初心者向けwebinar aws上でのネットワーク構築
TRANSCRIPT
-
WebinarAWS
2015/01/08
-
Introduction AWS Amazon Virtual Private Cloud(VPC) Tips VPC
-
Introduction AWS Amazon Virtual Private Cloud(VPC) Tips VPC
-
Introduction
AWS
AWS
-
AWS
-
LB
Web Web VPN
VPN
VPN
-
AWS
Public Subnet
Private Subnet
LB
Web Web VPN
VPN
VPN
-
AWS
AWS
-
WebinarAWSVPN
-
AWS
AWS
AWS http://aws.amazon.com/jp/architecture/icons/
-
Introduction AWS Amazon Virtual Private Cloud(VPC) Tips VPC
-
AWSUS West(Northern California)
US East(Northern Virginia)
EU(Ireland)
Asia Pacific
(Singapore)
Asia Pacific(Tokyo)
GovCloud(US ITAR Region)
US West(Oregon)
South America(Sao Paulo)
AWS RegionsAWS Edge Locations
EU(Frankfurt)
2015/01/08http://aws.amazon.com/jp/about-aws/global-infrastructure/
Asia Pacific(Sydney)
China(Beijing)
-
(AZ)EU (Ireland)
AvailabilityZone A
AvailabilityZone C
AvailabilityZone B
Asia Pacific (Tokyo)
AvailabilityZone A
AvailabilityZone B
US West (Oregon)
AvailabilityZone A
AvailabilityZone B
US West(Northern California)
AvailabilityZone A
AvailabilityZone B
Asia Pacific (Singapore)
AvailabilityZone A
AvailabilityZone B
AWS GovCloud (US)
AvailabilityZone A
AvailabilityZone B
South America (Sao Paulo)
AvailabilityZone A
AvailabilityZone B
US East (Northern Virginia)
AvailabilityZone D
AvailabilityZone C
AvailabilityZone B
AvailabilityZone A
EU (Frankfurt)
AvailabilityZone A
AvailabilityZone B
-
Amazon VPC(Virtual Private Cloud) Private /1AWS AZ
VPC
Private
SubnetPublic
Subnet
NW
VPN
-
VPC CIDRSubnet
Subnet: 10.0.1.0/24VPC 10.0.0.0/16
WebServer
WebServer
Subnet: 10.0.2.0/24
CIDR IP Addressxxx.xxx.xxx.xxx/16 65,534xxx.xxx.xxx.xxx/20 4,094xxx.xxx.xxx.xxx/24 254xxx.xxx.xxx.xxx/28 14
VPC
-
Elastic Network Interfaces
EC2 VPC
ENI Private IP Elastic IP MAC
http://docs.aws.amazon.com/ja_jp/AWSEC2/latest/UserGuide/using-eni.html
-
Route Table
SubnetRoute Table
Public SubnetRoute Table
Private SubnetRoute Table
IGW(Internet Gateway)
-
VPC Peering
VPCPeering VPCPrivate IP
AWSVPCAWSVPCPeering
VPC-A -> VPC-B -> VPC-C 2Routing
ACRoutingACPeering
-
Amazon EC2(Elastic Compute Cloud)
1
AEC2
B
EC2
EC2
1 //
Windows, Linuxx86OS Windows
OS EC2EC2
-
VPC Security Group
Security Group
EC2Instance Port 22
(SSH)
Port 80(HTTP)
VPC(Inbound)EC2(Outbound) IP
-
AWS SDK/CLI
EC2
ManagementConsole (Web)
AWS
SDK
AWS CLI
>
REST APIVPC
-
AWS
WebAWS
AWShttp://aws.amazon.com/jp/register-flow/
AWShttp://aws.amazon.com/jp/getting-started/
-
AWSTips
-
AWS
AWSTophttp://aws.amazon.com/jp/
-
VPC
VPCDefault VPC)
-
Default VPC
2013124AWSVPC
VPCEC2Default VPC
AZDefaultSubnet SubnetIP
172.31.0.0/20, 172.31.16.0/20Subnet4096IP Default VPCCIDR
172.31.0.0/1665,556IP
-
EC2Default VPC
Default VPCSubnetDefault Subnet
Subnet
Default VPC
Public IP
Step 1: AMI(Amazon Machine Image)
Step 2:
Step 3:
Step 4:
Step 5:
Step 6:
Step 7:
Step 8:
EC2
-
Default VPC
Default VPCVPC
