my musings on technology

IT and The Cloud: Connecting AWS to HQ

Posted by on Dec 10, 2010 in Musings | 0 comments

IT and The Cloud: Connecting AWS to HQ

The next step in my journey (see previous post) was to prove I could connect the Amazon EC2 server I had built to our Corporate LAN via a secure VPN tunnel.  I spent some time reading up on Amazon’s VPC offering (which is still in Beta) in hopes that I’d be able to simply create an IPSEC tunnel and be done.

I had provisioned my EC2 server in the US West region as it provided the least latency but when I went to fire up the Amazon VPN I found out it was only currently being offered to the US East and EU regions.  Now I had to find a Plan B!

I’ve had some experience with OpenVPN in the past and thought that would be a good place to start. I setup an OpenVPN server on the LAN and set up a OpenVPN client in the EC2 environment.  This worked pretty well and I was able to join the EC2 machine to the Corporate AD domain and work as though I was on the LAN from that machine.  However, I wasn’t convinced this was the most robust solution for a production environment!  It was time to keep looking!

A large number of companies are springing up and building tools that snap on to Cloud Environments and through some investigation found a company called CohesiveFT that have packaged a VPN product for Cloud Environments.  They have a number of products and but solution that seemed best for me was their VPN-Cubed 2.0 Datacenter Connect.

Quite simply the idea is that you:

  1. install an AMI (Amazon Machine Image) that acts are a VPN head device at the EC2 environment
  2. create an IPSEC tunnel between your firewall and the AMI machine
  3. utilize OpenVPN to create a VPN session between your EC2 machines and the AMI

Once that’s all done you’ve got yourself a nice VPN cloud of EC2 machines that connect up to your corporate LAN!

So far this solution has been extremely robust and I would definitely consider this ‘production ready’.  The VPN-Cubed solution was fairly complicated to setup, but luckily I was a network & security engineer in my early career, so used my knowledge of building IPSEC tunnels to my advantage.

Now I have secure connectivity, it’s time to load up some apps and see how they respond working in the Cloud Environment.  I have to say that so far I am very impressed and quite excited about the viability of this solutions as a replacement for my IT Infrastructure!

Similar Posts:

Get Adobe Flash player