Feeds

Amazon tweaks virtual private clouds

Public and private subnets

High performance access to file storage

Amazon Web Services has cut the encrypted cord on its Virtual Private Cloud.

When the VPC variant of Amazon's EC2 service was launched way back in August 2009, Amazon allowed customers to carve out a chunk of the Elastic Compute Cloud and isolate those server nodes from other EC2 nodes, creating a virtual private network.

The neat trick of the original Virtual Private Cloud service is that it allowed companies with existing data centers to use the same firewalls, intrusion detection systems, and other security resources Amazon deploys for its internal IT gear. As far as system and network administrators could tell, the virtual machines in the EC2-based Virtual Private Cloud were logically indistinguishable from the other physical and virtual infrastructure they manage internally.

Up until now, the only way to access the resources on the Amazon Virtual Private Cloud was to have your own data center with all that VPN gear and software. But starting today, Amazon Web Services will let you designate portions of you Virtual Private Cloud that can be accessible from the internet while still keeping other portions only available through the VPN link. And if you don't want to link your Amazon EC2 resources to your data center, or better still, EC2 is your data center, then you no longer need all that VPN stuff.

Amazon says that the tweaked Virtual Private Cloud gives users control over IP address ranges, subnets, and configuration of route tables and network gateways, just like they would have in a traditional data center. So they can, for instance, create a subnet for web servers that sit on the intertubes and create another subnet for applications and databases that does not hook into the internet.

If you want to still hook into the Virtual Private Cloud using encrypted VPN links, you can of course still do that.

The updated Virtual Private Cloud service allows you to carve up the private IP address range in any way you please into a number of public and private subnets. You control inbound and outbound access to these subnets with network access control lists, and Amazon is allowing you to link an Elastic IP address to any Virtual Private Cloud so you can get to it through the internet as well as the VPN (if you have one). The flexible networking is also available for the S3 storage cloud, not just for EC2 compute instances, so you can store data in the S3 cloud and set it up so it can only be accessed through the Virtual Private Cloud's private subnet.

With the public and private subnet support, now Amazon can host applications, such as SaaS-style applications that have been put out by traditional ERP, CRM, and SCM providers, which have a mix of web-facing modules where customers or partners can get access as well as private modules that are only geared for internal users. ®

High performance access to file storage

More from The Register

next story
European Court of Justice rips up Data Retention Directive
Rules 'interfering' measure to be 'invalid'
Dropbox defends fantastically badly timed Condoleezza Rice appointment
'Nothing is going to change with Dr. Rice's appointment,' file sharer promises
Cisco reps flog Whiptail's Invicta arrays against EMC and Pure
Storage reseller report reveals who's selling what
This time it's 'Personal': new Office 365 sub covers just two devices
Redmond also brings Office into Google's back yard
Bored with trading oil and gold? Why not flog some CLOUD servers?
Chicago Mercantile Exchange plans cloud spot exchange
Just what could be inside Dropbox's new 'Home For Life'?
Biz apps, messaging, photos, email, more storage – sorry, did you think there would be cake?
IT bods: How long does it take YOU to train up on new tech?
I'll leave my arrays to do the hard work, if you don't mind
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
HP ArcSight ESM solution helps Finansbank
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.