Sergey Nivens - Fotolia


Unlock hybrid cloud with this AWS Transit Gateway integration

AWS Direct Connect should be a much more attractive service for enterprises due to some recent changes. See how these upgrades can simplify your hybrid architecture.

IT teams can reduce overhead and more easily monitor and secure their hybrid networks if they marry two AWS offerings: Direct Connect and Transit Gateway.

AWS Direct Connect provides a dedicated network connection between Amazon's public cloud and a user's private data center. AWS recently updated Direct Connect with improved flexibility, higher capacity options and price cuts, but what really stands out is the support for different kinds of networking architectures via AWS Transit Gateway.

Previously, admins needed to use a mesh network to implement Direct Connect. This involved a lot of administrative overhead without good routing options between multiple networks and VPNs. Now, enterprises can use AWS Transit Gateway to create a hub-and-spoke architecture that links multiple Amazon Virtual Private Cloud (Amazon VPC) VPNs on a single Direct Connect gateway.

"This is a major opportunity for any organization that wants to add enterprise-style controls and monitoring to a hybrid cloud architecture," said Wayne Geils, technology evangelist at ServerCentral Turing Group, an IT consultancy.

Better hybrid computing with AWS Transit Gateway

The Transit Gateway integration reflects the need to support more hybrid computing architectures -- something that wasn't possible with the previously mentioned Direct Connect Gateway, AWS' other feature for linking distributed Amazon VPCs.

A feature under the Direct Connect banner, Direct Connect Gateway was never intended to solve the lack of transitive routing inside of AWS, Geils said. It was merely a way to have a single connection direct traffic to several resources within AWS, which limited its functionality. For example, you could only connect Direct Connect gateways to multiple regions within a single AWS account and could not connect across multiple accounts.

Alternatively, enterprises that use Transit Gateway with Direct Connect have access to a bevy of tools to centralize their network or security efforts. For example, with a central point for network traffic, security tools or VPC flow logs are simpler to deploy and more powerful.

The combination could also mean higher bandwidth, more consistent performance and lower latency for routing hybrid applications compared to using a VPN and the public internet, said Kaushik Joshi, global managing director of strategic alliances at Equinix.

More service tiers, faster speeds and better management

Enterprises that use Direct Connect will also find it's become easier to manage. The standard and now older virtual interfaces are managed by a service provider and shared across multiple customers, which can cause performance challenges. With the recent updates, Direct Connect supports a new dedicated hosted virtual interface. As a result, enterprises can expect the full bandwidth they purchased.

Partners can also offer more granular service tiers. For example, Equinix, which partners with AWS through its Interconnection Platform, had previously topped out its Direct Connect speeds at 500 Mbps on its Equinix Cloud Exchange Fabric. Faster speeds were one of the most requested capabilities and features, Joshi said.

Now, Direct Connect offers speeds of up to 10 Gbps. AWS also reduced its pricing for speeds of 500 Mbps and below. With a Hosted Connections Model of up to 10 Gbps, Direct Connect partners can programmatically automate the network connection between an enterprise's on-premises and Amazon VPC environments.

With this model, AWS does not allow oversubscription of the Interconnects between the AWS Direct Connect partner and the AWS network. To ensure adherence to this policy, AWS monitors the interconnect capacity and health, resulting in better performance and network guarantees for customers.

These updates make the revamped Direct Connect viable for several important uses, Joshi said, including:

  • high-bandwidth applications;
  • incorporating AWS tools with databases such as Oracle or Microsoft SQL;
  • migrating on-premises workloads to AWS such as VMware and SAP applications;
  • hybrid and multi-cloud architectures for mission-critical applications, especially based on VMware and SAP HANA; and
  • business continuity and disaster recovery environments from a private data center to AWS.

New model required and current limitations

Some enterprises aren't ready to implement these newer types of networking architectures and will face a challenge adopting the updated Direct Connect. These enterprises still follow the older model, where private, point-to-point connections are considered better, safer and faster, even though that's not always true, Geils said. These private, point-to-point connections can have higher security risks due to an increased number of connections and can also require more overhead management.

On the flipside, not everyone needs these capabilities. Some companies will buy a dedicated connection to AWS because they can, without researching to see if it they should.

If a company already has its on-premises environment in a major co-location facility, it's unlikely that a Direct Connect link will be significantly faster than the directly peered IP transit they currently have, Geils said. Here, the company should stay with a VPN-based design until the bandwidth savings of Direct Connect offset the cost.

And even with the latest round of updates, Direct Connect still has its limitations. For example, it only supports point-to-point connectivity to AWS regions, which means it doesn't support multi-cloud options. For that, enterprises will need to turn to third-party interconnect options. Third-party providers also offer private connections to enterprise data centers where Direct Connect services may not be available.

Dig Deeper on AWS infrastructure

App Architecture
Cloud Computing
Software Quality