Home > Storage > PowerFlex > White Papers > Dell APEX Block Storage for AWS: Microsoft SQL Server 2022 on Linux with Multi-AZ Resiliency > Network architecture
Figure 2 shows the network architecture for an APEX Block Storage system deployed across multiple AZs in a single AWS region.
In this example, APEX Block Storage is deployed with one VPC (virtual private cloud) and three availability zones within the same AWS region for resiliency. For each availability zone, a separate private and public subnet is created to provide connectivity and routing across different availability zones. A public subnet contains the resources that are accessible over the Internet and the private subnet contains the compute and storage.
A network address translation (NAT) gateway is configured in the public routing table to enable access to the Amazon EC2 instances in the public subnet over the Internet. Security groups are created for Amazon EC2 instances to provide an additional layer of security and control over inbound and outbound traffic at the subnet level.