Hybrid Cloud Architecture on AWS- Network Perspective

What is Hybrid Cloud ?

“Hybrid cloud is a composition of two or more clouds (private, community or public) that remain distinct entities but are bound together, offering the benefits of multiple deployment models. Hybrid cloud can also mean the ability to connect collocation, managed and/or dedicated services with cloud resources.” – Wikipedia

A theoretical and scientific definition that basically comes up from all the search engines.

Although to a novice, Hybrid cloud is nothing but an application running on a combination of platforms viz on-premises Data Centre or any other cloud provider and part of the application utilizing resources from the cloud or vice versa.

So, the question arises as to which cloud provider should we decide on?

The explanations while choosing the Cloud Provider should be that it gives ease of exploring and simple to use at the same time along with flexibility. And, well AWS provides these both.

But before migrating your workloads on Cloud, take a step back and find answer to the following questions:

Why do I need to move to the cloud?
What is my use case? Is it helpful to moving on AWS?
Is it fulfilling all my requirements?

After you have considered the above then you can settle on really utilizing AWS services to its potential and architect the Network on AWS.

Architecting a Network

Current Network architecture

While moving any app or part of the app on cloud on-premise network architecture should be considered foremost. A strategy should be defined wherein communication with the AWS Services is possible while creating a Hybrid architecture. It is mandatory to do so considering the changes to be done on on-premise networks for at least two years.

Ways of connecting with AWS

To connect with AWS services following options are available:

Hardware VPN – This is Site to site IPSEC VPN provided by AWS

Direct Connect – This is Dedicated line from AWS to On-Premises Data Centre

3^rd Party Solutions – A large number of third-party solutions are also accessible on AWS Marketplace while connecting to AWS.

Creating Virtual Private Cloud (VPC) on AWS

Subsequently determining the no.of VPC’s required, create a separate VPC for each environment. If the network requirement consists of to focus on the CIDR block of each VPC that is created, one also has an option to peer the VPC.

While selecting the CIDR block of that will connect with the on-premise network using AWS based connection solutions one should consider not to select a CIDR block which is overlapping with on-premise network CIDR block. This helps in while considering a 1 year period use case wherein on-premise data center should be connected to AWS Cloud.

Creating Subnets on AWS

There are two categories of subnets available in AWS Cloud namely Public Subnet and Private Subnet. By default subnets of the same VPC are able to communicate with each other without any restrictions.

Difference between Public and Private Subnet

A single route table also known as default route table is by default specified in a VPC with the implicit association of all the subnets. A different route table can also be explicitly associated with a subnet. Each subnet can only have a single route table but not vice versa, therefore, if a route table displays the below entry that means the associated subnet is a public subnet or else in case the below entry is missing in any route table the associated subnet is a private a subnet.

Destination:0.0.0.0/0

Target: igw-xxxxx (igw-Internet gateway)

Security between Subnets and within VPC

AWS provides two inordinate security features- NACL(Network Access Control List) and Security Groups.

NACL or Network Access Control List delivers security on Network level but one should also make a note that AWS NACL’s are stateless. This means that the responses to allowed inbound traffic are subject to the rules for outbound traffic and vice versa which can likely stop traffic between two subnets that is in contradiction with the usual behavior of the subnet. So, make sure that you are using NACL in the right manner to avoid frequent updates in rules of NACL.

Security groups on the other end act as a firewall to the servers and deliver security at the host level to make changes and open any ports on the fly without making any changes inside the host/Server/EC2. Implicitly everything is denied in security group to allow only specified ports from the specified location.

Cloud Consulting, Strategy, and Migration

DevSecOps

Cloud Security Engineering

Application Assessment

Cloud Native Application Development & Testing

SaaS Product & Platform Development

Data Strategy

Data Governance and Engineering

Advanced Analytics

Cloud Governance & Reporting

Cloud Discovery & Optimization

DevOps Transformation (DoT)

cAssure

cSecure

SaaS Factory Model

BlazePulse

cSaver

Cloud and Platform Modernization

Cloud Security Operations

Conversational AI

Application Maintenance & Enhancement

Application Modernization

Managed Analytics

BI Modernization

Cloud Managed Services

How Analytics Helps Businesses Better Serve their Customers

Building Capabilities of Incident Response/Disaster Recovery on the Cloud

Impactful Cloud Computing Trends to Look For in 2022

Cloud-based End-to-End System Helped Feed Ontario Achieve ~60% Operational Optimization

Azure Cloud Hosting Enabled Etek to See ~40% Performance Improvement in their Website

Cloud Migration Helped Customer Achieve Uniform Platform and Reduce Rollbacks by Over 60%

Ebooks & Whitepapers

Augment Your Deployment Velocity With Terraform

Back to Business as Usual - Rightsizing Your AWS Cloud Cost

Call Us

Email Us

Financial Services

Banking & Insurance

Media & Entertainment

Telecom

Technology

About Us

Our Leadership

Customer Speaks

Strategic Partners

OneClan Life

Clouditects

Work With Us

Thought Leadership

Awards and Recognition

Media Coverage