-如何像技術專家一樣守護您的雲端安全
從業人員指南-如何像技術專家一樣守護您的雲端安全Amazon Web Services
 
Exploring the fundamentals of AWS networking - SVC211 - New York AWS Summit
Exploring the fundamentals of AWS networking - SVC211 - New York AWS SummitExploring the fundamentals of AWS networking - SVC211 - New York AWS Summit
Exploring the fundamentals of AWS networking - SVC211 - New York AWS SummitAmazon Web Services
 
AWS networking fundamentals - SVC303 - Santa Clara AWS Summit
AWS networking fundamentals - SVC303 - Santa Clara AWS SummitAWS networking fundamentals - SVC303 - Santa Clara AWS Summit
AWS networking fundamentals - SVC303 - Santa Clara AWS SummitAmazon Web Services
 
.NET on AWS
.NET on AWS.NET on AWS
.NET on AWSAmazon Web Services
 
AWS Networking Fundamentals - SVC304 - Anaheim AWS Summit
AWS Networking Fundamentals - SVC304 - Anaheim AWS SummitAWS Networking Fundamentals - SVC304 - Anaheim AWS Summit
AWS Networking Fundamentals - SVC304 - Anaheim AWS SummitAmazon Web Services
 
Twelve-Factor serverless applications - MAD311 - Chicago AWS Summit
Twelve-Factor serverless applications - MAD311 - Chicago AWS SummitTwelve-Factor serverless applications - MAD311 - Chicago AWS Summit
Twelve-Factor serverless applications - MAD311 - Chicago AWS SummitAmazon Web Services
 
Deep-Dive-with-Cloud-Monitoring-with-Amazon-EKS-and-Prometheus
Deep-Dive-with-Cloud-Monitoring-with-Amazon-EKS-and-PrometheusDeep-Dive-with-Cloud-Monitoring-with-Amazon-EKS-and-Prometheus
Deep-Dive-with-Cloud-Monitoring-with-Amazon-EKS-and-PrometheusAmazon Web Services
 
AWS 如何協助客戶建立 DevOps 流程
AWS 如何協助客戶建立 DevOps 流程AWS 如何協助客戶建立 DevOps 流程
AWS 如何協助客戶建立 DevOps 流程Amazon Web Services
 
Planning advanced AWS networking architectures - SVC304 - Chicago AWS Summit
Planning advanced AWS networking architectures - SVC304 - Chicago AWS SummitPlanning advanced AWS networking architectures - SVC304 - Chicago AWS Summit
Planning advanced AWS networking architectures - SVC304 - Chicago AWS SummitAmazon Web Services
 
How to speed up and scale your innovation efforts - MAD203 - Chicago AWS Summit
How to speed up and scale your innovation efforts - MAD203 - Chicago AWS SummitHow to speed up and scale your innovation efforts - MAD203 - Chicago AWS Summit
How to speed up and scale your innovation efforts - MAD203 - Chicago AWS SummitAmazon Web Services
 
AWS identity services: Enabling and securing your cloud journey - SEC203 - Ch...
AWS identity services: Enabling and securing your cloud journey - SEC203 - Ch...AWS identity services: Enabling and securing your cloud journey - SEC203 - Ch...
AWS identity services: Enabling and securing your cloud journey - SEC203 - Ch...Amazon Web Services
 
Connectivity Options for VMware Cloud on AWS Software Defined Data Centers (S...
Connectivity Options for VMware Cloud on AWS Software Defined Data Centers (S...Connectivity Options for VMware Cloud on AWS Software Defined Data Centers (S...
Connectivity Options for VMware Cloud on AWS Software Defined Data Centers (S...Amazon Web Services
 
Exploring the fundamentals of AWS networking - SVC210 - Chicago AWS Summit
Exploring the fundamentals of AWS networking - SVC210 - Chicago AWS SummitExploring the fundamentals of AWS networking - SVC210 - Chicago AWS Summit
Exploring the fundamentals of AWS networking - SVC210 - Chicago AWS SummitAmazon Web Services
 
Building APIs from front to back - MAD314 - Chicago AWS Summit
Building APIs from front to back - MAD314 - Chicago AWS SummitBuilding APIs from front to back - MAD314 - Chicago AWS Summit
Building APIs from front to back - MAD314 - Chicago AWS SummitAmazon Web Services
 
Accelerating your Cloud Migration with VMware Cloud on AWS - SVC210 - Atlanta...
Accelerating your Cloud Migration with VMware Cloud on AWS - SVC210 - Atlanta...Accelerating your Cloud Migration with VMware Cloud on AWS - SVC210 - Atlanta...
Accelerating your Cloud Migration with VMware Cloud on AWS - SVC210 - Atlanta...Amazon Web Services
 
Moving desktops & applications to AWS with Amazon WorkSpaces & AppStream 2 - ...
Moving desktops & applications to AWS with Amazon WorkSpaces & AppStream 2 - ...Moving desktops & applications to AWS with Amazon WorkSpaces & AppStream 2 - ...
Moving desktops & applications to AWS with Amazon WorkSpaces & AppStream 2 - ...Amazon Web Services
 
Carry security with you to the cloud - DEM14-SR - New York AWS Summit
Carry security with you to the cloud - DEM14-SR - New York AWS SummitCarry security with you to the cloud - DEM14-SR - New York AWS Summit
Carry security with you to the cloud - DEM14-SR - New York AWS SummitAmazon Web Services
 
Safeguarding the integrity of your code for fast, secure deployments - SVC301...
Safeguarding the integrity of your code for fast, secure deployments - SVC301...Safeguarding the integrity of your code for fast, secure deployments - SVC301...
Safeguarding the integrity of your code for fast, secure deployments - SVC301...Amazon Web Services
 
Scalable serverless architectures using event-driven design - MAD301 - Atlant...
Scalable serverless architectures using event-driven design - MAD301 - Atlant...Scalable serverless architectures using event-driven design - MAD301 - Atlant...
Scalable serverless architectures using event-driven design - MAD301 - Atlant...Amazon Web Services
 
