BlueXP Blog

Connect On-Premises to AWS Cloud

Written by Prabu Arjunan, Solution Architect | Oct 3, 2019 10:05:21 AM

Most cloud-adopting organizations use a hybrid architecture, involving both on-premises and public cloud resources. There are myriad approaches to and strategies for deploying a hybrid architecture, but they all have two characteristics in common. On one hand, users need connectivity between on-premises and public cloud resources. On the other, they must consider the rise in networking costs, which have transformed from a marginal factor in public cloud-only architectures to a significant component of companies’ business models.

Hybrid Cloud Connectivity Options

Now that we understand the nuances of public and private cloud connectivity economics, let’s dive deeper into these a few models of hybrid cloud connectivity. For simplicity, we will refer to the data transfer pricing models offered by Amazon.

Internet-Based Approach to Hybrid Cloud Connectivity

The most trivial solution for data transfer is using the public internet. However, we must consider the risks of using it. The first is that the internet is a best-effort network, which means that connection speed isn’t stable or guaranteed. Routing of the data isn’t fixed, and varying latency (jitter) can be introduced, making this connectivity option unsuitable for some applications. The second risk is to privacy and security. Data flowing over the internet is not secure and can be tracked, intercepted, stolen, or even replaced by malicious data.

Internet + VPN Approach

To “upgrade” the first option, users can connect their public and private cloud resources using the internet, but they apply an IPsec-based VPN connection between the clouds. This strategy encrypts the data and makes the connection more secure and resistant to taps and attacks. However, it doesn’t solve the performance issues (speed and latency) that are typical of the internet.

Direct Connection Approach

An alternative to using the public internet is to use a private, direct connection to the cloud provider, enabled by third-party partners. These provide a dedicated connection from the customer’s premises, either directly to the customers’ respective public cloud regions, or to one of the third party’s intermediate points-of-presence (PoPs), which have a direct connection to the relevant cloud regions. A direct connection mitigates both the performance and security risks of using the internet and provides a secure, guaranteed speed, fixed-latency connection for hybrid architecture. It is, in fact, an extension of the on-prem LAN to the customer’s network on the public cloud. Strangely, Amazon does not provide an SLA for these connections.

Pricing for direct connections is also a mix of per-hour and per-gigabyte charges. Amazon, for example, charges a per-hour fee for a dedicated speed port to its Direct Connect service.

Pricing of the AWS Direct Connect:

The price of AWS Direct Connect depends on the connection speed. Pricing starts at $0.03 per hour for a 50Mbps connection, rising incrementally to $0.30 per hour for a 1Gbps connection, and $2.25 per hour for a 10Gbps connection.

Refer AWS direct connect pricing.

Pricing of the AWS Direct Connect Data Transfer:

Data transfer charges are lower than those for internet connectivity and are not tiered. They are either $0.02 or $0.03 per gigabyte for outbound traffic, depending on the PoP. Inbound traffic is free.

NetApp Cloud Volumes Service uses a direct connection to establish the communication between your on-premises data center and an AWS data center. It provides a secure, guaranteed speed, fixed-latency connection for hybrid architecture.

Infrastructure and Connectivity Before and After the Cloud

Cloud migration, in itself, changes the volume and nature of traffic flow within and outside of a corporate network. It also has an impact on users’ security risk mitigation best practices.

Before the Cloud

Most networking infrastructure investments were spent on ensuring available, reliable, and performant connectivity to on-premises datacenters. For many organizations, internet connectivity was not critical for internal business operations. Network boundaries were primary defenses against security breaches.

After the Cloud

With newly migrated productivity and IT workloads running in the cloud, infrastructure investments shift from on-premises data centers to internet connectivity, which is now critical for internal business operations. Federated connectivity shifts security strategy, weighting it toward protecting identities and data as they flow through the network and the various points of connectivity to cloud services.

High-Level Hybrid Connectivity Architecture Diagram


How to Connect to NetApp Cloud Volumes Service From On-Premises

When connecting NetApp Cloud Volumes Service and on-premises resources, there are a few items of note:

  • Customers cannot use DGW (Direct Connect Gateway) as per the DWG limitation with AWS.
  • Customers should use VGW (Virtual Private Gateway) to onboard Cloud Volumes Service if the they’re looking to achieve on-premises connectivity.
  • Customers should land the default route in the same VGW (Virtual Private Gateway) as the AWS data center to connect to the NetApp Cloud Volumes Service.
  • Cloud volumes are then accessible from on-premises and EC2 instances. The CIDR range of the on-premises data center and the AWS data center should not have a conflict.

Advantages of Cloud Volumes Service for On-Premises Data Centers

  1. With Cloud Volumes Service for On-premises data center, cloud volumes are accessible from on-premises clients and EC2 instances.
  2. For customers who are physically close to an AWS data center, this approachwill provide a very performance-shared storage solution. 
  3. The solution avoids the incremental cost and complexity of using a VPN.

Limitations of Cloud Volumes Service for On-Premises Data Centers:

  1. Based on the customer network infrastructure, performance will vary.
  2. For customers who are far from an AWS data center, this approach may not provide a very performance-shared storage solution. 
  3. The configuration is limited to one VPC. 
  4. The configuration is limited to one region. 

Want to Learn More About Cloud and On-Premises Connectivity Through CVS?

Learn more at NetApp Cloud Central, or check out information on AWS Direct Connect Gateway.