Amazon Freshens Up Virtual Private Cloud With Networking Capabilities


Amazon Web Services has put a fresh coat of paint on its Virtual Private Cloud (VPC) play with a set of free networking tools that lets companies build a virtual network and specify which resources they wish to make directly accessible to the Internet and which they do not.

Previously, Amazon Virtual Private Cloud was used to connect IT infrastructure and the AWS cloud using an encrypted VPN connection and all communications were routed across that VPN connection. Amazon VPC was not directly accessible to the Internet. The VPC updates no longer require a VPN or existing infrastructure resources in order to leverage Amazon VPC, the company said.

The new features expand the Virtual Private Cloud with what Amazon called "virtual networking for Amazon EC2," a release that Amazon evangelist Jeff Barr called "massive," in a blog post announcing the new VPC features. With the new additions users can manage connections between data centers and Amazon's cloud offerings, EC2 and S3.

The new additions come as Amazon Web Services makes a stronger push toward the enterprise, a move that Amazon CTO Werner Vogels said will require a strong ecosystem of partners to accomplish.

According to Barr, new features include a new VPC Wizard to streamline the setup process for a new VPC; full control of network topology, including subnets and routing; access controls at the subnet and instance level, including rules for outbound traffic; Internet access via an Internet Gateway; elastic IP addresses for EC2 instances within a VPC; support for Network Address Translation (NAT); and the option to create a VPC that doesn't have a VPN connection.

"You can now create a network topology in the AWS cloud that closely resembles the one in your physical data center including public, private and DMZ subnets," Barr wrote. "Instead of dealing with cables, routers, and switches you can design and instantiate your network programmatically. You can use the AWS Management Console (including a slick new wizard), the command line tools, or the APIs. This means that you could store your entire network layout in abstract form, and then realize it on demand."

Using the networking tools, Amazon cloud users can provision private sections of the AWS cloud to launch resources in a virtual network. With Amazon VPC, users can define a virtual network topology that resembles the traditional network that would be in the data center while maintain the same control over the virtual networking environment that they would with an on-premise system.

According to Barr, one use case for VPC could to create a public-facing subnet for Web servers that accesses the internet while the backend systems like databases and application servers remain in a private subnet with no access to the Web. Barr added that users can also leverage multiple layers of security, including security groups and network access control lists to control who can access EC2 instances on each subnet.

"Amazon VPC has been the first stop for many enterprises as they build migration plans to the cloud. The service has provided a secure bridge between an existing datacenter and the AWS cloud via a Virtual Private Network (VPN) and enables enterprises to extend their existing security and management policies to AWS," Peter De Santis, general manager of Amazon Elastic Compute Cloud, said in a statement. "Starting today, enterprises can also choose to connect to AWS without a VPN, by setting up virtual networks within the AWS cloud that they can control and customize. We're excited to make available this level of security and simplicity."