Displaying present location in the site.

We Have Summarized the Standard Configurations of EXPRESSCLUSTER X on AWS

EXPRESSCLUSTER Official Blog

December 28th, 2021

Machine translation is used partially for this article. See the Japanese version for the original article.

Introduction

We have summarized the standard configurations and selection method of HA cluster configurations when building HA clusters on Amazon Web Services (hereinafter called “AWS”) using EXPRESSCLUSTER X.

There are various HA cluster configurations on AWS, from the basic configurations described in the “HA Cluster Configuration Guide for Amazon Web Services” to the applied configurations introduced in the blog.
However, as there are many configurations, we think that you may be wondering if you should choose which HA cluster configuration actually.

In this blog, we summarized the features, uses, and selection method of HA cluster configurations on AWS introduced in the configuration guide and previous blogs, so that you can select a HA cluster configuration from the usage scene of HA cluster.

* This article is based on information as of December 2021.

Contents

1. HA Cluster Configurations on AWS

1.1 List of HA Cluster Configurations

In the HA cluster configurations on AWS using EXPRESSCLUSTER, there are the basic configurations described in the configuration guide and the applied configurations for various use cases introduced in the blog.

The HA cluster configurations of the configuration guide and the list of representative HA cluster configurations introduced in the previous blogs have been summarized in the tables of the following links. So please refer to followings for the features and use examples of each HA cluster.

2. Basic Configurations Described in Guide
3. Applied Configurations Described in the Blog

1.2 Selection Method of HA Custer Configuration

The HA cluster configurations on AWS depend on where the client is placed and how the client accesses the HA cluster.
For example, there are HA cluster configurations that can be selected for each of the following items:

Where do you place clients accessing the HA cluster?
  • Place clients accessing the HA cluster in the same Amazon Virtual Private Cloud (hereinafter called “VPC”) as the HA cluster
  • Place clients accessing the HA cluster in the on-premises environment

How do you access applications?
  • Access the HA cluster from the client with a virtual IP address (hereinafter called “VIP”)
  • Access the HA cluster from the client with a virtual host name (DNS name)

Whether to allow access the Internet from the HA cluster?
  • From security perspective, you do not want the HA cluster to access the Internet

Among them, the HA cluster configurations to choose are largely divided depending on the clients location (where you are accessing the HA cluster).
Therefore, at first, we will select the available HA cluster configuration depending on the clients location.

In addition, the basic HA cluster configurations require access the Internet from the HA cluster.
If you do not want the HA cluster to access the Internet, see also the configuration for "If you do not want the HA cluster to access the Internet" below:

For accessing HA cluster from "Instances in the same VPC" 
2.1 HA Cluster Based on VIP Control
Access HA cluster with virtual IP address (VIP)
2.3 HA Cluster Based on DNS Name Control
Access HA cluster with virtual host name (DNS name) provided by Amazon Route53 (private host zone)

For accessing HA cluster from the Internet
2.2 HA Cluster Based on EIP Control
Access HA cluster with the global IP provided by Elastic IP
2.3 HA Cluster Based on DNS Name Control
Access HA cluster with virtual host name (DNS name) provided by Amazon Route53 (public host zone)

For accessing HA cluster using AWS Direct Connect or VPN connection from the on-premises environment (the intranet)
2.3 HA Cluster Based on DNS Name Control
Access HA cluster with virtual host name (DNS name) of Amazon Route53 (private host zone) by linking with Route 53 Resolver or DNS servers
3.1 HA Cluster Based on VIP Control (Directly Access VIP from Outside VPC)
Access HA cluster with virtual IP address (VIP) by linking with AWS Transit Gateway (hereinafter called “Transit Gateway”)

As a prerequisite for HA cluster configurations, EXPRESSCLUSTER X's AWS related resources use AWS Command Line Interface (hereinafter called “AWS CLI”).
The instances for the HA cluster must access the regional endpoint when they run the AWS CLI, so basically the HA cluster needs to access the Internet (for using public subnets).
If you do not want HA cluster to access the Internet for security reasons, consider the following configuration:

If you do not want the HA cluster to access the Internet
3.2 HA Cluster Based on VIP Control Using VPC Endpoint
No need to access the Internet from HA cluster by using VPC endpoints

In combination with this configuration, the HA clusters of 2.1 HA Cluster Based on VIP Control and 3.1 HA Cluster Based on VIP Control (Directly Access VIP from Outside VPC) also eliminate the need for access the Internet from the HA cluster.

