As several customers and partners have expressed their interest in our current Amazon capabilities, I’d like to take the chance to summarize our integration with Amazon and their excellent cloud services. In ASG 8.300, we added two different areas of support with Amazon Web Services (AWS) products; our solution can be run within the Amazon Elastic Computing Cloud (EC2)using a pre-built machine image provided by us, along with a dedicated Amazon Virtual Private Cloud (VPC) connector to join your ASG to your VPC with a level of ease never before possible. As a result, you then saw the business case possibilities around using RED appliances and WIFI Access Points for connecting branch offices back to products hosted within Amazon; we have shipped thousands of units in response. If you’d like to get started (or improve) with Amazon Web Services, download some guides on how to setup these configurations yourself, and otherwise learn about what is possible around these technologies, I would invite you to read on for the rest of this posting.
A quick note: if you happen to be in the New York area tomorrow, November 19th, you might be interested in the Amazon Web Services Summit taking place at the Javits Convention center where you will see our products in action along with many other innovative and amazing things. (If you cannot physically attend, they plan to offer streaming for several tracks as well. See below.)
Let’s look at the two primary efforts we have made around integrating with Amazon. While it might look like a lot of acronyms, you’ll quickly get the hang of it. They (and we!) have many products, and every product has some abbreviation. The first is the ability to run a hosted Astaro Security Gateway within the Amazon Elastic Computing Cloud (EC2). To accomplish this, we have built, uploaded, and will now maintain Amazon Machine Images (AMI’s) of our Astaro Security Gateway 8.300+ and Astaro Command Center 3.0+, along with our upcoming Sophos UTM9 release which is available now as public beta to be released in July.
EC2 allows you to take advantage of the massive Amazon infrastructure and make the act of hosting an ASG purely about the software; you don’t need to worry about available bandwidth, redundancy, or hardware failures. There is no need to ship appliances, rack-mount hardware, or deal with cabling. Just activate (launch) an ASG within the EC2, and literally within minutes you have an ASG of any size you need ready for work. EC2 is basically a big datacenter where users can activate “images” (similar to a virtualization platform you might build on your own hardware) and then pay only for the resources & bandwidth your Amazon Machine Images consume. Amazon provides very detailed billing for all activity, and you can run reports down to the penny which show precise resource usage at any time so you are not surprised by any costs with an unexpected bill at the end of a period. We have observed ASG 220-sized instances consuming anywhere from $30-$250 per month, but this directly depends on the installation and how it is used.
In summary, you can activate an ASG within EC2 and then use it like a hosted virtual machine. Partners can connect branch offices to it using our unmatched RED and Wireless products, meaning their customers can avoid having extra infrastructure at their “main” site. Engineers are frequently using Amazon ASG’s for testing and demo purposes as well. With a reliable, scalable ASG running in EC2, the use cases and chances to innovate in solving customer problems are almost endless. I’d invite you to share your successes in our forums at www.astaro.org.
The other thing we’ve added is completely different – A Virtual Private Cloud (VPC) connector within ASG itself. To quickly simplify VPC, it gives you a “piece” of the Amazon cloud to launch your servers in securely, separated in your own private IP space. The problem we wanted to solve by adding a VPC connector into ASG is that VPC requires a customer to have a way “get” to it from their business in order to access whatever they have chosen to run there. This could be mail servers, file servers, or virtually any kind of hosted machine. To do this securely, you need a hardware VPC using a costly and complex product from some larger networking companies, along with the technical knowledge to configure the required BGP routing (to dual redundant gateways) in order to create a connection to VPC. It is not possible to use a very simple, single IPSec VPN tunnel. Our VPC connector lets you download a single file from Amazon and upload it into your local ASG, which then builds the connection to your VPC automatically. You do not need to know anything about advanced routing, complex multi-homed IPSec tunnels, or anything about how the inner workings of VPC operate. If you can enter a name and password or click to upload a configuration file, you can join your ASG to your VPC and be securely accessing your files in minutes. Our VPC connector is all about using your existing ASG located at your business to connect to the Amazon VPC, turning a technical and expensive process into something very simple, and best of all free! You read that right: we’ve included our Amazon VPC connector as part of the Sophos UTM Essential Firewall which is fully free for business use.
Now if you wish to go one step further for the ultimate in cloud-hosted protection and connectivity, launch an ASG within EC2, use the connector to join it to your VPC, and then connect from your office(s) to your ASG using Astaro RED (and Wireless with it!). There is less to configure, less to deploy, and new sites can be brought online by drop-shipping a RED & access point. To get started, you can sign up for Amazon Web Services, use our ASG-EC2 getting started guide (see below), and then follow our other guide to set up your own Amazon Virtual Private Cloud (again, see below) and connecting to it with your ASG (hosted in EC2 or at your own site on hardware/software/virtual appliance). All Astaro AMI’s come with 30 days of full access, and you can request evaluation units and license keys for longer periods.