Help Center> VPC Endpoint> Best Practices> Using VPC Endpoint and Direct Connect to Enable On-premises Data Centers to Access Cloud Services> Overview
Updated on 2024-03-15 GMT+08:00
View PDF

Overview

Scenarios

After an enterprise migrated some of its workloads to the cloud through Direct Connect or VPN, some production and testing workloads are running in its on-premises data center, and some are running on Huawei Cloud or other cloud platforms. With such a complex hybrid cloud architecture, the on-premises data center often needs to access cloud services through intranets. However, many cloud resources and services still cannot be accessed through Direct Connect or Virtual Private Network (VPN) only.

Figure 1 shows the enterprise's requirements: The on-premises data center accesses ELB in VPC1, ECS in VPC2, and other cloud services (OBS and DNS) without using the Internet.

Figure 1 On-premises data center accessing Huawei cloud services

Solution Architecture

In the solution we offered to meet their requirements, the following two services are used:

  • Direct Connect: a service that was used to establish a stable, high-speed, low-latency, secure dedicated connection between the on-premises data center and Huawei Cloud. With Direct Connect, the enterprise maximized legacy IT facilities and built a flexible, scalable hybrid cloud computing environment.
  • VPC Endpoint: VPC Endpoint enables access to Huawei Cloud services or other private services over the Huawei Cloud network. It provides flexible networking, freeing the enterprise from using EIPs.
In Figure 2,
  • Direct Connect enables communications between the on-premises data center and VPC1.
  • With VPC endpoint 1, the on-premises data center can access ELB in VPC1.
  • With VPC endpoint 2, the on-premises data center can access ECSs in VPC2.
  • With VPC endpoint 3, the on-premises data center can access Domain Name Service (DNS) over the intranet.
  • With VPC endpoint 4, the on-premises data center can access Object Storage Service (OBS) over the intranet.
Figure 2 On-premises data center accessing Huawei Cloud services with Direct Connect and VPC Endpoint

Not all cloud services can be accessed from an on-premises data center through VPC endpoints over the intranet. Only services that support VPC Endpoint can access cloud resources and services over the intranet.

Advantages

  • VPC endpoints take effect a few seconds after they are created.
  • Customers can use VPC endpoints to access resources across VPCs without having to use EIPs.
  • Unknown risks caused by server information leakage can be prevented, ensuring security and privacy.

Constraints

  • A HUAWEI ID is available and must be configured with operation permissions for related services.
  • The HUAWEI ID is not in arrears and the balance is sufficient to pay for the resources involved in this best practice.
  • Direct Connect locations have been determined and the site survey of the on-premises data center has been completed together with the carrier. For details, see Preparations.
  • The cloud resources or services to be accessed have been developed based on the VPC Endpoint standard development process and rolled out in the corresponding region.