Home > Storage > PowerFlex > White Papers > Dell APEX Block Storage for Public Cloud: Microsoft SQL Server Multi-Subnet Failover Clustering Deployment > Network architecture
The following figure shows the network architecture for a two-layer system that is deployed across multiple AZs in a single AWS region.
In this example, APEX Block Storage for AWS storage is deployed with one VPC (virtual private cloud) across three availability zones within the same AWS region for resiliency. For each availability zone, a separate private and public subnet is created to provide connectivity and routing across different availability zones. The public subnet contains resources that are accessible over the Internet and the private subnet contains the compute and storage resources.
A network address translation (NAT) gateway is configured in the public routing table to enable access to the Amazon EC2 instances in public subnet over the Internet. Security groups are created for Amazon EC2 instances to provide an additional layer of security and control over inbound and outbound traffic at the subnet level.