Help Center> VPC Endpoint> Best Practices> Using VPCEP and Direct Connect to Enable On-premises Data Centers to Access Cloud Services> Overview
Updated on 2023-03-27 GMT+08:00
View PDF

Overview

Scenarios

After enterprise A migrated some of its workloads to the cloud through Direct Connect or VPN, its on-premises data center maintains a complex hybrid cloud architecture for a long time. Some production and testing workloads are running on on-premises data centers, and some production and testing workloads are running on Huawei Cloud or other cloud platforms. In this way, the on-premises data center often needs to access cloud services through intranets. However, many cloud resources and services still cannot be accessed through Direct Connect or VPN only.

As shown in Figure 1, the on-premises data center prefers to access ELB in VPC1, ECS in VPC2, and other cloud services (OBS and DNS) without using the Internet.

Figure 1 On-premises data center accessing Huawei cloud services

Solution Architecture

To meet enterprise A's requirements of communicating with Huawei Cloud and accessing resources and other cloud services in VPCs without using the public network, we offer the customer a solution in which the following two services are used:

  • Direct Connect: a service that allows enterprise A to establish a stable, high-speed, low-latency, secure dedicated connection that connects A's on-premises data center to Huawei Cloud. Direct Connect allows A to maximize legacy IT facilities and leverage cloud services to build a flexible, scalable hybrid cloud computing environment.
  • VPC Endpoint: VPCEP enables A to access Huawei Cloud services or other private services over the Huawei Cloud network. It provides flexible networking without having to use EIPs.
As shown in Figure 2:
  • Direct Connect enables communications between A's on-premises data center and VPC1.
  • With VPC endpoint 1, enterprise A accesses ELB in VPC1 from its on-premises data center.
  • With VPC endpoint 2, enterprise A accesses ECSs in VPC2.
  • With VPC endpoint 3, enterprise A accesses Domain Name Service (DNS) over the intranet.
  • With VPC endpoint 4, enterprise A accesses Object Storage Service (OBS) over the intranet.
Figure 2 On-premises data center accessing Huawei Cloud services with Direct Connect and VPCEP

Not all cloud services can be accessed from on-premises data center through VPC endpoints over the intranet. Only services that support VPCEP can access cloud resources and services over the intranet.

Advantages

  • VPC endpoints take effect a few seconds after they are created.
  • Customers can use VPC endpoints to access resources across VPCs without having to use EIPs.
  • Unknown risks caused by server information leakage can be prevented, ensuring security and privacy.

Constraints and Limitations

  • You have a Huawei Cloud account, and the Huawei Cloud account has been configured with operation permissions of related services.
  • The account is not in arrears and the account balance is sufficient to pay for the resources involved in this best practice.
  • Direct Connect locations have been determined and the site survey of on-premises data centers have been completed together with the carrier. For details, see Preparations.
  • The cloud resources or services that users need to access have been developed based on the VPCEP standard development process and rolled out in the corresponding region.