AWS Service Networking Architecture -AWS服务网络架构
AWS Service Networking Architecture -AWS网络服务架构
- AWS服务网络架构(Overlay):既AWS能向客户所提供网络服务(Network As A Service)
- AWS Cloud Infrastructure(Underlay):AWS底层基础网络架构, 设想一下,如果你是AWS的Network Architecturer, 你将会如何整体规划和构建基础网络来满足客户的各种不同的网络服务需求。 (待续)
- VPC with a Public Subnet Only
- VPC with Public and Private Subnets
- VPC with Public and Private Subnets and Hardware VPN Access
- VPC with a Private Subnet Only and Hardware VPN Access
This scenario includes a virtual private cloud (VPC) with a public subnet and a private subnet. We recommend this scenario if you want to run a public-facing web application, while maintaining back-end servers that aren‘t publicly accessible. A common example is a multi-tier website, with the web servers in a public subnet and the database servers in a private subnet. You can set up security and routing so that the web servers can communicate with the database servers.
"This scenario includes a virtual private cloud (VPC) with a public subnet and a private subnet, and a virtual private gateway to enable communication with your own network over an IPsec VPN tunnel. We recommend this scenario if you want to extend your network into the cloud and also directly access the Internet from your VPC. This scenario enables you to run a multi-tiered application with a scalable web front end in a public subnet, and to house your data in a private subnet that is connected to your network by an IPsec VPN connection.
"This scenario includes a virtual private cloud (VPC) with a single private subnet, and a virtual private gateway to enable communication with your own network over an IPsec VPN tunnel. There is no Internet gateway to enable communication over the Internet. We recommend this scenario if you want to extend your network into the cloud using Amazon‘s infrastructure without exposing your network to the Internet.
"- Network - Amazon VPC -[Network -VPN or Direct Connect- VPC]
- Amazon VPC - Amazon VPC -[VPC - VPN - VPC]
- Intertal User - Amazon VPC -[Remote user -VPN- VPC]
Security Group |
ACL |
Operates at the instance level (first layer of defense) | Operates at the subnet level (second layer of defense) |
Stateful | Stateless |
Rule will be added between instance based on inbound and out bound | |
Only allow rules can be added | Allow and deny rules can be added |
One instance can be attached up to 5 security groups |
要的变化来添加和删除EC2 实例,而不会中断整体信息流。 具体提供了的功能有, 为EC2负载均衡; 为EC2提供冗余备份; 将原本需要在EC2上进行的加密解密功能,提前加密解密,提升EC2的服务性能; 该功能有非常大的价值,如创业公司飞速的用户增长的同时还能保证服务质量, 如dropbox, instagram 等。 具体参考AWS Elastic Load Balancing
郑重声明:本站内容如果来自互联网及其他传播媒体,其版权均属原媒体及文章作者所有。转载目的在于传递更多信息及用于网络分享,并不代表本站赞同其观点和对其真实性负责,也不构成任何其他建议。