VPN connections to AWS / Apigee Edge Cloud

kkleva
Participant V

Is it possible to make use of Amazon VPC for remote networks using a VPN connections with my APIs? How would one optimize connections between known remote networks and Edge?

http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpn-connections.html

Solved Solved
0 2 2,985
1 ACCEPTED SOLUTION

Not applicable

There are many connectivity options available in or offered by AWS like DirectConnect, CloudHub, VPC peering, VPNs, and 2-way TLS. Its important to choose the right model for the right situation

For connecting with Apigee Edge Cloud, Apigee recommends 2-way TLS.

While a VPN authenticates that the traffic came from a network and is going to a specific network. 2way TLS can authenticate that the data is flowing from a specific system (or set of systems) to a specific system (or set of systems) - or put another way - 2Way TLS is authenticating the Service sending and the service receiving. This is considered more secure for the service to service connectivity involved in Apigee Edge to customer data centers. It is more scaleable for the customer (vertically) as both Apigee and the customer can add and remove resources from the connection pool without needing to change or coordinate settings on either side. It is also more scaleable for Apigee (horizontally) with hundreds or thousands of customers, and trying to manage VPN connections based on IP addresses, its not realistic at this scale.

For connecting with Edge Cloud, Apigee always recommends 2-way TLS. Experience has shown great success with this method and found difficulties in all the other methods, including a VPN. 2-way TLS allows Apigee to dynamically grow and modify the environments while automatically maintaining a secure and authenticated connection to customer services without the need for manual intervention nor the need to pre-approve large blocks of IP addresses to be available as the services grow or change.

View solution in original post

2 REPLIES 2

Not applicable

There are many connectivity options available in or offered by AWS like DirectConnect, CloudHub, VPC peering, VPNs, and 2-way TLS. Its important to choose the right model for the right situation

For connecting with Apigee Edge Cloud, Apigee recommends 2-way TLS.

While a VPN authenticates that the traffic came from a network and is going to a specific network. 2way TLS can authenticate that the data is flowing from a specific system (or set of systems) to a specific system (or set of systems) - or put another way - 2Way TLS is authenticating the Service sending and the service receiving. This is considered more secure for the service to service connectivity involved in Apigee Edge to customer data centers. It is more scaleable for the customer (vertically) as both Apigee and the customer can add and remove resources from the connection pool without needing to change or coordinate settings on either side. It is also more scaleable for Apigee (horizontally) with hundreds or thousands of customers, and trying to manage VPN connections based on IP addresses, its not realistic at this scale.

For connecting with Edge Cloud, Apigee always recommends 2-way TLS. Experience has shown great success with this method and found difficulties in all the other methods, including a VPN. 2-way TLS allows Apigee to dynamically grow and modify the environments while automatically maintaining a secure and authenticated connection to customer services without the need for manual intervention nor the need to pre-approve large blocks of IP addresses to be available as the services grow or change.

Does Apigee support VPC Peering?