Setting Up VPN Sites
Problem to Be Solved
When structuring Virtual Private Network (VPN) connections between multiple sites in a full mesh configuration, the greater the number of sites, the more complex the setup of the individual sites in the VPN router. This increases the maintenance costs. When solving this problem through structuring a star-configuration VPN, the VPN router for each site is connected only to a VPN hub. However, a failure in a VPN hub will affect all of the VPN connections, and thus the availability of the VPN hub is an important issue.
Explanation of the Cloud Solution/Pattern
VPN hubs of the past have required high initial costs such as for redundant structures for the communication devices used in the VPN to increase availability. There has also been the fixed cost for maintaining the facilities, regardless of the amount of use of the VPN connections. Because of this, cost effectiveness has been poor. A VPN function is provided in the AWS Cloud, which you can use as a VPN hub. Because you can use the Cloud infrastructure, with its high availability, on a pay-as-you-go basis, you can structure the VPN connections between multiple sites easily, with both excellent availability and excellent cost effectiveness.
A VPN connection function is provided in the Virtual Private Cloud (VPC) service. Produce the VPN connections between the multiple sites by connecting from the multiple sites with the VPC as the VPN hubs.
- Structure a VPC and set up Virtual Private Gateways as the VPN hubs.
- Set up a customer gateway for the individual sites, and set up the VPN connections so as to connect to the Virtual Private Gateways.
- Set up VPN routers for the individual sites and connect to the VPN hubs.
- Making VPN connections to the VPC for each individual site enables communication without having to set up the other sites.
- You can improve the reliability of the VPN as a whole by connecting the VPN hubs to the high availability/high operating efficiency infrastructure that is the AWS Cloud.
- Regardless of the site outside of the VPC, the communication will always go through the VPC, which will incur a charge.
- Because the networks (sites) that are connected to the VPN gateways can communicate with each other, if there is need for access control, you must do so through the VPN routers at the individual sites.