Changes in the Cloud Computing World

We’re back from China last Saturday night and, predictably, I’m swamped catching up on three weeks worth of queued work. The trip was wonderful (China Trip) but it’s actually good to be back at work. Things are changing incredibly quickly industry-wide and it’s a fun time to be part of AWS.

An AWS feature I’ve been looking particularly looking forward to seeing announced is Virtual Private Cloud (VPC). It went into private beta two nights back. VPC allows customers to extend their private networks to the cloud through a virtual private network (VPN) to access their Amazon Web Service Elastic Compute Cloud (EC2) instances with the security they are used to having on their corporate networks. This one is a game changer.

Virtual Private Cloud news coverage: http://news.google.com/news/search?pz=1&ned=us&hl=en&q=amazon+virtual+private+cloud.

Werner Vogels on VPC: Seamlessly Extending the Data Center – Introducing Amazon Virtual Private Cloud.

With VPC, customers can have applications running on EC2 “on” their private corporate networks and accessible only from their corporate networks just like any other locally hosted application. This is important because it makes it easier to put enterprise applications in the cloud and support the same access right and restrictions that customers are used to enforcing on locally hosted resources. Applications can more easily move between private, enterprise data centers and the cloud and hybrid deployments are easier to create and more transparent.

–jrh

James Hamilton, Amazon Web Services

1200, 12th Ave. S., Seattle, WA, 98144
W:+1(425)703-9972 | C:+1(206)910-4692 | H:+1(206)201-1859 |
james@amazon.com

H:mvdirona.com | W:mvdirona.com/jrh/work | blog:http://perspectives.mvdirona.com

5 comments on “Changes in the Cloud Computing World
  1. pasta says:

    Thank you for this information

  2. Charles, you were asking for a short summary of the VPC service. The feature supports setting up a virtual private network (VPN) inside AWS, the ability to assign EC2 instances to the VPN, and to create an IPSEC tunnel between the VPN and the customer premise. All servers on the VPN can communicate with each other and with servers or clients on the other end of the tunnel. Servers outside the VPN can’t communicate with servers on the VPN or vice versa except as allowed through the tunnel.

    The feature is in beta right now but, once generally available, it will be open to all interested customers.

    –jrh

  3. This is interesting, but what was to stop you from doing this with OpenVPN or OpenSWAN before?

    I see some very interesting uses for this, but also a high degree of support complexity for Amazon. I’m guessing this will only be made available to larger customers?

    It’s surprising how many people can’t get basic IPSEC tunnels to work, even when they fully control both end points.

    Cool stuff. Please keep us posted.

  4. Like all things in security, protection is a combination of policy, process, algorithms, and physical security. I won’t presume to know nearly enough to be able credibly tell other folks what level of security they actually need.

    –jrh

    James Hamilton
    jrh@mvdirona.com

  5. Frank Ch. Eigler says:

    James, can you point to a document that justifies faith in the security of such a VPN-connected configuration? It seems like by its very nature, it gives Amazon direct access to each subscriber’s internal network. With the associated risks being so high, what extra measures is Amazon taking to protect VPN VMs and security data?

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.