Scribd Logo
Upload

Welcome to Scribd!

  • Aws Application Load Balancer Integration VMC Aws Reference Architecture

    Uploaded by

    vijaykumar jena
    22 views1 page
    aws-application-load-balancer-integration-vmc-aws-reference-architecture

    Original Title

    aws-application-load-balancer-integration-vmc-aws-reference-architecture

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    aws-application-load-balancer-integration-vmc-aws-reference-architecture

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    22 views1 page

    Aws Application Load Balancer Integration VMC Aws Reference Architecture

    Uploaded by

    vijaykumar jena
    aws-application-load-balancer-integration-vmc-aws-reference-architecture

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 1

    VMware Cloud™ on AWS - Reference Architecture

    Leveraging Amazon Application Load Balancer (ALB) with VMware Cloud on AWS

    This reference architecture details how Amazon


    Application Load Balancers can be used to load balance
    secured web traffic destined for web servers hosted on
    VMware Cloud on AWS infrastructure. The Three-tier Internet Internet
    architecture shown here leverages AWS native services
    such as Amazon Route 53, Amazon CloudFront, Web
    Application Firewall, AWS Shield, AWS Certificate 10 VMware Cloud Admin
    11 End Users

    Manager, Amazon S3, Amazon RDS, AWS CloudTrail


    and Amazon CloudWatch.

    VMware Cloud on AWS SDDC AWS Cloud

    Deploy and configure web and application servers in


    1 VMware Cloud on AWS. Deploy and configure Amazon
    RDS MSSQL Database server in Highly Available Multi-AZ Internet Gateway
    setup that serves the DB requests to web and app servers
    residing on VMware Cloud on AWS.
    9
    2 Setup VPN connections and/or Direct Connect
    connections with private VIF so that on-prem users and
    9 AWS Certificate Manager
    VMware Cloud admins can access resources on the SDDC 8 Amazon
    WAF/Shield
    as WAN private networks. Ensure routing is configured and ACM AWS Shield
    appropriately.
    2 Enabled Edge
    Locations
    Setup Compute Gateway with appropriate firewall rules to
    3 route the web/app traffic “to and from” web and Internet VPN or Direct Connect Amazon Amazon
    AWS WAF

    application servers and resources from Customer VPC. SDDC Router Route 53 CloudFront
    Setup Management Gateway with appropriate firewall rules
    to route all the administrative traffic to and from
    Management Appliances/VMs. Configure appropriate
    security group rules for ALB, RDS and other resources in On-Premises SSL Encrypted
    Customer VPC. Data Center Traffic

    Configure Application Load Balancer (ALB) for web servers 3 3


    4 to load balance and serve web traffic by using Target
    Customer VPC
    CIDR: 10.10.0.0/16
    Regional AWS
    Services
    Group that are configured to use IP addresses of web Management Compute
    servers hosted on VMC on AWS. Setup ALB and web 10 Gateway Gateway
    servers to use appropriate SSL certificates so all the data Internet Gateway
    in transit are encrypted and secured.
    4 Target Group 5 Target Group

    Configure a second Application Load Balancer (ALB) for 192.168.10.20 192.168.20.5


    5 application servers to load balance and serve application
    Customer Workload VMs 192.168.10.21 192.168.20.6

    traffic coming from web servers, by using Target Group


    192.168.10.22
    192.168.10.23
    192.168.20.7
    192.168.20.8
    9
    VMware
    that are configured to use IP addresses of application Cloud Admin
    servers hosted on VMC on AWS. 1 Application Load Balancer (Web) Application Load Balancer (App)
    AWS
    CloudTrail
    Configure Amazon S3 – as an origin for static contents
    6 like video/audio media files, manuals etc so it can serve
    Web Logical Switch
    192.168.10.0/24
    App Logical Switch
    192.168.20.0/24
    the static contents to Amazon CloudFront. It can also VPC
    Endpoint
    store the log files generated by CloudFront and web and
    application servers hosted on VMC on AWS. 192.168.10.20 192.168.20.5
    for S3 6
    Cross VPC ENI
    7
    Configure VPC endpoint for S3 in customer VPC so the
    7 web and application servers on VMC on AWS can
    192.168.10.21 192.168.20.6
    Availability Zone 1 Availability Zone 2
    leverage low latency and high bandwidth connections
    provided by Cross VPC ENI when accessing S3. 192.168.10.22 192.168.20.7 Amazon S3
    Private Subnet Private Subnet

    Configure Amazon CloudFront with appropriate origin 192.168.10.23 192.168.20.8


    8 servers and behaviours. Setup CloudFront to fetch static
    contents from S3 and dynamic contents from Application ALB Web Target VMs ALB App Target VMs
    Load Balancer. 9
    Integrate AWS edge services, so Route 53 record set
    9 points to CloudFront distribution, with Shield as DDoS
    VMware Cloud on AWS Management Networks Amazon
    detection & mitigation, WAF for L7 traffic
    CIDR: 10.30.0.0/16
    1 CloudWatch

    firewalling/whitelist/blacklist. Configure AWS CloudTrail 10.10.0.0/16


    for collection of relevant logs about user activities on AWS 10.30.0.0/16
    resources and Amazon CloudWatch for monitoring native 192.168.10.0/24
    RDS MS SQL DB Instance – Primary RDS DB Instance - Standby
    AWS resources. (Multi-AZ) (Multi-AZ)
    192.168.20.0/24

    VMWare Cloud Admin manages/administers VMC on AWS


    10 resources over the internet connection or from On-
    ESXi Node 1 ESXi Node 2 ESXi Node 3 ESXi Node 4 ESXi Node n
    ...

    VPC Route
    Premises networks using VPN or Direct Connect Table
    connections.
    AWS Global Infrastructure
    End users access highly available and optimized web sites
    11 hosted on VMC on AWS, that is well integrated with
    multiple AWS Native services and VMC on AWS
    resources.

    ©2019 VMware, Inc. – Designed by the Worldwide Cloud Strategy and Architecture team

    You might also like