By using AWS re:Post, you agree to the AWS re:Post Terms of Use

Directing traffic from distributed locations through the domain to the specified server

0

Hi. This is a new topic for me and I would be very grateful for any help or advice.

We have a distributed network of video servers transmitting and connecting to our central server. Video servers connect to a specific IP address of the central server. Currently, we want, above all, to ensure redundancy of our central servers, redundancy of communications and redundancy of locations. This means different machines and different IP addresses. Therefore, I am looking for a solution that will allow us to:

  • direct traffic to the domain, not the IP,
  • direct traffic from the domain to the indicated central server, which is the main server at a given time, but in the event of a failure it will automatically switch to redundant servers or locations,
  • ensure the security of the solution and enable only authorized video servers to establish a connection with our server - each video server has up to three WAN addresses (failovers),
  • detect and block any anomalies and attack attempts on the infrastructure.

Thank you in advance for any directions.

  • Please accept the answer if it was useful for you

asked 8 months ago210 views
1 Answer
2

direct traffic to the domain, not the IP, you can use Route53 and create A record your-domain.com -> IP address of the central server

but in the event of a failure it will automatically switch to redundant servers or locations, use Route53 "Failover" routing policy and add another IP address as a failover for your domain

https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover-types.html#dns-failover-types-active-passive

ensure the security of the solution and enable only authorized video servers to establish a connection with our server use Security Groups to allow incoming traffic only from specific IP addresses. Associate this Security group with your Central servers

https://docs.aws.amazon.com/vpc/latest/userguide/vpc-security-groups.html

detect and block any anomalies and attack attempts on the infrastructure. this depends on what kind of attacks and which network protocol. You can detect attacks using Amazon GuardDuty as a Threat Detection System, for web traffic you can use AWS WAF. You can also consider AWS Network Firewall or build a custom solution that can analyze VPC Flow Logs and make some preventive actions

profile picture
EXPERT
answered 8 months ago
profile picture
EXPERT
reviewed 8 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions