Sample VPC configurations

To better understand how you can deploy Cloud Manager and ONTAP Cloud in AWS, you should review the most common VPC configurations.

The most common VPC configurations for Cloud Manager and ONTAP Cloud include the following:

For information about advanced configurations, see NetApp Technical Report 4352: Networking Configurations for NetApp ONTAP Cloud for Amazon Web Services.

A VPC with public and private subnets and a NAT device

This VPC configuration includes public and private subnets, an Internet gateway that connects the VPC to the Internet, and a NAT gateway or NAT instance in the public subnet that enables outbound Internet traffic from the private subnet. In this configuration, you can run Cloud Manager in a public subnet or private subnet, but the public subnet is recommended because it allows access from hosts outside the VPC. You can then launch ONTAP Cloud instances in the private subnet.

Note: Instead of a NAT device, you can use an HTTP proxy to provide Internet connectivity.

AWS Documentation: Configuration Scenario 2 (VPC with Public and Private Subnets)

The following graphic shows Cloud Manager running in a public subnet and single node ONTAP Cloud instances running in a private subnet:

This illustration shows Cloud Manager and a NAT instance running in a public subnet, and Cloud ONTAP instances and a NetApp Support instance running in a private subnet.

A VPC with a private subnet and a VPN connection to your network

This VPC configuration is a hybrid cloud configuration in which ONTAP Cloud instances become an extension of your private environment. The configuration includes a private subnet and a virtual private gateway with a VPN connection to your network. Routing across the VPN tunnel allows EC2 instances to access the Internet through your network and firewalls. You can run Cloud Manager in the private subnet or in your data center. You would then launch ONTAP Cloud instances in the private subnet.
Note: You can also use a proxy server in this configuration to allow Internet access. The proxy server can be in your data center or in AWS.

If you want to replicate data between FAS systems in your data center and ONTAP Cloud systems in AWS, you should use a VPN connection so that the link is secure.

AWS Documentation: Configuration Scenario 4 (VPC with a Private Subnet Only and Hardware VPN Access)

The following graphic shows Cloud Manager running in your data center and single node ONTAP Cloud instances running in a private subnet:

This illustration shows Cloud Manager running in a data center, and Cloud ONTAP instances and a NetApp Support instance running in a private subnet. There is a VPN connection between the data center and Amazon Web Services.