Amazon’s Virtual Private Cloud

Amazon has released their Virtual Private Clouds allowing people to extend their network and services to Amazon’s cloud services. Werner Vogels (Amazon’s CTO) describes VPC in his blog. The Virtual Private Cloud is particularly important because it opens the doors wide open for Enterprises to use cloud services. It gives them the ability to embrace cloud services without requiring the sophistication of abstracting their applications or re-writing them. Let me explain.

It seems the majority of people adopting Amazon’s services up until now have been web companies who saw Amazon’s Elastic, internet-facing infrastructure as a way to achieve scale without redundant internet connections, BGP, HA’d firewalls, load-balancers etc etc. It was internet-facing and this is exactly what they needed. However the Enterprise was left at the door. I believe even the most avant garde IT manager ruled Amazon out for a number of reasons.


  • Enterprises have applications that run on private networks. They are not internet facing.
  • Security is an issue and having a thin layer of firewall services is operating on the edge.
  • Anyone can attack your decision to host Enterprise services in the cloud using the classic FUD.
  • Integration of legacy systems or interaction with other Enterprise systems.


Amazon’s VPC addresses these concerns. No Longer are systems sitting on the internet they are sitting on a private network that can only be routed to and from the Enterprise network. Network access can be governed via corporate firewalls, visibility of networks can be governed via Enterprise routing policies. It reflects a paradigm that most IT managers already use for communication between primary and secondary data centres when WAN links fail – Internet VPNs.

You can now carve off some IP address space from your internal network, host it at Amazon and redistribute the route into your Enterprise network so Users and other IT systems can access, replicate, integrate etc. Impressive.

Amazon should have called VPC the ‘floodgate’ as it is now a real no-brainer for an Enterprise to start mass adoption of services from Amazon. I also predict that the early movers will be people replacing disaster recovery environments with DR environments hosted at Amazon. This would allow them to utilise their DR environment as a new production environment (to achieve greater scale) or reduce their operating costs.

Think of something as generic as file servers base on an Open Solaris ZFS file system. Snapshots can be created and replicated from the Enterprise to a system in located on a private network at Amazon. They no longer have to be encrypted and sent to a server located on the ‘public’ internet. They can be copied from a file server deep within the Enterprise to a network that no one has to know is located in the Cloud 😉