Default VPCAWS
CIDR172.31.0.0/16CIDRDefault VPC
VPC
-
Introduction AWS Amazon Virtual Private Cloud(VPC) Tips VPC
-
VPC
Availability Zone
Availability Zone
PublicSubnet
PrivateSubnet
Internet gateway
PublicSubnet
PrivateSubnet
AZ
PublicPrivateSubnet
-
VPCSubnet
Step 1:VPC
Step 2: Subnet
Step 3:Internet GatewayVPC
Step 4: Route TableInternet GatewayRoute
Step 5: SubnetRoute Table
-
VPC
-
VPC
-
Subnet
PrivateSubnetAZPublicPrivateSubnet
-
Internet Gateway
-
Internet GatewayVPC
-
Route Table
-
Route TableInternet GatewayRoute
-
Route TableInternet GatewayRoute
-
SubnetRoute Table
-
SubnetRoute Table
SubnetRoute Table
VPC subnet1
VPC subnet2
VPC subnet3
Destination Target
10.0.0.0/16 local0.0.0.0 Internet
Gateway
Destination Target
10.0.0.0/16 local
Route Table A
Route Table B
-
VPCPublic SubnetEC2
Public Subnet
VPC
Public IP
Step 1: AMI(Amazon Machine Image)
Step 2:
Step 3:
Step 4:
Step 5:
Step 6:
Step 7:
Step 8:
-
VPCPublic SubnetEC2
LinuxSSH(22)WindowsRDP(3389
Step 1: AMI(Amazon Machine Image)
Step 2:
Step 3:
Step 4:
Step 5:
Step 6:
Step 7:
Step 8:
Source0.0.0.0/0IPEC2
-
EC2SSH
Availability Zone
Availability Zone
Public subnet
Internet gateway
Private subnet
Public subnet Private subnet
-
Introduction AWS Amazon Virtual Private Cloud(VPC) Tips VPC
-
EC2Public IP
Public IPEC2EC2Public IP
Public IPElastic IPEC2
InternetPublic IP Elastic IP
PrivateIP
-
Elastic IP Elastic IP
EC2Elastic IP EC2Elastic IP Elastic IP 1Elastic IPEC2100
Elastic IP EC2IP
ELBEC2Elastic IP
Elastic IPELBEC2ID
-
EC2Private IP
EC2Private IP
ENI
ENI
VPC subnet
ENI
VPC subnet
Private IP: 10.0.0.10 Public IP: x.x.x.x
(OSeth0
Private IP: 10.0.1.10 Public IP: x.x.x.x
(OSeth1
10.0.0.0/24 10.0.1.0/24
-
ENI 1EC2ENI EC2
ENI http://docs.aws.amazon.com/ja_jp/AWSEC2/latest/UserGuide/using-
eni.html#AvailableIpPerENI
HA SMTP
ENI
VPC subnet
VPC subnet
ENI
ENI
ENI
ENI
VPC subnet
ENI
ENI
ENI
IP
ENIAZ
-
Subnet
VPCSubnet
SubnetNetwork Access Control(NACL)
Availability Zone
Availability Zone
Public subnet
Internet gateway
Private subnet
router
Public subnet Private subnet
NACL
-
VPC Security GroupNACL(Network Access Control List)
InstanceIn/Out
SubnetIn/Out
-
Private Subnet
Virutal Private Cloud
Private Subnet
Public Subnet
Internet gateway
WindowsRemote Desktop GatewayEC2Private SubnetEC2 WindowsRemote Desktop
-
Private SubnetEC2 NAT
DB AWS API
Public subnetInternet gateway
Private subnet
Destination Target
10.0.0.0/16 local0.0.0.0 Internet
Gateway
Destination Target
10.0.0.0/16 local0.0.0.0 i-xxxxx
(NATID)
VPNInternet GatewayRouting
-
NAT
1. NATEC2Public Subnet
2. NATEC2SrcDestCheck
EC2
3. Private SubnetRoute Table
EC2amzn-ami-vpc-natAMI
Destination Target
0.0.0.0 i-xxxxx(NATID
-
Introduction AWS Amazon Virtual Private Cloud(VPC) Tips VPC
-
VPC
VPC2 IPSec VPN AWS Direct Connect
EC2VPNVPN
-
VPCVPN
1Customer GatewayVPC
