-
Ok. Hello cloud girls and welcome to this
lesson.
This lesson we're
going to look at hybrid connectivity options
available for use with hybrid
networks
involving AWS gonna look at a few options
we're
gonna
look
at
software
VPN
is
we're
gonna
look
at
hardware
of
VPNs
and
direct
connect which is AWS is dedicated
network extension technology.
The lesson will focus on the why
elements of the technologies detailing the
appropriate use
strengths and
limitations.
So let's get
started.
First let's look
at a software VPN from which a best practice and
architectural standpoint is
the least
desirable connectivity option.
最不希望的
But it does
have some appropriate use cases.
So let's start by looking at the
definition
定义
of a
software VPN and we'll start with a familiar
architecture.
our AWS
account of a VPC created in two availability zones
with two subnets one in each
availability zone,
a
routing
table
on
both
and
the
VPC
route
to
providing
routing
services
to
the
private
network. This should look familiar by
now as we've use this architecture in other
lessons
this time however we're going
to attach an
internet
gateway
to our VPC and we're going to
add a default route to this
internet gateway
from both
subnets will also add an easy to instance
to one of the subnets ,and we're going
to associate an elastic ip address with this
instance.
Essentially
本质上
at
this
point,
the
instance
has
access
to
the
public
internet
and
let's
assume
now
that all the
appropriate
security groups
and network ACL opened of to allow this access.
Now software
VPN uses this Architecture. IT's the use of a
single easy to instance or in some
cases multiple easy to instance is
running a self installed and configured products
such as open
VPN or marketplace pre-
configured VPN endpoint.
Now in the next slide will discuss AWS
is
hardware VPN solution
which you will see is on
paper much
more efficient and performance and easy to manage.
So the obvious question is
why would you use the software the VPN solution ,
first common use cases that due to a
technical or government requirement,
you
may
have
an
existing
on-
premise
custom
VPN
solution
a
solution
that
isn't
based
on
IPsec
and this might be for
example, open-VPN.
In
this
case
you
need
a
compatible
open
VPN
solution
at
the
AWS
side
to
connect
to
in
which case
AWS
is IPsec- based hardware VPN solution
won't be suitable.
Another
use cases that you might want to connect upper to
VPC is together if these VPCs
were in
the same region.
Um you
could just use VPC peering and we're gonna talk
about VPC Peering are elsewhere in
the
course.
But before we
invent 27 inter-region peering wasn't an option.
So the only way to do it
was by using a software VPN and to create
basically the appropriate
network
architecture in the remote region at EC2 instance
with an elastic ip address and assist
ablation software VPN between the VPN
appliances.
So the VPN
appliance in your local region and the one in the
remote region would be able to
talk to
each other
Now of course into region
VPN peering is now possible in twenty eighteen.
So
we
no
longer
really
have
to
worry
about
using
software
the
VPNs
to
connect
VPCs
in
different regions, but
it's important to understand that you know prior
to twenty eighteen and
this was the
standard way of connecting of VPC in different
regions to each other.
So what limitations and features do we
have to deal with when we come to software VPN?
So let's jump to the next
slide and have a look.
So
let's start with the positives of software VPN
solutions.
First, it offers
the widest compatibility.
You can take an easy to instance and
you can install whatever VPN software you like on
that
instance, assuming that you're
okay with managing that software or alternatively
you could use a
marketplace appliance.
You don't have any IPsec
only limitation when using software of a VPNs and
of course it can
be configured quickly
as it's not a physical installation.
So much like the AWS manage hardware
VPN solutions software VPN * software appliances
both
the
AWS
and
and
at
the
remote
end,
not
being
able
to
choose
your
VPN
endpoint
also
ensures that you are aligned with any
strict governance issues.
I
if you have to use a certain vendor provider or
product such as open VPN or any number of
checkpoint VPN solutions.
Now as a downside you need to manage
the instance that's the best case ,worst case is
that
-
-
-
-
-
-
-
-
-
上一篇:六级高频词汇及作文万能句汇总
下一篇:Genesys8.0安装文档