Amazon Releases Services To Lure Enterprises to the Cloud
Amazon.com formally added three new capabilities to its cloud computing portfolio with the introduction of Direct Connect and the updates to the Virtual Private Cloud and Identity and Access Management services. These offerings are targeted at organizations looking to construct hybrid or private clouds on the Amazon Web Services platform.
AWS Direct Connect lets customers set up a dedicated network connection between their data center and AWS services. More specifically, if a customer has space with one of three hosting vendors (Equinix, AboveNet, and Level 3 Communication), they can cross-connect between their equipment and AWS. The hosting vendors charge customers to create the cross-connection, but Amazon does not apply any additional setup charges of their own. Once a connection is configured, customers pay Amazon a low per-hour “port charge” as well as outbound data transfer charges incurred. Research group Gartner describes a few of the usage scenarios for Direct Connect:
[Direct Connect] provides direct, fast, private connectivity between your gear in colocation and whatever Amazon services are in Equinix Ashburn (and non-Internet access to AWS in general), vital for “hybrid cloud” use cases and enormously useful for people who, say, have PCI-compliant e-commerce sites with huge databases Oracle RAC and black-box encryption devices, but would like to put some front-end webservers in the cloud. You can also buy whatever connectivity you want from your cage in Equinix, so you can take that traffic and put it over some less expensive Internet connection (Amazon’s bandwidth fees are one of the major reasons customers leave them), or you can get private networking like ethernet or MPLS VPN (an important requirement for enterprise customers who don’t want their traffic to touch the Internet at all).
Direct Connect is just beginning to roll out and is only available to customers in the US-East region. Amazon plans to expand this offering to Los Angeles, San Jose, Tokyo and Singapore in the near future.
Amazon also announced the General Availability of its Virtual Private Cloud (VPC) which had been in limited use during its beta phase. Amazon VPC lets a company carve out an isolated space in the AWS cloud that is only accessible via VPN. In essence, an organization can build a robust private cloud and a complex virtual network within the AWS environment. With its general release, VPC is now available in multiple availability zones in each AWS region. In addition, customers can now define a VPC that spans Availability Zones as well as set up multiple VPN connections for a single VPC. Amazon differentiates Direct Connect from a VPN connection to an AWS VPC as such:
VPN Connections can be configured in minutes and are a good solution if you have an immediate need, have low to modest bandwidth requirements, and can tolerate the inherent variability in Internet-based connectivity. AWS Direct Connect does not involve the Internet; instead, it uses dedicated, private network connections between your intranet and Amazon VPC
The final AWS service to undergo changes is Identity and Access Management (IAM). IAM, available as an AWS product for nearly a year, provides a way to create and manage identities for access to AWS services. With this announcement, IAM now supports Identity Federation. This means that customers may leverage their internal identity repository to allow users to be authenticated and authorized to AWS services without requiring IAM user accounts. Amazon makes federation happen through the use of temporary credentials which are issued by a Security Token Service and passed to the AWS service that the customer is trying to access. As of this writing, identify federation is only possible for Amazon Simple Storage Service (S3), Elastic Compute Cloud (EC2), Simple Queue Service (SQS) and Simple Notification Service (SNS). The AWS team shared sample code that shows how to federate access to AWS services for users in a Microsoft Active Directory.
Whether building a private cloud in Amazon VPC or physically extending a data center using Amazon Direct Connect, customers can more easily obtain the benefits of cloud computing without being forced to perform all of their business on the public internet.
InfoQ Sep 01, 2015