Amazon Web Services has announced expanded functionality of its Virtual Private Cloud (Amazon VPC) Service, by letting enterprises specify which of their Amazon VPC resources they wish to make directly accessible to the Internet and which they do not.
Previously, AWS EC2 customers could provision a private, isolated section of the AWS cloud (called an Amazon VPC) and launch AWS resources into that VPC that were only accessible via a Virtual Private Network (VPN) connection to an existing enterprise datacenter. Amazon VPC was not directly accessible to the Internet. With today’s announcement enterprises no longer need a VPN or existing infrastructure resources in order to leverage Amazon VPC.
Enterprises can now define a virtual network topology in Amazon VPC that closely resembles a traditional network that they might operate in their own datacenter. Customers have complete control over the virtual networking environment, including selection of IP address range, creation of subnets, and configuration of route tables and network gateways. Users can easily customize the network configuration for Amazon VPC, for example creating a public-facing subnet for web servers that have access to the Internet, and placing backend systems such as databases or application servers in a private-facing subnet with no Internet access. Enterprises can continue to choose to connect Amazon VPC to their own existing IT infrastructure with an encrypted VPN connection, extending enterprises’ existing security and management policies to Amazon VPC instances as if they were running within an existing datacenter.
Amazon VPC enables enterprises to easily customize network configurations as well as leverage multiple layers of security for access to Amazon EC2 instances, including security groups and network access control lists. With Amazon VPC, enterprises can:
• Create an Amazon Virtual Private Cloud on AWS’s scalable infrastructure, and specify its private IP address range from any range they choose.
• Divide Amazon VPC’s private IP address range into one or more public or private subnets to facilitate running applications and services in Amazon VPC.
• Control inbound and outbound access to and from individual subnets using network access control lists.
• Store data in Amazon S3 and set permissions so the data can only be accessed from within Amazon VPC.
• Attach an Amazon Elastic IP Address to any Amazon VPC instance so it can be reached directly from the Internet.
• Bridge Amazon VPC and an enterprise’s own IT infrastructure with an encrypted VPN connection, extending enterprises’ existing security and management policies to Amazon VPC instances as if they were running within an existing datacenter.
“We are very excited about this new offering from Amazon Web Services and how it will help with software deployment in the cloud,” said Dr. Wolfram Jost, Chief Technology Officer and member of the Executive Board, Software AG. “Using AWS to deploy software is a trend that we have seen many of our customers looking to adopt. With Amazon’s VPC Internet Gateway, customers will create network configurations that are familiar to what they have in their data center. It gives them the power to support their enterprise software deployments without having to reconfigure or reinvent their networking configuration. With Amazon’s VPC Internet Gateway, customers have the flexibility to adapt their deployed software as their needs change and their implementations grow. As we look to our vision for the cloud, ensuring that our customers can deploy their SOA and BPM based solutions built on webMethods software in an environment that is seamless to their on-premise solutions is a key need.”
In December, Amazon Web Services announced it had achieved Level 1 compliance with the Payment Card Industry (PCI) Data Security Standard (DSS), allowing its customers to run their applications on AWS PCI-compliant technology infrastructure to store, process and transmit credit card information in the cloud. In November 2010, AWS announced it had achieved ISO 27001 certification for its AWS infrastructure, data centers and several services. ISO 27001 (ISO/IEC 27001) is a global security standard that sets out requirements for an Information Security Management System.