On November 9th we were featured in TechTarget’s SearchAWS article discussing AWS Direct Connect updates
AWS Direct Connect updates help globe-spanning users
by Trevor Jones | TechTarget
Improvements to AWS Direct Connect link VPCs in multiple regions, keep traffic within AWS’ network and reduce administrative work to manage these secure connections to the cloud.
AWS customers with an international presence can now more simply establish secure network connections for workloads that span multiple regions.
An update to AWS Direct Connect enables enterprises to establish a single dedicated connection across multiple Amazon Virtual Private Clouds (VPCs) and cut down on administrative tasks. Enterprises have clamored for this capability, as the previous approach required them to set up unique connections in each region and peer VPCs across regions.
This feature, called AWS Direct Connect Gateways, is critical for large companies that want business continuity with data and applications available across AWS regions, said Brad Casemore, an analyst with IDC.
“This is a critical capability for them as they set up direct connections to AWS services,” he said. “They want to ensure they can work across zones as dynamic application requirements dictate.”
All the major public cloud vendors have their own flavor of a dedicated networking service for enterprise customers to improve security, bandwidth and performance. These new AWS Direct Connect Gateways are global objects that exist across all public regions, with interregion communication occurring on the AWS network backbone.
At Onica, an AWS consulting partner in Santa Monica, Calif., most of its enterprise customers have requested this capability because of the challenges created by the old model, said Kevin Epstein, Onica’s CTO.
Previously, users had to rely on IPsec virtual private networks to achieve the same result. That could still create real problems if, say, a master database is in one region and services in other regions rely on that database. Users must either replicate that database across AWS regions or suffer a degree of latency that’s unacceptable for certain workloads.
Amazon built its AWS regions to be self-contained to avoid cascading failures, and while that model helped limit the impact of the major AWS outage earlier this year, it hampers customers in other ways, Epstein said.
In the past, when other vendors added similar capabilities, AWS argued that segmentation between regions was the best way to operate on its platform securely. These gateways represent a change in that strategy.
“This, to me, is the first major step in nodding to the global players and saying, ‘We understand the challenges, and we’re going to take down those barriers for you,'” Epstein said.
AWS Direct Connect Gateways require IP address ranges that don’t overlap, and all the VPCs must be in the same account. Amazon said it plans to add more flexibility here eventually.
The overlap issue may be a problem for large startups that haven’t considered IP address spacing, but it shouldn’t cause too many problems at large enterprises that already have a mature outlook on network allocation, Epstein said.
And while these gateways focus on connections to the cloud, Amazon is also making network changes within its cloud. AWS PrivateLink creates endpoints within VPCs through a virtual network and IP addresses within a VPC subnet.
PrivateLink can be connected via API to Kinesis, Service Catalog, Elastic Compute Cloud, EC2 Systems Manager and Elastic Load Balancing, with Key Management Service, CloudWatch and others to be added later. That allows customers to manage AWS offerings without any of that traffic travelling over the internet and cut down on costly egress fees.
“This is mostly about keeping the traffic within the AWS network,” Casemore said. “Customers incur additional charges when data must traverse the internet.”
To read the full article, please visit TechTarget. To learn more about how Onica’s CloudOps Pilot and Cloud Cost Optimizer services will benefit your organization, contact us.