利用AWS建立企業全球化網路
利用AWS建立企業全球化網路利用AWS建立企業全球化網路
利用AWS建立企業全球化網路Amazon Web Services
 
(ARC205) Creating Your Virtual Data Center: VPC Fundamentals and Connectivity...
(ARC205) Creating Your Virtual Data Center: VPC Fundamentals and Connectivity...(ARC205) Creating Your Virtual Data Center: VPC Fundamentals and Connectivity...
(ARC205) Creating Your Virtual Data Center: VPC Fundamentals and Connectivity...Amazon Web Services
 

Mais conteúdo relacionado

Mais procurados

如何成功的完成混合雲遷移專案
如何成功的完成混合雲遷移專案如何成功的完成混合雲遷移專案
如何成功的完成混合雲遷移專案Amazon Web Services
 
從業人員指南-如何像技術專家一樣守護您的雲端安全
從業人員指南-如何像技術專家一樣守護您的雲端安全從業人員指南-如何像技術專家一樣守護您的雲端安全
從業人員指南-如何像技術專家一樣守護您的雲端安全Amazon Web Services
 
Exploring the fundamentals of AWS networking - SVC211 - New York AWS Summit
Exploring the fundamentals of AWS networking - SVC211 - New York AWS SummitExploring the fundamentals of AWS networking - SVC211 - New York AWS Summit
Exploring the fundamentals of AWS networking - SVC211 - New York AWS SummitAmazon Web Services
 
AWS networking fundamentals - SVC303 - Santa Clara AWS Summit
AWS networking fundamentals - SVC303 - Santa Clara AWS SummitAWS networking fundamentals - SVC303 - Santa Clara AWS Summit
AWS networking fundamentals - SVC303 - Santa Clara AWS SummitAmazon Web Services
 
AWS Networking Fundamentals - SVC304 - Anaheim AWS Summit
AWS Networking Fundamentals - SVC304 - Anaheim AWS SummitAWS Networking Fundamentals - SVC304 - Anaheim AWS Summit
AWS Networking Fundamentals - SVC304 - Anaheim AWS SummitAmazon Web Services
 
Twelve-Factor serverless applications - MAD311 - Chicago AWS Summit
Twelve-Factor serverless applications - MAD311 - Chicago AWS SummitTwelve-Factor serverless applications - MAD311 - Chicago AWS Summit
Twelve-Factor serverless applications - MAD311 - Chicago AWS SummitAmazon Web Services
 
Deep-Dive-with-Cloud-Monitoring-with-Amazon-EKS-and-Prometheus
Deep-Dive-with-Cloud-Monitoring-with-Amazon-EKS-and-PrometheusDeep-Dive-with-Cloud-Monitoring-with-Amazon-EKS-and-Prometheus
Deep-Dive-with-Cloud-Monitoring-with-Amazon-EKS-and-PrometheusAmazon Web Services
 
AWS 如何協助客戶建立 DevOps 流程
AWS 如何協助客戶建立 DevOps 流程AWS 如何協助客戶建立 DevOps 流程
AWS 如何協助客戶建立 DevOps 流程Amazon Web Services
 
Planning advanced AWS networking architectures - SVC304 - Chicago AWS Summit
Planning advanced AWS networking architectures - SVC304 - Chicago AWS SummitPlanning advanced AWS networking architectures - SVC304 - Chicago AWS Summit
Planning advanced AWS networking architectures - SVC304 - Chicago AWS SummitAmazon Web Services
 
How to speed up and scale your innovation efforts - MAD203 - Chicago AWS Summit
How to speed up and scale your innovation efforts - MAD203 - Chicago AWS SummitHow to speed up and scale your innovation efforts - MAD203 - Chicago AWS Summit
How to speed up and scale your innovation efforts - MAD203 - Chicago AWS SummitAmazon Web Services
 
AWS identity services: Enabling and securing your cloud journey - SEC203 - Ch...
AWS identity services: Enabling and securing your cloud journey - SEC203 - Ch...AWS identity services: Enabling and securing your cloud journey - SEC203 - Ch...
AWS identity services: Enabling and securing your cloud journey - SEC203 - Ch...Amazon Web Services
 
Connectivity Options for VMware Cloud on AWS Software Defined Data Centers (S...
Connectivity Options for VMware Cloud on AWS Software Defined Data Centers (S...Connectivity Options for VMware Cloud on AWS Software Defined Data Centers (S...
Connectivity Options for VMware Cloud on AWS Software Defined Data Centers (S...Amazon Web Services
 
Exploring the fundamentals of AWS networking - SVC210 - Chicago AWS Summit
Exploring the fundamentals of AWS networking - SVC210 - Chicago AWS SummitExploring the fundamentals of AWS networking - SVC210 - Chicago AWS Summit
Exploring the fundamentals of AWS networking - SVC210 - Chicago AWS SummitAmazon Web Services
 
Building APIs from front to back - MAD314 - Chicago AWS Summit
Building APIs from front to back - MAD314 - Chicago AWS SummitBuilding APIs from front to back - MAD314 - Chicago AWS Summit
Building APIs from front to back - MAD314 - Chicago AWS SummitAmazon Web Services
 
Accelerating your Cloud Migration with VMware Cloud on AWS - SVC210 - Atlanta...
Accelerating your Cloud Migration with VMware Cloud on AWS - SVC210 - Atlanta...Accelerating your Cloud Migration with VMware Cloud on AWS - SVC210 - Atlanta...
Accelerating your Cloud Migration with VMware Cloud on AWS - SVC210 - Atlanta...Amazon Web Services
 
