my musings on technology

IT and The Cloud: Connecting AWS to HQ

Posted by on Dec 10, 2010 in Musings | 0 comments

IT and The Cloud: Connecting AWS to HQ

The next step in my journey (see previous post) was to prove I could connect the Amazon EC2 server I had built to our Corporate LAN via a secure VPN tunnel.  I spent some time reading up on Amazon’s VPC offering (which is still in Beta) in hopes that I’d be able to simply create an IPSEC tunnel and be done.

I had provisioned my EC2 server in the US West region as it provided the least latency but when I went to fire up the Amazon VPN I found out it was only currently being offered to the US East and EU regions.  Now I had to find a Plan B!

I’ve had some experience with OpenVPN in the past and thought that would be a good place to start. I setup an OpenVPN server on the LAN and set up a OpenVPN client in the EC2 environment.  This worked pretty well and I was able to join the EC2 machine to the Corporate AD domain and work as though I was on the LAN from that machine.  However, I wasn’t convinced this was the most robust solution for a production environment!  It was time to keep looking!

A large number of companies are springing up and building tools that snap on to Cloud Environments and through some investigation found a company called CohesiveFT that have packaged a VPN product for Cloud Environments.  They have a number of products and but solution that seemed best for me was their VPN-Cubed 2.0 Datacenter Connect.

Quite simply the idea is that you:

  1. install an AMI (Amazon Machine Image) that acts are a VPN head device at the EC2 environment
  2. create an IPSEC tunnel between your firewall and the AMI machine
  3. utilize OpenVPN to create a VPN session between your EC2 machines and the AMI

Once that’s all done you’ve got yourself a nice VPN cloud of EC2 machines that connect up to your corporate LAN!

So far this solution has been extremely robust and I would definitely consider this ‘production ready’.  The VPN-Cubed solution was fairly complicated to setup, but luckily I was a network & security engineer in my early career, so used my knowledge of building IPSEC tunnels to my advantage.

Now I have secure connectivity, it’s time to load up some apps and see how they respond working in the Cloud Environment.  I have to say that so far I am very impressed and quite excited about the viability of this solutions as a replacement for my IT Infrastructure!

Similar Posts:

Disclaimer
The views and opinions mentioned in this blog are strictly my own and in no way reflect those of my employer or any other corporation or individual in any manner.
Be Sociable, Share!
Get Adobe Flash player