TurnKey Linux Virtual Appliance Library

AWS VPC (virtual private clouds)

 

The work you all have done with this project is outstanding!  And as I continue to get more and more involved with using these appliances for projects and customers, the more I realize and appreciate the value and power of these quick turn-key deployments, not to mention the ability to start with a base appliance and tailor it for the specific task or customer at hand.

That being said, I have been using TKL, the hub, and the TKLBAM functions quite a bit.  The one thing I am wondering about, that I don't see any discussions or direction on is TKL's ability to integrate with the other AWS feature sets -- specifically for this post, I am curious about how TKL can (if possible?) use AWS's virtual private cloud features.

One of the huge values of these appliances is the ability to deploy them quickly and scale quickly as customers needs change and increase (or decrease.)  Some of these being public facing makes sense, but some of these services need to be private and "non-routable."  The way I see AWS and TKL is, it's a tremendous tool for services providers and managed services providers to have essentially a virtual data center without the cost of building out their own.  But in order to really accomplish that, building these systems out inside a private cloud, such as VPC, is a necessity.  (At least that’s how I see it, but maybe I am wrong.)

Can anyone enlighten me and educate me on the ability (or inability) for the HUB to also use AWS's VPC in order to build out a virtual data center and inside a private cloud at AWS? 

Thanks in advance, and again fantastic work!

L. Arnold's picture

An Interesting Question

I am just familiarizing myself with AWS...  My first glance is that the Firewall will be part of that.  The question is whether you can control an internal Zone, and by extention bring access to that Zone to a select set of folks.

Most of the Systems (besides Domain and File Server) are really "Public Devices" that are mainly protected by SSL and which could be protected by other Certifications.  They don't really "work in a small group" so the subject of a Private Cloud really would only go to the level of the Servers you are Running, turning off and on, giving Certs to etc.

Ideally you could define a perimeter though and get these working together and "shutting off the rest of the world" so that you could trust some of the handshaking that goes on.  I think, however, that you will need to figure out how to get your "external boxes" to connect to that hardened perimeter to get much value out of that approach.

My thoughts anyway.

+1

I'd love to see TK HUB being able to create new instances under AWS VPC (where VPC is configured). 

L. Arnold's picture

You can basically do this now...

Have you implemented any of the Aps yet "launch as cloud server"..?   I have done so with Joomla.  You can share EBS Volumes.  It is all quite quick and seemingly functional.

Explore the Hub a bit and if you find something missing, please elaborate.

I'd like to understand how to

I'd like to understand how to do this as well.  AFAIK, launching into Amazon's cloud doesn't neccessarily launch into a VPC, but I could be wrong.

So I just tried this out to

So I just tried this out to see how it might work.  Launching an instance from TKL only launches in EC2, there is no way to launch into VPC, which is a bummer.  Not only that, but you can't migrate from EC2 to VPC, only save to EBS and reprovision on VPC, with new IPs and new Elastic IPs.

All of which is much less than optimal, esp. for SaaS apps that might require steady refreshes or dynamic scaling.   You can do much of this via the AWS Console, but it would be nice to be able to choose a VPC deployment from within TKL.  I understand there are issues with this (e.g. no direct internet access) that might be problematic for TKL, but anyone using VPC will be aware of these, IMHO.

Chris.

Following up on my earlier

Following up on my earlier posts -

It would be nice to have the option to create an AMI out of a backup.   Perhaps it's possible to restore a backup to a generic instance running in VPC, I haven't tried that yet.   Either way, it would be a 'pull' deployment rather than a 'push' (like the current TKL tools). 

I'm going to be deploying shortly, so we'll see what the easiest solution is to run in VPC.

L. Arnold's picture

Can you install a AWS VPC from an ISO image?

It seems you should be able to install an ISO TKL Image to an Amazon VM that is outside of the Turnkey setup itself.  This is basically what installing to VMWare (what I use) allows.  This can be done with an ISO image or a VM template.

That said, I have not tried it much w/ Amazon.  TKL installs on Amazon from "within" the hub are pretty easy to implement and there are some basic IP setups allowed there.

I have also installed some Amazon imgages (outside of TKL) but those have install set up by Amazon (ie Windows Server installs).  It would seem you could throw a TKL ISO at a Amazon VM the way you can with other VM formats, at least some how.

Post new comment

The content of this field is kept private and will not be shown publicly. If you have a Gravatar account, used to display your avatar.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <p> <span> <div> <h1> <h2> <h3> <h4> <h5> <h6> <img> <map> <area> <hr> <br> <br /> <ul> <ol> <li> <dl> <dt> <dd> <table> <tr> <td> <em> <b> <u> <i> <strong> <font> <del> <ins> <sub> <sup> <quote> <blockquote> <pre> <address> <code> <cite> <strike> <caption>

More information about formatting options

Leave this field empty. It's part of a security mechanism.
(Dear spammers: moderators are notified of all new posts. Spam is deleted immediately)