Moving desktops & applications to AWS with Amazon WorkSpaces & AppStream 2 - ...
Moving desktops & applications to AWS with Amazon WorkSpaces & AppStream 2 - ...Moving desktops & applications to AWS with Amazon WorkSpaces & AppStream 2 - ...
Moving desktops & applications to AWS with Amazon WorkSpaces & AppStream 2 - ...Amazon Web Services
 
Carry security with you to the cloud - DEM14-SR - New York AWS Summit
Carry security with you to the cloud - DEM14-SR - New York AWS SummitCarry security with you to the cloud - DEM14-SR - New York AWS Summit
Carry security with you to the cloud - DEM14-SR - New York AWS SummitAmazon Web Services
 
Safeguarding the integrity of your code for fast, secure deployments - SVC301...
Safeguarding the integrity of your code for fast, secure deployments - SVC301...Safeguarding the integrity of your code for fast, secure deployments - SVC301...
Safeguarding the integrity of your code for fast, secure deployments - SVC301...Amazon Web Services
 
Scalable serverless architectures using event-driven design - MAD301 - Atlant...
Scalable serverless architectures using event-driven design - MAD301 - Atlant...Scalable serverless architectures using event-driven design - MAD301 - Atlant...
Scalable serverless architectures using event-driven design - MAD301 - Atlant...Amazon Web Services
 

Mais procurados (20)

如何成功的完成混合雲遷移專案
如何成功的完成混合雲遷移專案如何成功的完成混合雲遷移專案
如何成功的完成混合雲遷移專案
 
從業人員指南-如何像技術專家一樣守護您的雲端安全
從業人員指南-如何像技術專家一樣守護您的雲端安全從業人員指南-如何像技術專家一樣守護您的雲端安全
從業人員指南-如何像技術專家一樣守護您的雲端安全
 
Exploring the fundamentals of AWS networking - SVC211 - New York AWS Summit
Exploring the fundamentals of AWS networking - SVC211 - New York AWS SummitExploring the fundamentals of AWS networking - SVC211 - New York AWS Summit
Exploring the fundamentals of AWS networking - SVC211 - New York AWS Summit
 
AWS networking fundamentals - SVC303 - Santa Clara AWS Summit
AWS networking fundamentals - SVC303 - Santa Clara AWS SummitAWS networking fundamentals - SVC303 - Santa Clara AWS Summit
AWS networking fundamentals - SVC303 - Santa Clara AWS Summit
 
.NET on AWS
.NET on AWS.NET on AWS
.NET on AWS
 
AWS Networking Fundamentals - SVC304 - Anaheim AWS Summit
AWS Networking Fundamentals - SVC304 - Anaheim AWS SummitAWS Networking Fundamentals - SVC304 - Anaheim AWS Summit
AWS Networking Fundamentals - SVC304 - Anaheim AWS Summit
 
Twelve-Factor serverless applications - MAD311 - Chicago AWS Summit
Twelve-Factor serverless applications - MAD311 - Chicago AWS SummitTwelve-Factor serverless applications - MAD311 - Chicago AWS Summit
Twelve-Factor serverless applications - MAD311 - Chicago AWS Summit
 
Deep-Dive-with-Cloud-Monitoring-with-Amazon-EKS-and-Prometheus
Deep-Dive-with-Cloud-Monitoring-with-Amazon-EKS-and-PrometheusDeep-Dive-with-Cloud-Monitoring-with-Amazon-EKS-and-Prometheus
Deep-Dive-with-Cloud-Monitoring-with-Amazon-EKS-and-Prometheus
 
AWS 如何協助客戶建立 DevOps 流程
AWS 如何協助客戶建立 DevOps 流程AWS 如何協助客戶建立 DevOps 流程
AWS 如何協助客戶建立 DevOps 流程
 
Planning advanced AWS networking architectures - SVC304 - Chicago AWS Summit
Planning advanced AWS networking architectures - SVC304 - Chicago AWS SummitPlanning advanced AWS networking architectures - SVC304 - Chicago AWS Summit
Planning advanced AWS networking architectures - SVC304 - Chicago AWS Summit
 
How to speed up and scale your innovation efforts - MAD203 - Chicago AWS Summit
How to speed up and scale your innovation efforts - MAD203 - Chicago AWS SummitHow to speed up and scale your innovation efforts - MAD203 - Chicago AWS Summit
How to speed up and scale your innovation efforts - MAD203 - Chicago AWS Summit
 
AWS identity services: Enabling and securing your cloud journey - SEC203 - Ch...
AWS identity services: Enabling and securing your cloud journey - SEC203 - Ch...AWS identity services: Enabling and securing your cloud journey - SEC203 - Ch...
AWS identity services: Enabling and securing your cloud journey - SEC203 - Ch...
 
Connectivity Options for VMware Cloud on AWS Software Defined Data Centers (S...
Connectivity Options for VMware Cloud on AWS Software Defined Data Centers (S...Connectivity Options for VMware Cloud on AWS Software Defined Data Centers (S...
Connectivity Options for VMware Cloud on AWS Software Defined Data Centers (S...
 
Exploring the fundamentals of AWS networking - SVC210 - Chicago AWS Summit
Exploring the fundamentals of AWS networking - SVC210 - Chicago AWS SummitExploring the fundamentals of AWS networking - SVC210 - Chicago AWS Summit
Exploring the fundamentals of AWS networking - SVC210 - Chicago AWS Summit
 
Building APIs from front to back - MAD314 - Chicago AWS Summit
Building APIs from front to back - MAD314 - Chicago AWS SummitBuilding APIs from front to back - MAD314 - Chicago AWS Summit
Building APIs from front to back - MAD314 - Chicago AWS Summit
 
Accelerating your Cloud Migration with VMware Cloud on AWS - SVC210 - Atlanta...
Accelerating your Cloud Migration with VMware Cloud on AWS - SVC210 - Atlanta...Accelerating your Cloud Migration with VMware Cloud on AWS - SVC210 - Atlanta...
Accelerating your Cloud Migration with VMware Cloud on AWS - SVC210 - Atlanta...
 
