Some months ago, Amazon Web services announced VPC (Virtual Private Cloud) [1] in a shift to address security requirements for enterprise customers and to give the missing link for hybrid deployments although some concerns remain concerning typically the technology behind their very own offer. Since many of us were recently recommending a list requirements for the cloud VPN [2], we want to acquire Amazon’s announcement being a reason to evaluate and match VPC features with this particular list.
The complete usecase Amazon is dealing with is Communication among the internal community and the cloud. This is actually the list:
Clientless: VPC uses IPSec which can be supported simply by the majority involving security gateways, thus does not require the installation of a customer VPN.
Centralized managing: VPC configuration is furnished by the Amazon online API (although not yet integrated in the Amazon Console). Existing VPN Monitoring tools already used in the internal system also needs to be functional within the private element of the fog up.
Authentication and documentation features: Even when integration with safety measures groups is certainly not yet provided, they will can be anticipated soon. Concerning authentication the process provided is IKE Security Relationship using Pre-Shared Keys. Role based access control is not necessarily provided by Amazon . com.
Integration with endpoint security: VPC focuses on the security associated with communication, not providing endpoint security. Even so, enterprises may deploy existing endpoint safety products within the particular AMIs in the VPC.
Advanced logging plus reporting: In our viewpoint, this is typically the Achilles’ heel regarding AWS – and even VPC is zero better. No details is provided in the network and firewall level.
Help of buy aws account and devices: Do not know yet if multicast will some day be recognized in EC2 in addition to VPC. Concerning products, Amazon announces of which “We also program to support Software program VPNs in the near future. inch
High availability: Just one VPC could be configured per AWS account for the particular moment. No flexible load balancing is definitely available so it is to the consumers to construct their HA solution.
Fixed addressing: Today it is possible to specify a subnet, but the IP address is randomly picked in the subnet. You cannot make use of elastic IPs. These restrictions are expected being dropped by amazon in the roadmap.
Conclusion: Actually though there are a handful of requirements exactly where VPC falls brief, VPC is the important first stage towards IaaS security but it will surely help customers to confidently maneuver to the cloud. It lays the ground on which in turn customers can built upon and extend their security architecture into the public cloud.