March 15, 2011, 12:59 PM —
Amazon announced this morning an aging but well proven remote-access technology that might help fudge the difference in security between the two major classes of service external cloud providers like Amazon can offer: public and private.
The Amazon Virtual Private Cloud goes a long way to make a cloud-computing architecture look like a network of LANs, using traditional VPNs for secure access and common security approaches to add more granular control over who has access to what information in the cloud, when and how.
Both private and public clouds run a customer's workloads on virtual servers, on top of hypervisors (usually VMware's) and management, load balancing and security services or software -- mostly proprietary in Amazon's case.
The difference is that public clouds run all a customer's VMs on physical machines that also run VMs from other customers, relying on encryption, firewalls and other security built in by the customer to keep the VM secure.
Hosted private clouds (running on a service provider's site, not inside a customer's data center) run the customer's VMs on physical machines devoted only to them, and often include blocks of storage and links to the Internet the customer doesn't have to share, either.
The new service, Amazon Virtual Private Cloud, is a VPN that encrypts all the communication between VMs running on Amazon's EC2 and the customer's home network and creates a series of controls over the VMs running on Amazon's services.
That, theoretically, convinces both ends they're actually part of the same physical network, rather than being linked through the Internet. It also isolates each customer's network traffic from that of other customers, reducing the potential for leaks in transmission as well as between VMs on a shared physical server.