Moving desktops & applications to AWS with Amazon WorkSpaces & AppStream 2 - ...
Moving desktops & applications to AWS with Amazon WorkSpaces & AppStream 2 - ...Moving desktops & applications to AWS with Amazon WorkSpaces & AppStream 2 - ...
Moving desktops & applications to AWS with Amazon WorkSpaces & AppStream 2 - ...
 
Carry security with you to the cloud - DEM14-SR - New York AWS Summit
Carry security with you to the cloud - DEM14-SR - New York AWS SummitCarry security with you to the cloud - DEM14-SR - New York AWS Summit
Carry security with you to the cloud - DEM14-SR - New York AWS Summit
 
Safeguarding the integrity of your code for fast, secure deployments - SVC301...
Safeguarding the integrity of your code for fast, secure deployments - SVC301...Safeguarding the integrity of your code for fast, secure deployments - SVC301...
Safeguarding the integrity of your code for fast, secure deployments - SVC301...
 
Scalable serverless architectures using event-driven design - MAD301 - Atlant...
Scalable serverless architectures using event-driven design - MAD301 - Atlant...Scalable serverless architectures using event-driven design - MAD301 - Atlant...
Scalable serverless architectures using event-driven design - MAD301 - Atlant...
 

Semelhante a 打破時空藩籬-輕鬆存取您的雲端工作負載

利用AWS建立企業全球化網路
利用AWS建立企業全球化網路利用AWS建立企業全球化網路
利用AWS建立企業全球化網路Amazon Web Services
 
(ARC205) Creating Your Virtual Data Center: VPC Fundamentals and Connectivity...
(ARC205) Creating Your Virtual Data Center: VPC Fundamentals and Connectivity...(ARC205) Creating Your Virtual Data Center: VPC Fundamentals and Connectivity...
(ARC205) Creating Your Virtual Data Center: VPC Fundamentals and Connectivity...Amazon Web Services
 
GPSTEC322-GPS Creating Your Virtual Data Center VPC Fundamentals Connectivity...
GPSTEC322-GPS Creating Your Virtual Data Center VPC Fundamentals Connectivity...GPSTEC322-GPS Creating Your Virtual Data Center VPC Fundamentals Connectivity...
GPSTEC322-GPS Creating Your Virtual Data Center VPC Fundamentals Connectivity...Amazon Web Services
 
Connecting Many VPCs: Network Design Patterns at Scale (ARC405) - AWS re:Inve...
Connecting Many VPCs: Network Design Patterns at Scale (ARC405) - AWS re:Inve...Connecting Many VPCs: Network Design Patterns at Scale (ARC405) - AWS re:Inve...
Connecting Many VPCs: Network Design Patterns at Scale (ARC405) - AWS re:Inve...Amazon Web Services
 
(NET406) Deep Dive: AWS Direct Connect and VPNs
(NET406) Deep Dive: AWS Direct Connect and VPNs(NET406) Deep Dive: AWS Direct Connect and VPNs
(NET406) Deep Dive: AWS Direct Connect and VPNsAmazon Web Services
 
Amazon Virtual Private Cloud (VPC): Networking Fundamentals and Connectivity ...
Amazon Virtual Private Cloud (VPC): Networking Fundamentals and Connectivity ...Amazon Virtual Private Cloud (VPC): Networking Fundamentals and Connectivity ...
Amazon Virtual Private Cloud (VPC): Networking Fundamentals and Connectivity ...Amazon Web Services
 
Creating Your Virtual Data Center
Creating Your Virtual Data CenterCreating Your Virtual Data Center
Creating Your Virtual Data CenterAmazon Web Services
 
Creating Your Virtual Data Center
Creating Your Virtual Data CenterCreating Your Virtual Data Center
Creating Your Virtual Data CenterMonica Trantow
 
AWS Direct Connect 및 VPN을 이용한 클라우드 아키텍쳐 설계:: Steve Seymour :: AWS Summit Seou...
AWS Direct Connect 및 VPN을 이용한 클라우드 아키텍쳐 설계:: Steve Seymour :: AWS Summit Seou...AWS Direct Connect 및 VPN을 이용한 클라우드 아키텍쳐 설계:: Steve Seymour :: AWS Summit Seou...
AWS Direct Connect 및 VPN을 이용한 클라우드 아키텍쳐 설계:: Steve Seymour :: AWS Summit Seou...Amazon Web Services Korea
 
Cisco Cloud Connect Solutions Extend Your Private Network to AWS and Maintain...
Cisco Cloud Connect Solutions Extend Your Private Network to AWS and Maintain...Cisco Cloud Connect Solutions Extend Your Private Network to AWS and Maintain...
Cisco Cloud Connect Solutions Extend Your Private Network to AWS and Maintain...Amazon Web Services
 
Creating Your Virtual Data Center - AWS Summit Bahrain 2017
Creating Your Virtual Data Center - AWS Summit Bahrain 2017Creating Your Virtual Data Center - AWS Summit Bahrain 2017
Creating Your Virtual Data Center - AWS Summit Bahrain 2017Amazon Web Services
 
AWS re:Invent 2016: Hybrid Architecture Design: Connecting Your On-Premises W...
AWS re:Invent 2016: Hybrid Architecture Design: Connecting Your On-Premises W...AWS re:Invent 2016: Hybrid Architecture Design: Connecting Your On-Premises W...
AWS re:Invent 2016: Hybrid Architecture Design: Connecting Your On-Premises W...Amazon Web Services
 
AWS Networking – Advanced Concepts and new capabilities | AWS Summit Tel Aviv...
AWS Networking – Advanced Concepts and new capabilities | AWS Summit Tel Aviv...AWS Networking – Advanced Concepts and new capabilities | AWS Summit Tel Aviv...
AWS Networking – Advanced Concepts and new capabilities | AWS Summit Tel Aviv...AWS Summits
 
