Home > Storage > PowerFlex > White Papers > Dell APEX Block Storage for AWS: Oracle Database Deployment and Performance > Network architecture
Figure 2 shows the network architecture for a Dell APEX Block Storage for AWS deployed across multiple AZs in a single AWS region.
In this example, Dell APEX Block Storage for AWS is deployed in a single region, US East (North Virginia), having one VPC with three availability zones for high availability. For each availability zone, public and private subnets are created with separate route tables respectively. It is recommended to use public subnets for external-facing resources and private subnets for internal resources. In this example, we created two separate routing tables: the main route table enables the public subnet to access the Internet through an Internet gateway, while the private route table enables the private subnet to control the flow of traffic within the VPC.
A network address translation (NAT) gateway is configured in the public routing table to enable the Amazon EC2 instances with a private subnet to connect to the Internet. Security groups are created for Amazon EC2 instances to provide an additional layer of security and control of inbound and outbound traffic at the subnet level.