The following figure shows the architecture of DDVE on AWS:
Figure 1. Architecture of DDVE on AWS
- To keep data traffic between DDVE and the S3 bucket within the AWS infrastructure, it is recommended to create an S3 endpoint. The S3 endpoint keeps DDVE from depending on a NAT Gateway or Public IP address to access the S3 bucket.
- To keep data transfers secure, it is recommended to use a VPN connection to replicate data from an on-premises host to DDVE in the cloud or the opposite way.
- DDVE is categorized as a backend server. It must be kept in a private subnet with a private address. Never set a public IP address for DDVE.
- It is recommended to create the S3 bucket in the region where the DDVE instance is running. A separate bucket per each DDVE is required.
- All DDVE instances must be secured with the appropriate security group entries.
Notes:
- Typically, SSH (Port 22) or HTTPS (Port 443) are used for DDVE inbound access.
- HTTPS (443) must be allowed for outbound S3 bucket access for DDVE.
- TCP ports 2049 and 2051 are used for DD Boost and replication purposes.