ENT202 Creating Your Virtual Data Center: VPC Fundamentals and Connectivity O...
ENT202 Creating Your Virtual Data Center: VPC Fundamentals and Connectivity O...ENT202 Creating Your Virtual Data Center: VPC Fundamentals and Connectivity O...
ENT202 Creating Your Virtual Data Center: VPC Fundamentals and Connectivity O...Amazon Web Services
 
AWS Direct Connect & VPN's - Pop-up Loft Tel Aviv
AWS Direct Connect & VPN's - Pop-up Loft Tel AvivAWS Direct Connect & VPN's - Pop-up Loft Tel Aviv
AWS Direct Connect & VPN's - Pop-up Loft Tel AvivAmazon Web Services
 
Hybrid Infrastructure Integration
Hybrid Infrastructure IntegrationHybrid Infrastructure Integration
Hybrid Infrastructure IntegrationAmazon Web Services
 
Hybrid Infrastructure Integration
Hybrid Infrastructure IntegrationHybrid Infrastructure Integration
Hybrid Infrastructure IntegrationAmazon Web Services
 

Semelhante a 打破時空藩籬-輕鬆存取您的雲端工作負載 (20)

利用AWS建立企業全球化網路
利用AWS建立企業全球化網路利用AWS建立企業全球化網路
利用AWS建立企業全球化網路
 
(ARC205) Creating Your Virtual Data Center: VPC Fundamentals and Connectivity...
(ARC205) Creating Your Virtual Data Center: VPC Fundamentals and Connectivity...(ARC205) Creating Your Virtual Data Center: VPC Fundamentals and Connectivity...
(ARC205) Creating Your Virtual Data Center: VPC Fundamentals and Connectivity...
 
GPSTEC322-GPS Creating Your Virtual Data Center VPC Fundamentals Connectivity...
GPSTEC322-GPS Creating Your Virtual Data Center VPC Fundamentals Connectivity...GPSTEC322-GPS Creating Your Virtual Data Center VPC Fundamentals Connectivity...
GPSTEC322-GPS Creating Your Virtual Data Center VPC Fundamentals Connectivity...
 
Getting Started on AWS
Getting Started on AWS Getting Started on AWS
Getting Started on AWS
 
Connecting Many VPCs: Network Design Patterns at Scale (ARC405) - AWS re:Inve...
Connecting Many VPCs: Network Design Patterns at Scale (ARC405) - AWS re:Inve...Connecting Many VPCs: Network Design Patterns at Scale (ARC405) - AWS re:Inve...
Connecting Many VPCs: Network Design Patterns at Scale (ARC405) - AWS re:Inve...
 
(NET406) Deep Dive: AWS Direct Connect and VPNs
(NET406) Deep Dive: AWS Direct Connect and VPNs(NET406) Deep Dive: AWS Direct Connect and VPNs
(NET406) Deep Dive: AWS Direct Connect and VPNs
 
Amazon Virtual Private Cloud (VPC): Networking Fundamentals and Connectivity ...
Amazon Virtual Private Cloud (VPC): Networking Fundamentals and Connectivity ...Amazon Virtual Private Cloud (VPC): Networking Fundamentals and Connectivity ...
Amazon Virtual Private Cloud (VPC): Networking Fundamentals and Connectivity ...
 
Creating Your Virtual Data Center
Creating Your Virtual Data CenterCreating Your Virtual Data Center
Creating Your Virtual Data Center
 
Creating Your Virtual Data Center
Creating Your Virtual Data CenterCreating Your Virtual Data Center
Creating Your Virtual Data Center
 
Creating a Virtual Data Center
Creating a Virtual Data CenterCreating a Virtual Data Center
Creating a Virtual Data Center
 
AWS Direct Connect 및 VPN을 이용한 클라우드 아키텍쳐 설계:: Steve Seymour :: AWS Summit Seou...
AWS Direct Connect 및 VPN을 이용한 클라우드 아키텍쳐 설계:: Steve Seymour :: AWS Summit Seou...AWS Direct Connect 및 VPN을 이용한 클라우드 아키텍쳐 설계:: Steve Seymour :: AWS Summit Seou...
AWS Direct Connect 및 VPN을 이용한 클라우드 아키텍쳐 설계:: Steve Seymour :: AWS Summit Seou...
 
Cisco Cloud Connect Solutions Extend Your Private Network to AWS and Maintain...
Cisco Cloud Connect Solutions Extend Your Private Network to AWS and Maintain...Cisco Cloud Connect Solutions Extend Your Private Network to AWS and Maintain...
Cisco Cloud Connect Solutions Extend Your Private Network to AWS and Maintain...
 
Creating Your Virtual Data Center - AWS Summit Bahrain 2017
Creating Your Virtual Data Center - AWS Summit Bahrain 2017Creating Your Virtual Data Center - AWS Summit Bahrain 2017
Creating Your Virtual Data Center - AWS Summit Bahrain 2017
 
AWS re:Invent 2016: Hybrid Architecture Design: Connecting Your On-Premises W...
AWS re:Invent 2016: Hybrid Architecture Design: Connecting Your On-Premises W...AWS re:Invent 2016: Hybrid Architecture Design: Connecting Your On-Premises W...
AWS re:Invent 2016: Hybrid Architecture Design: Connecting Your On-Premises W...
 
AWS Networking – Advanced Concepts and new capabilities | AWS Summit Tel Aviv...
AWS Networking – Advanced Concepts and new capabilities | AWS Summit Tel Aviv...AWS Networking – Advanced Concepts and new capabilities | AWS Summit Tel Aviv...
AWS Networking – Advanced Concepts and new capabilities | AWS Summit Tel Aviv...
 
ENT202 Creating Your Virtual Data Center: VPC Fundamentals and Connectivity O...
ENT202 Creating Your Virtual Data Center: VPC Fundamentals and Connectivity O...ENT202 Creating Your Virtual Data Center: VPC Fundamentals and Connectivity O...
ENT202 Creating Your Virtual Data Center: VPC Fundamentals and Connectivity O...
 
AWS Direct Connect & VPN's - Pop-up Loft Tel Aviv
AWS Direct Connect & VPN's - Pop-up Loft Tel AvivAWS Direct Connect & VPN's - Pop-up Loft Tel Aviv
AWS Direct Connect & VPN's - Pop-up Loft Tel Aviv
 
Hybrid Infrastructure Integration
Hybrid Infrastructure IntegrationHybrid Infrastructure Integration
Hybrid Infrastructure Integration
 
VPC and DX PoP @ HKG
VPC and DX PoP @ HKGVPC and DX PoP @ HKG
VPC and DX PoP @ HKG
 
Hybrid Infrastructure Integration
Hybrid Infrastructure IntegrationHybrid Infrastructure Integration
Hybrid Infrastructure Integration
 

Mais de Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

Mais de Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

打破時空藩籬-輕鬆存取您的雲端工作負載

  • 1. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Access Your Cloud Workloads From Anywhere Bruce Wang Partner Solutions Architect Amazon Web Services
  • 2. What to expect from this session You will learn how to integrate variety of AWS networking services to build a reliable and scalable architecture in three common cloud access scenarios. Access from internet Access from other VPCs Access from your on-premises S U M M I T
  • 3. Access from Internet S U M M I T workloads INTERNET
  • 4. Public subnet Our starting point AWS Cloud Availability Zone 1 VPC Instance Internet Gateway Elastic IP Route 53 DNS query User S U M M I T
  • 5. Private subnet Private subnet Auto-Scaling and Load Balancing in VPC VPC AWS Cloud Availability Zone 1 Instance Internet Gateway Availability Zone 2 Instance Application Load Balancing Route 53 DNS query (CNAME/ALIAS) Auto-Scaling UsersUser S U M M I T
  • 6. Elastic Load Balancing security tools S U M M I T
  • 7. Private subnet Private subnet Global reachability VPC AWS Cloud Availability Zone 1 Instance Internet Gateway Availability Zone 2 Instance Application Load Balancing Route 53 CloudFront Edge Location DNS query (CNAME/ALIAS) Users Auto-scaling S U M M I T
  • 8. Private subnet Private subnet Secure your web applications VPC AWS Cloud Availability Zone 1 Instance Internet Gateway Availability Zone 2 Instance Application Load Balancing Route 53 CloudFront Edge Location DNS query Web Application Firewall Hackers Users SQL Injection WAF Managed Rule Auto-scaling S U M M I T
  • 9. Private subnet Private subnet VPC AWS Cloud Availability Zone 1 Instance Internet Gateway Availability Zone 2 Instance Application Load Balancing Route 53 CloudFront Edge Location DNS query Web Application Firewall DDoS Users Shield Advance Auto-scaling DDoS Mitigation S U M M I T
  • 10. Private subnet Private subnet I have a TCP service (non-http/s) VPC AWS Cloud Availability Zone 1 Instance Internet Gateway Availability Zone 2 Instance Network Load Balancing Route 53 DNS query Shield Advance Global Accelerator Auto-scaling Users Application Load Balancing CloudFront Edge Location Static anycast IP TCP S U M M I T
  • 11. I run UDP based games Public subnet Public subnet VPC AWS Cloud Availability Zone 1 Instance Internet Gateway Availability Zone 2 Instance Network Load Balancing Route 53 DNS query Shield Advance Global Accelerator Auto-scaling Users Static anycast IP EIP EIP UDP S U M M I T
  • 12. Local ISP Network A B C D E F Access Application! Accessing your application is not this straightforward!It can take many networks to reach the application Paths to and from the application may differ Each hop impacts performance and can introduce risk Introducing AWS Global Accelerator S U M M I T
  • 13. Local ISP AWS Network Accessing your web applications with AWS Global Accelerator Adding AWS Global Accelerator removes these inefficiencies Leverages the Global AWS Network Resulting in improved performance S U M M I T
  • 14. How fixed IP address helps Migration between endpoint types Whitelisting of IP addresses in security applications Scaling of applications to new AWS Regions or AZs Stack upgrades and performance testing No client facing changes S U M M I T
  • 15. Access from other VPCs S U M M I T
  • 16. VPC to VPC VPCVPC Region VPC Peering VPCVPC Region1 Inter-region VPC Peering Region2 Region1 Region2 vRouter w/ EIP vRouter w/ EIPVPN Connection Region1 Region2 vRouter w/ EIP VPN Connection VPN Gateway S U M M I T
  • 17. VPC to VPCs – VPC peering Pros • AWS managed service • Easy to deploy • Inter-region support • Security groups across VPCs • Private DNS name support • Encryption (inter-region) Cons • Do not support transitive routing • 125 peering connection per VPC • Max. full-mesh VPCs: 14 ( limit of VPC route table ) VPC Peering PROD DEV TEST SEC Shared Services X S U M M I T