2VPN Customer GatewayBGP BGPVPN
VPNRouting
-
VPCVPN
Step 1: Customer Gateway
Step 2: VPCVirtual Private Gateway (VGW)VPC
Step 3: VPCCustomer Gateway
Step 4: VPC Connection
Step 7: SubnetRoute TableVGWRouting
VPC
Step 5: Customer GatewayConfig
Step 6: VPN ConnectionUP
-
Step 1: VPCVPNCustomer Gateway VPCVPNCustomer Gateway
Astaro Security Gateway 8.3 Astaro Security Gateway Essential Firewall Edition 8.3 Cisco ISRIOS 12.4 Dell Sonicwall Fortinet Fortigate 40+ FortiOS 4.0 Juniper J JunOS 9.5 Juniper SRX JunOS 9.5 ScreenOS 6.1 6.2 Juniper SSG ScreenOS 6.1 6.2 Juniper ISG Palo Alto Networks PA PANOS 4.1.2 Vyatta Network OS 6.5 RTX1200
http://aws.amazon.com/jp/vpc/faqs/
-
Step 2: Virtual Private Gateway(VGW)VPC
-
Step 3: Customer Gateway
-
Step 4: VPN Connection
-
Step 5: Customer GatewayConfigCustomer Gateway
-
Step 6:VPN ConnectionUP
-
Step 7: VPCSubnetRoute TableVGWRouting
VPN http://adsj-contents.s3.amazonaws.com/misc/VPNConnectionInstruction-
20141225.pdf
-
VPN
AWS
virtual private cloud
VPC private subnet
App
LAN
virtual private gateway
customer gateway
VPN connection
users
Internet GatewayRouting
-
VPN
Customer GatewayVPNVPN Customer Gateway
1VPC10VPN 102
AWSVPN EC2VPN
-
AWSVPN10
virtual private cloud corporate data center
virtual private gateway
customer gateway
VPN connection
N
customer gateway
-
EC2VPNVPN
virtual private cloud
VPC public subnet
VPN
VPN
VPN
VPNN
VPN
NVyatta
-
VPC
AWS Direct Connect
AWS Direct Connect http://adsj-contents.s3.amazonaws.com/meister-
re%3AGenerate/20130904_AWS-Meister-reGenerate-VPC-DXVPN.pdf
-
Introduction AWS Amazon Virtual Private Cloud(VPC) Tips VPC
-
PublicPrivateSubnetEC2 Public SubnetPrivate Subnet
-
Public SubnetEC2
Public SubnetEC2NACL
(NAT
NACL
AWSAPI
S3 DynamoDB
-
AWS AWSAPINAT
NAT EC2ELBRDSVPC
virtual private cloud
VPC subnet
RDS DB instance
RDS DB instance standby
(Multi-AZ)
EC2instances
Elastic LoadBalancing
ElastiCachenode
Amazon S3
AmazonDynamoDB
AmazonSimple Queue
Service
Internet gateway
-
Private SubnetEC2
NAT
VPN/Internet Gateway
Web
LBPublic Subnet DB
-
2
VPC
VPCVPC Peering VPC-A -> VPC-B -> VPC-C2
AWS
AWSAWSAWS
VPC SubnetNACL AWS
AWS
-
Introduction AWS Amazon Virtual Private Cloud(VPC) Tips VPC
-
VPCAWS
AZ
IPRouting
VPNRoutingIP
-
Q&A
-
AWS
http://aws.amazon.com/jp/register-flow/
AWS Blackbelt Amazon VPC http://www.slideshare.net/AmazonWebServicesJapan/aws-black-belt-tech-amazon-vpc
Amazon VPC VPN http://adsj-contents.s3.amazonaws.com/misc/VPNConnectionInstruction-20141225.pdf
Amazon Virtual Private Cloud http://docs.aws.amazon.com/ja_jp/AmazonVPC/latest/UserGuide/VPC_Introduction.html
AWS http://aws.amazon.com/jp/aws-jp-introduction/
AWS http://aws.amazon.com/jp/solutions/case-studies-jp/
-
AWS
aws.amazon.com/training
-
Twitter/FacebookAWS
@awscloud_jp
http://on.fb.me/1vR8yWm
-
AWS AWShttps://aws.amazon.com/jp/contact-us/aws-sales/