1
00:00:00,180 --> 00:00:01,013
‫Okay,

2
00:00:01,013 --> 00:00:02,980
‫So now we are getting into the hybrid cloud.

3
00:00:02,980 --> 00:00:05,110
‫So say you have an on-premises data center.

4
00:00:05,110 --> 00:00:06,590
‫This is your own data center,

5
00:00:06,590 --> 00:00:10,220
‫and you want to connect it to the cloud, to your VPC.

6
00:00:10,220 --> 00:00:11,568
‫For this, you have two options.

7
00:00:11,568 --> 00:00:15,270
‫Number one is to use a site-to-site VPN.

8
00:00:15,270 --> 00:00:19,200
‫This is to connect your on-premises VPN to AWS.

9
00:00:19,200 --> 00:00:20,410
‫And what is a VPN?

10
00:00:20,410 --> 00:00:21,950
‫Well, it is a connection

11
00:00:21,950 --> 00:00:22,937
‫between your on-premises data center

12
00:00:22,937 --> 00:00:25,820
‫and VPC that is going to be encrypted,

13
00:00:25,820 --> 00:00:28,400
‫and that goes over the public internet.

14
00:00:28,400 --> 00:00:29,750
‫So this looks like this.

15
00:00:29,750 --> 00:00:30,950
‫Your on-premises data center

16
00:00:30,950 --> 00:00:34,750
‫will connect to your VPC through the public internet,

17
00:00:34,750 --> 00:00:36,050
‫and then it will be encrypted.

18
00:00:36,050 --> 00:00:38,590
‫So no one else can access to communication.

19
00:00:38,590 --> 00:00:41,550
‫So this is very good because it can be set up very quickly.

20
00:00:41,550 --> 00:00:42,460
‫In about five minutes,

21
00:00:42,460 --> 00:00:46,110
‫you can have a connection between your data center in AWS.

22
00:00:46,110 --> 00:00:48,020
‫But it goes over the public internet,

23
00:00:48,020 --> 00:00:49,910
‫so you may have some limited bandwidth

24
00:00:49,910 --> 00:00:51,570
‫and you may have some security concerns,

25
00:00:51,570 --> 00:00:54,170
‫even though it is obviously encrypted.

26
00:00:54,170 --> 00:00:57,310
‫The other option is to use direct connect or DX.

27
00:00:57,310 --> 00:00:59,050
‫Direct connect, is to establish

28
00:00:59,050 --> 00:01:00,890
‫a natural physical connection

29
00:01:00,890 --> 00:01:04,394
‫between your on-premises data center and AWS.

30
00:01:04,394 --> 00:01:05,710
‫And then the connection is going to be

31
00:01:05,710 --> 00:01:07,920
‫private, secure and fast.

32
00:01:07,920 --> 00:01:10,257
‫And it will go over the private network.

33
00:01:10,257 --> 00:01:11,700
‫And that's going to be a lot more expensive

34
00:01:11,700 --> 00:01:13,720
‫because you have to do a physical connection

35
00:01:13,720 --> 00:01:18,050
‫between yourself and a direct connect partner into AWS.

36
00:01:18,050 --> 00:01:20,960
‫And they will take at least a month to establish this.

37
00:01:20,960 --> 00:01:22,660
‫But it's going to be more private

38
00:01:22,660 --> 00:01:25,610
‫and obviously faster and more reliable.

39
00:01:25,610 --> 00:01:26,746
‫So from an exam perspective,

40
00:01:26,746 --> 00:01:29,400
‫they will ask you if it's a site-to-site VPN,

41
00:01:29,400 --> 00:01:31,060
‫you should choose or a direct connect

42
00:01:31,060 --> 00:01:34,410
‫to connect between your on-premises data center and AWS.

43
00:01:34,410 --> 00:01:36,530
‫And it really depends on two factors.

44
00:01:36,530 --> 00:01:38,958
‫Number one, is it going to be private or not?

45
00:01:38,958 --> 00:01:40,083
‫And number two is,

46
00:01:40,083 --> 00:01:43,020
‫does it need to be established fast or not.

47
00:01:43,020 --> 00:01:44,420
‫And from these information's,

48
00:01:44,420 --> 00:01:47,340
‫you should be able to select either the site-to-site VPN

49
00:01:47,340 --> 00:01:48,336
‫or direct connect.

50
00:01:48,336 --> 00:01:51,140
‫Now, just a little bit more details on site-to-site VPN,

51
00:01:51,140 --> 00:01:54,743
‫so, it is to connect your corporate data center to your VPC.

52
00:01:54,743 --> 00:01:56,870
‫For example, you see two instances running

53
00:01:56,870 --> 00:01:58,400
‫in your private sub-net.

54
00:01:58,400 --> 00:02:00,810
‫So for this, to establish a site-to-site VPN,

55
00:02:00,810 --> 00:02:04,530
‫we need on-premises a customer gateway or CGW,

56
00:02:04,530 --> 00:02:06,320
‫and that's something you have to remember at the exam.

57
00:02:06,320 --> 00:02:10,070
‫So it's a customer gateway, or CGW and then

58
00:02:10,070 --> 00:02:13,770
‫on the AWS site you will need virtual private gateway,

59
00:02:13,770 --> 00:02:18,770
‫or VGW and once the two things are provisioned and created,

60
00:02:18,860 --> 00:02:21,862
‫then you can connect them together using a site-to-site VPN.

61
00:02:21,862 --> 00:02:24,840
‫And this is how site-to-site VPN is implemented

62
00:02:24,840 --> 00:02:26,670
‫over the public internet.

63
00:02:26,670 --> 00:02:27,753
‫So remember going into the exam,

64
00:02:27,753 --> 00:02:30,330
‫customer gateway and virtual private gateway

65
00:02:30,330 --> 00:02:32,830
‫are needed to establish a site-to-site VPN.

66
00:02:32,830 --> 00:02:33,670
‫That's it for this lecture.

67
00:02:33,670 --> 00:02:34,503
‫I hope you liked it.

68
00:02:34,503 --> 00:02:36,420
‫and I will see you in the next lecture.