Right now, my company is pre-launch and is getting away with a few dirty hacks. The biggest one is that our staging, ci, and monitoring boxes are available at staging.ourcompany.com, ci.ourcompany.com, and monitoring.ourcompany.com. Since they all have nice HTTP interfaces, hitting those URLs in the browser will show a nice web site-- to everyone who wanders by, whether they're in our company or not.
In a perfect world, those machines would be inaccessible unless the user is one of us. I can't predict people working from home/etc., so I don't want to just whitelist IP addresses.
My understanding is that this is where VPC comes in handy. Our machines are all hosted on EC2, so I started looking into VPC and it made my head explode.
In this scenario, what exactly do I need? My basic, almost-certainly-flawed, understanding is that we'll be VPN'ing into a box that has some sort of custom routing table, and our public DNS (eg staging.company.com) will point to an internal IP that doesn't resolve for anyone else. Then the traffic is tunneled through that VPN box?
Obviously this is a really important thing to do, but I'm clearly over my head. I have a very solid CS education and have run Linux boxes for years, but VPNs and advanced networking is really new to me. Any help would be really appreciated.
No comments:
Post a Comment