Amazon Cloud Journal

On August 26th, 2009, Amazon Web Services launched their new Virtual Private Cloud (VPC) service. According to Amazon, this service:

[...] is a secure and seamless bridge between a company’s existing IT infrastructure and the AWS cloud. Amazon VPC enables enterprises to connect their existing infrastructure to a set of isolated AWS compute resources via a Virtual Private Network (VPN) connection, and to extend their existing management capabilities such as security services, firewalls, and intrusion detection systems to include their AWS resources. Amazon VPC integrates today with Amazon EC2, and will integrate with other AWS services in the future.

Sounds pretty cool, right? Well, I thought so. Back then, this announcement peaked by interest and I wanted to dive in and give it a try. Unfortunately, the VPC documentation leans more heavily toward configurations where a Cisco or Juniper device acts as my Customer Gateway to the VPC. That is certainly a problem as I do not have access to either of those kinds of devices. That got me to thinking... 

Author at the Cloud Computing Expo 2009 Santa Clara Expo Floor

Wouldn't be cool if we could just use OpenSolaris as a VPC Customer Gateway?
Even more interesting would be if I could create and access a VPC from OpenSolaris running inside of VirtualBox on my MacBook Pro! That way, I could have an on-demand virtual data center in the Cloud that I could access from anywhere!

It was from this concept, that I reached out to Dan McDonald and Dileep Kumar. Forming this virtual team, we applied our respective skills to this challenge. As things started to heat up, we pulled in Sebastien Roy and Sowmini Varadhan who provided invaluable support and architectural guidance without which we would still be in troubleshooting hell. (Thank you guys!)

So, where do things stand? (Drum roll, please!)

As it turns out... Yes, we were able to configure OpenSolaris (without any new development required!) to act as a Customer Gateway as part of an AWS VPC configuration. Our initial configuration used a dedicated system with an Internet routable, static IP address per the AWS VPC guidelines. So, question #1 is answered - yes, you can use OpenSolaris as a VPC Customer Gateway! W00t!

With this completed, I was still left wondering about by second question - getting this all to work from OpenSolaris running in VirtualBox on my laptop (or other non-dedicated system). As it turns out, it can be made to work as well - which is pretty cool, but since it is not supported by AWS at this time, it is not a configuration that I would recommend or support. That said, it is pretty cool to see this working (if even only in a "playground" sense).

Would you like to give this a try? Do you have VPC access but do not have a Cisco or Juniper device at your disposal? Well, fear not! Use OpenSolaris FTW!

Today, we are happy to announce the availability of the OpenSolaris VPC Gateway tool (version 0.1). As we stepped through getting everything to work, it was clear that nearly every aspect of the VPC configuration and creation process could be automated - so we automated it! The OpenSolaris VPC Gateway tool requires just a small bit of configuration after which you can quickly and easily establish a basic VPC configuration (with one subnet and one instance). You can customize the tool to make things more complex, but this is left as an exercise to the reader.

The OpenSolaris VPC Gateway tool is publicly available from the Kenai repository complete with installation, configuration and usage documentation.

Note that this is still preview-quality software with all of the necessary caveats that go along with it, but I would encourage those interested in OpenSolaris, VPCs, and especially in both to give it a try and send us your feedback! Thanks in advance and take care!

P.S. Looking for a good default instance to create? Try an OpenSolaris 2009.06 Immutable Service Container!