As a huawei cloud information giant, Reading Knowledge Cloud is good at presenting complex information in a diversified way. There is always a picture (cloud map), profound and simple blog (cloud class) or short video (cloud vision hall) that can make you quickly start huawei cloud. Click here for more highlights.
Abstract: In Huawei Keep Your Own Network (KYON) enterprise cloud Network solution, VIRTUAL private networks (VPNS) or private cloud lines are used by VPC terminal nodes to enable offline IDC applications to access cloud services from the Intranet without using elastic public IP addresses. It provides secure and convenient cloud service support for rapid offline business iteration and launch.
This article is shared from Huawei cloud community “[Cloud Small Lessons] Basic Services Lesson 81 Huawei Cloud KYON VPCEP”, author: Yun Xiaomeng.
Huawei Cloud KYON (KeepYour Own Network) enterprise-level cloud Network solution, to create a simple and agile way to go to the cloud, to help enterprises with minimal planning, agile migration, seamless integration, is the only choice for enterprises to go to the cloud.
After enterprise services are migrated to the upper cloud, offline IDCs and upper cloud services are independent of each other and resources cannot be shared. If users want offline IDCs to use rich and powerful services on the cloud, they need to purchase the egress of the public network repeatedly, which leads to low access efficiency and resource waste.
Based on the VPC Endpoint (VPCEP) service, Huawei Cloud KYON uses virtual private network (VPN) or cloud private line (DC) to enable offline IDC applications to access cloud services directly from the Intranet without using elastic public IP addresses. It provides secure and convenient cloud service support for rapid offline business iteration and launch.
What is VPCEP?
VPCEP supports convenient, secure, and private channels for inter-VPC connections in the same area, enabling offline IDCs connected to this VPC to access cloud resources without using elastic public IP addresses.
VPCEP consists of two resource instances, Terminal Node Service and Terminal Node.
-
Terminal node service: it is configured by cloud services (such as DNS and OBS) or user private services (such as ECS, ELB, or BMS) and can be connected and accessed by terminal nodes.
-
Terminal node: used to establish private channels between VPCS and terminal node services.
If an offline IDC connects to a VPC using a VPN or a private cloud line, the terminal nodes created in the VPC can access terminal node services (cloud services and private user services) from the Intranet.
The following figure shows how an offline IDC accesses cloud resources through VPCEP:
-
Using terminal node 1, IDC can access cloud services (such as OBS and DNS) from the Intranet.
-
Using terminal node 2, the IDC can access cloud resources (such as ECS) in VPC 1.
-
On terminal node 3, the IDC can access cloud resources (such as ELB) in VPC 2 across VPCS.
What are the advantages of VPCEP?
- performance
Each gateway node can provide millions of conversations to meet the requirements of a variety of application scenarios.
- Namely the box
VPCEP resource instance is created in seconds. It takes effect quickly, responds quickly, and facilitates user use.
- Low cost and high efficiency
The IDC does not occupy users’ public network resources, but directly connects to cloud resources through the Intranet, reducing the usage cost, and reducing access latency and high efficiency.
- High security
Users can connect to terminal node services through terminal nodes in private, avoiding unknown risks caused by the leakage of server information.
How do I configure VPCEP?
The following three steps enable IDC to access cloud resources through VPCEP:
This section uses an IDC to access OBS from the Intranet as an example. Terminal node services corresponding to DNS and OBS have been created in the system.
Tips:
If the cloud resources to be accessed are user private services (such as ECS, ELB, or BMS), you need to create user private services as terminal node services before purchasing terminal nodes. For details, see Creating Terminal Node Services.
Step 1: Purchase terminal nodes that connect to DNS
To resolve IDC access requests to OBS to corresponding terminal nodes, you need to purchase terminal nodes that connect to DNS terminal node services.
Step 2: Purchase terminal nodes connected to OBS
To enable IDC to access OBS services from terminal nodes, you need to purchase terminal nodes that connect to OBS terminal node services.
Step 3: Access the terminal node
You can configure DNS forwarding rules and routes to enable IDC to access OBS from the Intranet.
You need to perform the following configuration:
1. Configure DNS forwarding rules on the IDC to forward IDC access requests to OBS to the terminal node corresponding to the DNS.
2. Configure a DNS route between the IDC node and the private line gateway or VPN gateway.
3. Configure the OBS route between the IDC node and the private line gateway or VPN gateway.
Please refer to visit OBS for details.
Stamp [here] (support.huaweicloud.com/vpcep/index… Vpcepindex&utm _content= Yunxiaoke&UTm _term=CIS-081) to view the detailed VPC terminal node help documents.
Click to follow, the first time to learn about Huawei cloud fresh technology ~