  • 18. VPC to VPCs – Transit VPC Pros • Scalable for VPC expanding • Central routing control • East-west routing • Automation with partners solution • Cross account • Encryption Cons • Bandwidth constrained • Complex management • Instance and licensing costs Transit VPC Virtual Private Gateway IPSec Tunnel Software Router/Firewall I want to run full-mesh connectivity between all VPCs AZ 1 AZ 2 VPC 1 VPC 10 VPC N VPC N+1 S U M M I T
  • 19. VPC to VPCs – AWS PrivateLink Benefits • Highly scalable • Support overlapping CIDRs • Support all TCP based services • All traffic is transmitted privately • Three types of services accessible over PrivateLink  AWS Services  Customer hosted internal services  3rd Party services (SaaS) Network Load Balancing I need to solve the issue of IP overlap Interface endpoint 10.1.1.0/24 10.1.1.0/24 10.1.1.0/24 10.1.1.0/24 PrivateLink endpoint service AZ 1 AZ 2 10.1.1.0/24 Unidirectional access only S U M M I T
  • 20. VPC to VPCs – AWS PrivateLink Can I provide my services in different region? Service provider Inter-region VPC Peering Service VPC Network Load Balancing 10.1.1.0/24 10.1.1.0/24 10.1.1.0/24 10.1.1.0/24 PrivateLink endpoint service 10.1.1.0/24 Region 1 Region 2Region 3 Inter-region VPC Peering Service consumer Interface endpoint Network Load Balancing PrivateLink endpoint service Service provider Region 1 S U M M I T
  • 21. VPCs to VPCs – before AWS re:Invent 2018 Transit VPC Virtual Private Gateway IPSec Tunnel Software Router/Firewall AZ 1 AZ 2 VPC 1 VPC 10 VPC N VPC N+1 Performance constrained Complex management Instance and licensing costs S U M M I T
  • 22. AWS Transit Gateway AWS Transit Gateway radically evolved and simplified cloud networking. Using Transit Gateway, we reduced the time to interconnect new VPCs and on-premise networks from weeks to minutes while attaining consistent and more reliable network performance! Khoder Shamy, Director, Cloud Platform and Infrastructure, Fuze “ ” S U M M I T
  • 23. VPCs to VPCs – after AWS re:Invent 2018 Benefits • Highly scalable ~ 5000 attachments • High performance ~50Gbps per VPC • Many-to-many or one-to-many • Routing domain segmentation • Site-to-site VPN with ECMP • Direct Connect Gateway support Routing domain AWS Transit Gateway Transit Gateway EN I EN I AZ 1 AZ 2 10.1.0.0/16 EN I EN I AZ 1 AZ 2 10.2.0.0/16 EN I EN I AZ 1 AZ 2 10.3.0.0/16 EN I EN I AZ 1 AZ 2 Shared services 10.4.0.0/16 VPC Attachment VPC Route Table Route Destination 10.4.0.0/16 Local 10.0.0.0/8 tgw-xxxxxxxxx VPC Route Table Route Destination 10.3.0.0/16 Local 10.0.0.0/8 tgw-xxxxxxxxx Transit Gateway Route Table Route Destination 10.1.0.0/16 vpc-att-1xxxxxxx 10.2.0.0/16 vpc-att-2xxxxxxx 10.3.0.0/16 vpc-att-3xxxxxxx 10.4.0.0/16 vpc-att-4xxxxxxx S U M M I T
  • 24. VPCs to VPCs – VPC Segmentation AWS Transit Gateway Transit Gateway EN I EN I AZ 1 AZ 2 10.1.0.0/16 EN I EN I AZ 1 AZ 2 10.2.0.0/16 EN I EN I AZ 1 AZ 2 10.3.0.0/16 EN I EN I AZ 1 AZ 2 Shared services 10.4.0.0/16 VPC Attachment VPC Route Table Route Destination 10.4.0.0/16 Local 10.0.0.0/8 tgw-xxxxxxxxx VPC Route Table Route Destination 10.3.0.0/16 Local 10.0.0.0/8 tgw-xxxxxxxxx Transit Gateway Route Table Route Destination 10.4.0.0/16 vpc-att-4xxxxxxx VPC Shared services Transit Gateway Route Table Route Destination 10.1.0.0/16 vpc-att-1xxxxxxx 10.2.0.0/16 vpc-att-2xxxxxxx 10.3.0.0/16 vpc-att-3xxxxxxx 10.4.0.0/16 vpc-att-4xxxxxxx VPC Route Table Route Destination 10.1.0.0/16 Local 10.0.0.0/8 tgw-xxxxxxxxx No route entry for 10.2.0.0/16 S U M M I T
  • 26. Virtual Private Gateway Pros • Cost effective • Easy install, minutes to set up • Support static routing and BGP • VPN Gateway is managed service Cons • Bandwidth constrained (up to 1.25G) • Hard to manage • Repeat for every VPC • No ECMP support Corporate data center Customer Gateway VPN Gateway Corporate data center Customer Gateway VPN Gateway2 VPN Connections 4 VPN tunnels Create two customer gateways for high availability 1 VPN Connection 2 VPN tunnels The VPN tunnels are active/standby by default, you configure BGP attributes for active/active. S U M M I T
  • 27. AWS Direct Connect Pros • Consistent networking performance • LAG support(1Gbps * 4) • Lower data transfer charges • BGP routing policy (AS path, BGP communities) Cons • Lead time could take weeks • Local loop monthly charges • Single region only AWS DX Router Local loop VGW associated Private VIF 1 VPN Gateway 10.1.0.0/16 Corporate data center Customer Router 172.16.0.0/16 172.16.0.0/16 10.1.0.0/16 AWS DX Router Private VIF 2 AS prepend S U M M I T
  • 28. AWS Direct Connect + VPN backup AWS DX Router Local loop VGW associated Private VIF 1 VPN Gateway 10.1.0.0/16 Corporate data center Customer Router 172.16.0.0/16 172.16.0.0/16 AWS DX Router Private VIF 2 1 Connection 2 VPN tunnels 172.16.0.0/16 AS prepend AWS routing preference • 1st – local route to the VPC • 2nd – longest prefix match • 3rd – static route preferred over dynamic • 4th – dynamic routes • prefer DX BGP routes • VPN static routes • BGP routes from VPN 172.16.0.0/16 S U M M I T