2. Basic Configurations Described in Guide

EXPRESSCLUSTER X provides HA Cluster Configuration Guide for AWS.
Here are three configurations in this guide:

[Reference]
popupDocumentation - Setup Guides
  • Windows > Cloud > Amazon Web Services
  • Linux > Cloud > Amazon Web Services

2.1 HA Cluster Based on VIP Control

This is the configuration that is accessible to HA cluster using VIP controlled by EXPRESSCLUSTER X from clients placed in the same VPC as the HA cluster.
This is the most standard HA cluster configuration on AWS using EXPRESSCLUSTER X.
Due to AWS specifications, we cannot access VIP from outside VPC, so clients must be placed in the same VPC as the HA cluster.

For example, this configuration is used to build HA cluster of DB servers and access a DB server using VIP from web servers in the same VPC as the HA cluster.
Consider if you want to access the HA cluster from clients using VIP, or if you want to place the HA cluster within private subnets.

[Reference]
popupDocumentation - Setup Guides
  • Windows > Cloud > Amazon Web Services > HA Cluster Configuration Guide for Amazon Web Services > Constructing an HA cluster based on VIP control
  • Linux > Cloud > Amazon Web Services > HA Cluster Configuration Guide for Amazon Web Services > Constructing an HA cluster based on VIP control

configuration1

As mentioned above, although you cannot access VIP from outside VPC due to the AWS specification, it is also possible to access the HA cluster using VIP from clients outside VPC by linking with Transit Gateway.
Refer to “3.1 HA Cluster Based on VIP Control (Directly Access VIP from Outside VPC)”.
In addition, we use NAT instances to access the Internet from the HA cluster in the “HA Cluster Configuration Guide for Amazon Web Services”, but it is possible to build the configuration that does not allow the HA cluster to access the Internet.
Refer to “3.2 HA Cluster Based on VIP Control Using VPC Endpoint”.

  • * Only HA cluster based on VIP control does not require to access the Internet.
    HA cluster based on DNS name control requires access the Internet.

2.2 HA Cluster Based on EIP Control

This is the configuration that is accessible to HA cluster using the global IP address allocated as Elastic IP address (hereinafter called “EIP”) from clients outside VPC placing HA cluster.
The HA cluster is published directly to the Internet.

For example, this configuration is used to build HA cluster of Web servers in the online shopping systems.
Consider if you need to access the HA cluster from clients outside the VPC placing HA cluster.

[Reference]
popupDocumentation - Setup Guides
  • Windows > Cloud > Amazon Web Services > HA Cluster Configuration Guide for Amazon Web Services > Constructing an HA cluster based on EIP control
  • Linux > Cloud > Amazon Web Services > HA Cluster Configuration Guide for Amazon Web Services > Constructing an HA cluster based on EIP control

configuration2

2.3 HA Cluster Based on DNS Name Control

This is the configuration that is accessible to HA cluster using a virtual host name (DNS name) provided by Amazon Route 53 (hereinafter called “Route 53”) when accessing the HA cluster.
Clients can be placed in the same VPC as the HA cluster, outside the VPC, or anywhere.
It is possible that you make HA cluster closed in the VPC by linking with the private host zone of Route 53, or published to the Internet by linking with the public host zone of Route 53.

Whether you publish HA cluster to the VPC only or to the Internet, you need to access the Internet from the HA cluster to switch Route 53.

