Amazon Web Services Enables Private Cloud Connections
Source: Charles Babcock
Customers who want to do cloud computing in a more secure way got a guarded on-ramp to the public cloud Thursday. Instead of using the Internet or even a VPN, they can now set up their own private network to a facility that enjoys a high speed, private link to a nearby Amazon EC2 data center.
Amazon is expanding its Virtual Private Cloud offering on several fronts, but perhaps the most important was its new Direct Connect service.
It has designated Equinix its partner in secure communications. Equinix operates 90 high-performance data centers on networking hubs in 37 markets around the world. Customers wanting private cloud-style computing may establish dedicated links to an Equinix data center that will have a dedicated link to EC2's Virtual Private Cloud service.
A virtual private cloud in Amazon parlance means separate facilities in the EC2 infrastructure contracted for by a private company separate from the multi-tenant public cloud.
The first operative connection is in Equinix's Ashburn, Va., facility, linked to EC2's U.S. East data center in Northern Virginia. By going through Ashburn, customers will have their data and workloads transported into EC2 over all private connections, avoiding any use of the Internet.
Most enterprises believe their private networks offer better security than the Internet or even a virtual private network tunneled through the Internet. Private networks still carry enterprise transaction processing traffic, in many cases. "We have heard consistently over time that companies don't want to use the public Internet" for workloads involving compliance-sensitive data, said Adam Selipsky, VP of Amazon Web Services.
EC2 customers can set up a private link to Equinix today on their own through broadband telecommunications providers such as AboveNet or Level 3. They'll be able to do so from their own AWS Management Console later this year, said Selipsky. In addition, the Equinix hub to EC2 links will eventually be established in San Jose, Los Angeles, London, Tokyo and Singapore, giving all five of Amazon's worldwide regions private network access.
In general, uploading data to EC2 is free but AWS will charge virtual private cloud customers for each network port that they use. A 1-Gbps port will cost 30 cents an hour; a 10-Gbps port, $2.25 an hour. Downloading data from the cloud is not free. AWS charges 2 cents per GB for downloads.
In a separate announcement (Equinix was not mentioned in the Amazon press release), Equinix CEO Steve Smith said, "Direct Connect opens up a wide range of exciting new possibilities in hybrid cloud computing." The private network connection will allow cloud users "to leverage Amazon Web Services as if it was part of their own infrastructure."
Selipsky added that virtual private cloud customers will be able to better control the network latency, amount of bandwidth used, and reliability of the cloud connection through Direct Connect. Getting results from a cloud workload can show varying response times when using the Internet, depending on how much traffic the segments of the Internet being used are experiencing that day.
Amazon offered "identity federation" as an additional private cloud feature Thursday through its Identity and Access Management service. The service was kicked off late last year but didn't have the ability to use identities in Microsoft Active Directories inside the enterprise.
"We've allowed existing identity management systems to be used by an AWS account," said Selipsky. Both Active Directory and LDAP directories, such as the Sun Microsystems Identity Manager, qualify. A single Amazon Web Services account holder can define employees who may use the account and apply fine-grained controls over what they access within the account, Selipsky said.
| }
|