  • 29. Before Direct Connect Gateway Access multiple VPCs in different regions VGW Region1 One VIF per VPC Hard to manage Multiple BGP sessions Max. of 50 VIFs per DX AWS DX Router VGW associatedCorporate data center Customer Router 172.16.0.0/16 VGW Region2 AWS DX Router VGW associated VGW Region3 AWS DX Router VGW associated S U M M I T
  • 30. After Direct Connect Gateway Access multiple VPCs in different regions Region1 DX Gateway disallowed path • Private VIF to Private VIF • VGW to VGW • Private VIF to VPN AWS DX Router VGW associatedCorporate data center Customer Router 172.16.0.0/16 Region2 AWS DX Router VGW associated Region3 AWS DX Router VGW associated Private VIF Direct Connect Gateway 10.1.0.0/16 10.2.0.0/16 10.3.0.0/16 10.1.0.0/16 10.2.0.0/16 10.3.0.0/16 172.16.0.0/16 VGW associated VGW associated VGW associated DX Gateway limits • 200 DX Gateways per account • 30 VIF attachments per DXG • 10 VGW associations per DXG S U M M I T
  • 31. Direct Connect Gateway with TGW Transit Gateway EN I EN I AZ 1 AZ 2 10.1.0.0/16 EN I EN I AZ 1 AZ 2 10.2.0.0/16 EN I EN I AZ 1 AZ 2 10.3.0.0/16 EN I EN I AZ 1 AZ 2 Shared services 10.4.0.0/16 VPC Attachment VPC Route Table Route Destination 10.3.0.0/16 Local 10.0.0.0/8 tgw-xxxxxxxxx 172.16.0.0/16 tgw-xxxxxxxxx Transit Gateway Route Table Route Destination 10.4.0.0/16 vpc-att-4xxxxxxx 172.16.0.0/16 dxg-att-5xxxxxxx VPC Shared services Transit Gateway Route Table Route Destination 10.1.0.0/16 vpc-att-1xxxxxxx 10.2.0.0/16 vpc-att-2xxxxxxx 10.3.0.0/16 vpc-att-3xxxxxxx 10.4.0.0/16 vpc-att-4xxxxxxx 172.16.0.0/16 dxg-att-5xxxxxxx Corporate data center Customer Router 172.16.0.0/16 DX location Transit VIF VPC Route Table Route Destination 10.3.0.0/16 Local 10.0.0.0/8 tgw-xxxxxxxxx 172.16.0.0/16 tgw-xxxxxxxxx VPC Route Table Route Destination 10.3.0.0/16 Local 10.0.0.0/8 tgw-xxxxxxxxx 172.16.0.0/16 tgw-xxxxxxxxx DX Gateway S U M M I T
  • 32. Site–to-site VPN with TGW Transit Gateway EN I EN I AZ 1 AZ 2 10.1.0.0/16 EN I EN I AZ 1 AZ 2 10.2.0.0/16 EN I EN I AZ 1 AZ 2 10.3.0.0/16 EN I EN I AZ 1 AZ 2 Shared services 10.4.0.0/16 VPC Attachment VPC Shared services Corporate data center Customer Router 172.16.0.0/16 DX location Transit VIF DX Gateway Benefits • Consolidate VPN at the Transit Gateway (TGW) • ECMP support with BGP multi- path (1.25 * 8 = 10Gbps) • 50Gbps throughput • Support full-mesh between all attached networks (on- premises behind DX, on- premises behind VPN and VPC) Branch office 172.17.0.0/16 Customer Router S U M M I T
  • 33. Client VPN S U M M I T
  • 34. Access your cloud workloads from anywhere OpenVPN Tunnel AWS AD Client VPN Endpoints Transit Gateway EN I EN I AZ 1 AZ 2 10.1.0.0/16 EN I EN I AZ 1 AZ 2 10.2.0.0/16 EN I EN I AZ 1 AZ 2 10.3.0.0/16 AZ 1 AZ 2 Shared services 10.4.0.0/16 VPC Attachment VPC Shared services Corporate data center Customer Router 172.16.0.0/16 DX location Transit VIF DX Gateway Branch office 172.17.0.0/16 Customer Router AWS AD VPN ENI VPN ENI TGW-RT Shared service Route Destination 10.1.0.0/16 vpc-att-1xxxxxxx 10.2.0.0/16 vpc-att-2xxxxxxx 10.3.0.0/16 vpc-att-3xxxxxxx 10.4.0.0/16 vpc-att-4xxxxxxx 172.16.0.0/16 dxg-att-5xxxxxxx VPC Route Table Route Destination 10.3.0.0/16 Local 10.0.0.0/8 tgw-xxxxxxxxx 172.16.0.0/16 tgw-xxxxxxxxx TGW-RT VPC Route Destination 10.4.0.0/16 vpc-att-4xxxxxxx 172.16.0.0/16 dxg-att-5xxxxxxx SSH 10.1.0.1 S U M M I T
  • 35. Hybrid DNS architecture OpenVPN Tunnel AWS AD Client VPN Endpoints Transit Gateway EN I EN I AZ 1 AZ 2 10.1.0.0/16 AZ 1 AZ 2 Shared services 10.4.0.0/16 VPC Shared services Corporate data center Router 172.16.0.0/16 DX location Transit VIF DX Gateway AWS AD VPN ENI VPN ENI access ssh.abc.com Route 53 Private Hosted Zone ssh.abc.com - 10.1.0.1 Inbound Resolver 10.4.1.2/10.4.2.2 Outbound Resolve 10.4.1.3/10.4.2.3 Outbound rule example.com  172.16.1.2 DNS Resolver DNS Resolver DNS 172.16.1.2 DNS query ssh.abc.com Inbound Resolver 10.4.1.2/10.4.2.2 Private Hosted Zone DNS reply 10.1.0.1 www.example.com 172.16.1.10 Outbound Resolver 10.4.1.3/10.4.2.3 DNS query www.example.com DNS 172.16.1.2 DNS reply 172.16.1.10 S U M M I T
  • 36. Route 53 Resolver Managed DNS resolver service from Route 53 Enables hybrid DNS resolution over Direct Connect and VPN Create conditional forwarding rules to re-direct query traffic S U M M I T
  • 37. Hybrid connectivity solutions S U M M I T Transit Gateway
  • 38. Thank you! S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Bruce Wang ykwang@amazon.com