A.1 Guidelines for Using iSCSI Targets in the Cloud

Consider the following guidelines for your cloud-based iSCSI target solution:

A.1.1 Secure Connections in the Cloud

In this example, access to files occurs across the public Internet. A production environment typically requires a more secure cloud solution. Other IaaS cloud environments provide secure solutions.

For example, the Amazon Virtual Private Cloud (Amazon VPC) extends your own network segment into the cloud across a VPN (virtual private network) connection. This allows you to use your own IP address ranges and keeps all communications secure in a VPN tunnel as files travel across the public Internet.

In a production environment, you should use IPSec for connections (or use a secure solution like the Amazon VPC) to ensure that your data cannot be snooped on the wire.

A.1.2 Secure Access to iSCSI Target Devices

In this example, authentication is not configured for the iSCSI target device. In a production environment, you should configure and require authentication for each iSCSI target device so no one else can attach to your iSCSI target.

A.1.3 Backup in the Cloud

The Amazon EBS solution provides a snapshot option that you can enable to create snapshots in the cloud for your EBS volume.

You can also create a snapshot of your configured VM instance. It is easier to restore the VM from a snapshot than to re-create it.

A.1.4 Costs for Cloud Services

Refer to the pricing information on the Amazon EC2 Web site to determine your potential costs for the cloud-based openSUSE Linux VM, EBS volumes, and the related traffic.