Overview—Secure Highly Available Internet-Facing Applications
In this use case, we show you how to secure highly available two-tier applications in Amazon Web Services (AWS) that are accessed by users over the internet. This setup is one specific example that uses WordPress and MySQL as the 2-tier applications. It includes a relational database service, a DNS-based global load balancing web service, Citrix NetScaler load balancers, and several VM-Series firewalls to secure north-south and east-west traffic flows to the applications in the Amazon Virtual Private Cloud (VPC). For high availability, the VPC spans two Availability Zones (AZs) on AWS. There are many other applications and architectures that Palo Alto Networks firewalls can secure; this use case is just one option.
The following table lists the elements required to deploy the solution for highly available internet-facing applications on AWS.
Amazon Elastic Compute Cloud (EC2) Instances
Web applications that are accessed by users over the internet. These applications are typically deployed in a multi-tier architecture on EC2 instances in an AWS VPC. AWS provides the infrastructure for ensuring uptime, scalability, and performance to meet your business needs.
Examples include: Citrix NetScaler VPX, F5 Networks BIG-IP Local Traffic Manager (LTM), and NGINX Plus
The load balancer monitors the availability of servers, the database service, and the firewalls to ensure a seamless failover when an instance fails.
This use case shows how to use the Citrix NetScaler VPX for deploying a highly available web application, but you can use a different load balancer.
Multiple instances of the VM-Series firewall are deployed to secure all your applications and database servers. The firewalls secure each subnet and restrict access in a way that matches the business and technical requirements of your multi-tier architecture. This segmentation provides multiple layers of defense to ensure that business-critical services and data are always safe.
Global Server Load Balancing (GSLB) Service
Amazon Route 53
Amazon Route 53 is a DNS-based GSLB web service that provides DNS and multi-Availability Zone (AZ)/VPC redundancy. Route53 allows you to create and manage DNS records, connect user requests to an infrastructure, such as your web servers and load balancers running on AWS, and perform health checks to monitor the health of your servers and route traffic appropriately.
Amazon Relational Database Service (RDS)
The Amazon RDS is tightly integrated with other Amazon Web Services. Amazon RDS offers a selection of engines for your database instances.
See Deploy the Solution Components for Highly Available Internet-Facing Applications on AWS for the configuration details.
Recommended For You
Recommended videos not found.