Skip to content
Gallery
5. Amazon Virtual Private Cloud (VPC)
Amazon Virtual Private Cloud (VPC)
VPC Peering
AWS Privatelink
VPC Endpoints
Difference between VPC Peering, PrivateLink, and VPC Endpoints
AWS Managed VPN
AWS VPN CloudHub
AWS Direct Connect (DX)
VPC Flow Logs
Misc
More
Share
Explore

icon picker
AWS VPN CloudHub

VPN CloudHub leverages AWS's Virtual Private Gateway to connect multiple VPN connections from different remote sites (spokes) to a central hub (hub-and-spoke model). This setup allows the remote sites to communicate with each other as well as with the central VPC, providing a cost-effective and scalable solution for secure multi-site connectivity.
Key Characteristics:
Hub-and-Spoke Model: The central AWS VPC acts as the hub, with multiple remote sites (spokes) connected to it.
Mesh Network: Enables communication between the remote sites through the central VPC, creating a mesh network without needing direct peering between each pair of sites.
Ease of Management: Simplifies the management of multiple site-to-site VPN connections by centralizing the control through the VPC.

Key points:
Use this design if you have multiple branch offices and existing internet connections and would like to implement a convenient, potentially low-cost hub-and-spoke model for primary or backup connectivity between these remote offices.
VPN CloudHub is used for hardware-based VPNs and allows you to configure your branch offices to go into a VPC and then connect that to the corporate DC (hub and spoke topology with AWS as the hub).
Can have up to 10 IPSec tunnels on a VGW by default.
Uses eBGP.
Branches can talk to each other (and provides redundancy).
Can have Direct Connect connections.
Hourly rates plus data egress charges.
image.png
image.png

Use Cases for VPN CloudHub

Multi-Branch Office Connectivity:
Scenario: A company with several branch offices distributed across different geographical locations needs secure and reliable communication between these branches and the central office.
Solution: Using VPN CloudHub, each branch office sets up a VPN connection to the AWS VPC. The hub-and-spoke model allows all branch offices to communicate with each other and the central office through the AWS VPC.
Centralized Resource Access:
Scenario: An organization has multiple remote sites that need access to centralized resources hosted in an AWS VPC, such as databases, application servers, and file storage.
Solution: By connecting each remote site to the VPC using VPN CloudHub, all sites can securely access the centralized resources without the need for redundant infrastructure.
Disaster Recovery and Backup:
Scenario: Branch offices require a reliable disaster recovery solution and need to backup critical data to a central location regularly.
Solution: VPN CloudHub allows all branch offices to securely transmit backup data to a centralized location in the AWS VPC, ensuring data redundancy and recovery capabilities.
Scalable and Cost-Effective Networking:
Scenario: A growing business is expanding its number of branch offices and needs a scalable solution for secure site-to-site connectivity.
Solution: VPN CloudHub provides a scalable architecture where new branch offices can be easily added by establishing additional VPN connections to the VPC, avoiding the complexity and cost of a fully meshed VPN network.
Cross-Region Communication:
Scenario: An international company with branch offices in different regions needs to ensure secure and efficient communication between these offices.
Solution: Using VPN CloudHub, the company can connect remote sites from different regions to a central VPC, enabling cross-region communication without compromising security or performance.

Benefits of Using VPN CloudHub

Centralized Management: Simplifies network management by centralizing the connections through a single VPC.
Scalability: Easily accommodates additional remote sites by adding new VPN connections to the VPC.
Cost-Effective: Reduces the need for complex and expensive direct peering arrangements between every pair of sites.
Security: Ensures secure communication between remote sites and the central VPC using IPsec VPN tunnels.
Flexibility: Supports various routing options and configurations to meet specific network requirements.


Loading
docs.aws.amazon.com
Want to print your doc?
This is not the way.
Try clicking the ⋯ next to your doc name or using a keyboard shortcut (
CtrlP
) instead.