Cloud Lessons | HUAWEI CLOUD KYON's VPC Terminal Node

Reading Fengyun is a master of Huawei cloud information. He is good at diversifying the presentation of complex information. There is always a picture (Yuntushuo), a simple blog post (cloud small lesson) or short video (cloud video hall) that it produces. You quickly get started with HUAWEI CLOUD. More exciting content click here.

Abstract: In the Huawei Cloud KYON (Keep Your Own Network) enterprise-level cloud network solution, VPC terminal nodes use VPN or cloud private lines to realize offline IDC applications without elastic public IP, and directly access the cloud through the intranet Online services provide safer and more convenient cloud service support for enterprises to quickly iterate and go online.

This article is shared from the HUAWEI CLOUD community " [Cloud Small Class] Basic Services Lesson 81 HUAWEI CLOUD KYON VPCEP ", author: Reading Fengyun.

HUAWEI CLOUD KYON (Keep Your Own Network) enterprise-level cloud network solution creates a simple and agile road to the cloud, and helps enterprises with minimal planning, agile migration, and seamless integration. It is the best choice for enterprises to go to the cloud.

After the enterprise business is migrated to the cloud, offline IDC and cloud services are independent of each other, and resources cannot be shared. If users want offline IDC to be able to use rich and powerful cloud services, they need to repeatedly purchase public network outlets, which will result in low access efficiency and a waste of resources.

HUAWEI CLOUD KYON is based on VPC Endpoint (VPCEP) service, with the help of virtual private network (VPN) or cloud dedicated line (DC), to realize offline IDC applications without elastic public IP, and directly access cloud services through the intranet , Provide safer and more convenient cloud service support for the rapid iteration and launch of enterprise offline business.

What is VPCEP?

VPCEP supports the establishment of a convenient, secure, and private connection channel across VPCs in the same area, so that offline IDCs connected to the VPC can access resources on the cloud without requiring an elastic public IP.

VPCEP is composed of two resource instances, "terminal node service" and "terminal node".

• Terminal node services: configured by cloud services (DNS, OBS, etc.) or user private services (ECS, ELB, or BMS), which can be connected and accessed by terminal nodes.
• Terminal node: used to establish a private connection channel between the VPC and the terminal node service.

When the offline IDC connects to the VPC with the help of VPN or cloud dedicated line, the terminal node created in the VPC can be used to access the terminal node service (cloud service, user private service) through the intranet.

Offline IDC accesses resources on the cloud through VPCEP as shown in the figure:

• Using terminal node 1, IDC can access cloud services (such as OBS, DNS, etc.) through the intranet.
• Using terminal node 2, IDC can access cloud resources (such as ECS) in VPC 1.
• Using terminal node 3, IDC can access cloud resources (such as ELB) of VPC 2 across VPCs.

What are the advantages of VPCEP?

• Excellent performance
  Each gateway node can provide millions of conversations to meet the needs of multiple application scenarios.

• Create and use
  VPCEP resource instances are created in seconds, take effect quickly, respond quickly, and are convenient for users to use.

• Low cost and high efficiency
  IDC does not need to occupy the user's public network resources, and directly connects to the resources on the cloud through the intranet, which reduces the use cost, and has low access delay and high efficiency.

• High security
  Users can privately connect to the terminal node service through the terminal node, avoiding the unknowable risk of leaking server-side related information.

How to configure VPCEP?

Three steps to achieve IDC access to cloud resources through VPCEP:

This example uses IDC to access OBS through the intranet as an example. The terminal node services corresponding to DNS and OBS have been created by the system, and there is no need to create terminal node services.

Warm tips:

If the cloud resource to be accessed is a user private service (such as ECS, ELB, or BMS), you need to create the user private service as a terminal node service before purchasing a terminal node. For details, please refer to Creating a Terminal Node Service.

first step: purchase end nodes connected to DNS

In order to resolve the IDC's request to access OBS to the corresponding terminal node, it is necessary to purchase a terminal node connected to the DNS type terminal node service.

Step 2: Purchase a terminal node

In order to enable IDC to access OBS services through terminal nodes, it is necessary to purchase terminal nodes connected to OBS type terminal node services.

Step 3: Visit the terminal node

By configuring DNS forwarding rules and routing, IDC can access OBS through the intranet.

The following configuration is required:

1. Configure DNS forwarding rules in IDC to forward IDC's access request to OBS to the terminal node corresponding to DNS.
2. Configure the DNS routing from the IDC node to the dedicated line gateway or VPN gateway.
3. Configure the OBS route from the IDC node to the dedicated line gateway or VPN gateway.

For details, please refer to Visit OBS.

here to view the detailed VPC terminal node help documentation.

Click to follow and learn about Huawei Cloud's fresh technology for the first time~