Browse: Home / Amazon Virtual Private Cloud And Does It Make The World More Secure?

Amazon Virtual Private Cloud And Does It Make The World More Secure?

By on August 26, 2009

Yesterday night, Amazon created quite a bit of flutter by announcing Amazon Virtual Private Cloud targeting the enterprise customers. For
those people who believe in the idea that enterprises should shed all
their existing IT infrastructure and jump right into the public clouds,
this announcement is a big surprise. However, Werner Vogels, the
colorful CTO of Amazon, offered some insights on their strategy.

 We continuously listen to our customers to make sure
our roadmap matches their needs. One important piece of feedback that mainly came
from our enterprise customers was that the transition to the cloud of more complex
enterprise environments was challenging. We made it a priority to address this
and have worked hard in the past year to find new ways to help our customers transition
applications and services to the cloud, while protecting their investments in
their existing IT infrastructure.

If we take off the spin, we can easily see that Amazon is clearly
understanding the dilemma faced by enterprises in embracing public
clouds right away and wanted to lure them with an offering that will
make them relatively comfortable testing the Cloudy waters. They
clearly saw the emergence of a strong private cloud market and this is
a direct response to the competition.



Having said that, one should not dismiss this announcement as a mere
market response. There is a clear wow factor here. This has a potential
to uproot some of the players in the “cloud labs” category and, also,
threaten some vendors in the Amazon ecosystem itself. Plus, it offers
Amazon a direct line to enterprise customers without any intermediary.



Let us check out what Amazon offers as a part of Virtual Private Cloud (See Jeff Barr’s post for more info)

  • Create a virtual private cloud (VPC) on Amazon’s infrastructure and assign a private IP address
  • VPC’s private IP can be further subdivided into subnets for managing the applications and services
  • Seamlessly integrate your VPC with your existing IT infrastructure through an encrypted VPN connection
  • Add/Remove AWS resources as per your needs
  • Route traffic between your VPC and the Internet over the VPN
    connection so that it can be examined by your existing security and
    networking assets before heading to the public Internet (this is
    definitely something which will play well with the enterprises)
  • Extend your existing security and management policies within your IT infrastructure to your VPC
    as if they were running within your infrastructure (well, there is
    definitely a level of spin out here and I will explain it later in the
    post)

The moment I saw the tweet about this announcement, it struck me that
this is a direct threat to VPNCubed from CohesiveFT (See Cloud Ave’s review of VPNCubed and our coverage about their support for EC2). I got in touch with folks at CohesiveFT to ask about their reaction. They highlighted a very important
difference between their product and Amazon’s. It is all about control.
With VPNCubed, the control of network overlay lies in the hands of the
customers whereas in the case of Amazon’s offering, the control is with
them and the need for a trust factor doesn’t go away completely.
VPNCubed supports multiple clouds (Sun Cloud, vCloud, Private
Eucalyptus Cloud, etc.) and it can also work with a hardware based
firewall whereas Amazon’s cannot. CohesiveFT will be releasing a
document soon with a detailed comparison. I will update this post as
soon as they are ready with it.



Let us take the Redmonk approach and resort to the Q&A style to finish off this post.



1) Can you cut all the soundbites and tell me what it is and what are the advantages?



First, it is not a private cloud in the sense of being isolated from
the resources of other customers. The EC2 instances in VPC are still
part of the multi-tenant AWS public cloud. Now, they go a step deeper
and do the separation at the virtual networking level. Without much
information from them, it is just a matter of pure speculation when it
comes to talking about the security of the Amazon VPC. If you hear any
big talk about the security of this offering, take it with a pinch of
salt. However, it is definitely more secure than the regular EC2
instances and the security available through their security groups.



Second, it can be seamlessly integrated with the existing IT
infrastructure using encrypted VPN and, hence, it is possible to
implement some of the existing IT policies on the VPC network.



Thirdly, the traffic from the internet is driven through the company’s
network. This offers some level of flexibility to the enterprise IT to
monitor and dissect the traffic. However, we have to keep in mind that
the instances and the virtual private cloud still lies in the hands of
third party providers. So, before you let your imagination run wild
about the security advantages, it is important to take these things
into account.



To put it short, Virtual Private Cloud is the regular AWS public cloud
with an isolation at a deeper level and with an additional encryption
layer on top of it.



2) Why is there a “wow factor” then?



Well, with this move, Amazon is giving the enterprises an option to
implement the cloud features without the high cost associated with the
on-premise implementation. They offer them a sense of confidence to try
out their cloud with the same economic benefits usually associated with
the public clouds. This also eliminates the need to go through a third
party provider to integrate Amazon cloud with the existing IT
infrastructure. Overall, this has a potential to lure more enterprise
customers to try out the cloud based computing, especially, the public
clouds.



3) Does this offering help customers satisfy the regulatory compliance requirements while using the Amazon’s cloud?



The short answer is no. If you want a long answer or more details, you
have to entice the security gurus like Christofer Hoff or someone else
to write a blog post on this.



4) Are there any other consequences to this offering?



I am keen to see its impact on some of the “cloud lab” companies like
Skytap and others. I know that Skytap has a wider range of OS support
than Amazon but many of these companies were luring the enterprises by
highlighting the complete lack of control on AWS cloud. With this
release, Amazon has taken the necessary steps to plug that hole. It
will be interesting to see how it will play out for them. I will be
talking to Skytap folks tomorrow and I will definitely ask them about
it.

Post Views: 0

Posted in , | Tagged , , , , , | 3 Responses

LinkedIn Twitter
Director, OpenShift Strategy at Red Hat. Founder of Rishidot Research, a research community focused on services world. His focus is on Platform Services, Infrastructure and the role of Open Source in the services era. Krish has been writing @ CloudAve from its inception and had also been part of GigaOm Pro Analyst Group. The opinions expressed here are his own and are neither representative of his employer, Red Hat, nor CloudAve, nor its sponsors.