[Reference]
popupDocumentation - Setup Guides
  • Windows > Cloud > Amazon Web Services > HA Cluster Configuration Guide for Amazon Web Services > Constructing an HA cluster based on DNS name control
  • Linux > Cloud > Amazon Web Services > HA Cluster Configuration Guide for Amazon Web Services > Constructing an HA cluster based on DNS name control

configuration3

The configuration in the “HA Cluster Configuration Guide for Amazon Web Services” is assumed the environment with clients in the same VPC as HA cluster, but it can also be used in the following cases:
Refer to "2. Benefits of AWS DNS Resource” popupin this blog for the image of the configuration.

  • 1.The client is placed in on-premises environment and the on-premises environment is connected to the VPC as the HA cluster using AWS Direct Connect.
  • 2.Each instance for HA cluster is placed on each VPC in the same region and VPCs are connected with VPC peering connection.
  • 3.Each instance for HA cluster is placed on each VPC in the different regions and VPCs are connected with VPC peering connection.

For more information, refer to "3.3 HA Cluster Based on DNS Name Control (Using Inter-Region VPC Peering)" for the configuration of 3.

3. Applied Configurations Described in the Blog

EXPRESSCLUSTER X has posted various use cases, tips for design and setting, etc. as a blog.
Here are three configurations on AWS posted on this blog.

3.1 HA Cluster Based on VIP Control (Directly Access VIP from Outside VPC)

This configuration is the same as “HA cluster based on VIP control” of “2.1 HA Cluster Based on VIP Control”, but where clients are placed is different.
This configuration is accessible to HA cluster using VIP from clients placed in the different VPC from the HA cluster or placed in on-premises.

For HA cluster based on VIP control, due to AWS specifications, if you do not use the Transit Gateway introduced in this configuration, you cannot access HA cluster using VIP from clients in the different VPC from the VPC where the HA cluster is placed, or placed in on-premises environment.
For example, if you connect VPC to VPC with VPC peering connection or directly connect on-premises to VPC with AWS Direct Connect, you cannot access VIP from clients outside the VPC.

In this configuration, we use Transit Gateway to access HA cluster using VIP from clients placed in the different locations from the VPC where the HA cluster is placed, such as on-premises environment.

If clients are in on-premises environment, see below:

3.2 HA Cluster Based on VIP Control Using VPC Endpoint

This configuration is the same as “HA cluster based on VIP control” of “2.1 HA Cluster Based on VIP Control”, but HA cluster does not need to access the Internet.

EXPRESSCLUSTER X switches destinations of VIP by replacing routes of the route tables using the AWS CLI from the instances for HA cluster.
When the instances run the AWS CLI, the instances for HA cluster need to access the endpoints in the region, so they basically need to access the Internet.

In this configuration, VPC endpoints allow instances for HA cluster in the VPC to access regional endpoints without passing the Internet when using the AWS CLI.

  • * VPC endpoints are the AWS service that allows other AWS services to access privately VPC without going over the Internet.
  • * The configuration using VPC endpoints is only for HA cluster based on VIP control.
    HA cluster based on DNS name control requires access the Internet from the HA cluster.
Consider when you do not want HA cluster to access the Internet for security or other reasons.
For more information, refer to the following:

configuration6

3.3 HA Cluster Based on DNS Name Control (Using Inter-Region VPC Peering)

This configuration is that the instances for HA cluster are placed in each VPC in different regions, among "2.3 HA Cluster Based on DNS Name Control".
By connecting VPCs in each region via VPC peering connection, clients can access the virtual host name (DNS name).

  • * In the environment where VPC to VPC is connected via VPC peering connection, HA cluster based on VIP control is not supported because VIP cannot be accessed across VPCs from clients.
    Since Route 53 can be also accessed across VPCs, HA cluster based on DNS name control is supported.
Consider when you want to place each instance for HA cluster in the different regions and take disaster recovery.

configuration7

Conclusion

This time, we summarized the features and uses of HA cluster configurations by using configurations in “HA Cluster Configuration Guide for Amazon Web Services” and in the previous blogs as examples.
If you are wondering what configurations to build HA cluster on AWS, please read this article.

If you consider introducing the configuration described in this article, you can perform a validation with the popuptrial module of EXPRESSCLUSTER. Please do not hesitate to contact us if you have any questions.