By Dan Pfyl, Solutions Architect

Not sure how to connect to this leading cloud provider? Compare options to pick the best one for your business.

Curious about Amazon Web Services (AWS) and the best ways to connect?

AWS is a hybrid cloud provider with customized, scalable, cloud-based packages. These encompass:

• Software as a Service (SaaS), based on subscription-based software licensing and delivery
• Platform as a Service (PaaS), allowing companies to develop, deploy, manage, and update applications
• Infrastructure as a Service (IaaS), providing high-level application programming interfaces (APIs).

Whether you’re part of a multinational corporation or a small startup, you can choose among various AWS services to meet your needs. Enterprises use these services for AI-based number crunching and analytics, virtual desktop networking, integration with the internet of things (IoT), storage/retrieval, and more.

There are a lot of services to reach in Amazon Web Services, but how do you communicate with these services from outside the cloud?

An overview of AWS connections

AWS Direct Connect and AWS Direct Connect Dedicated bypass the public internet, making them attractive to financial corporations and governments as well as many other industries. VPN connections are also a popular way to connect to Amazon Web Services by facilitating encrypted traffic over the public internet.

AWS Cloud WAN is a managed wide-area networking (WAN) service you can use to build, manage, and monitor a unified global network that connects resources running across your cloud and on-premises environments.

It provides a central dashboard from which you can connect on-premises branch offices, data centers, and Amazon Virtual Private Clouds (VPCs) across the AWS global network. You can use simple network policies to centrally configure and automate network management and security tasks, and get a complete view of your global network.

For key concepts and terms about global and core networks, see AWS’s global and core network key concepts.

What is AWS Direct Connect?

AWS Direct Connect is a service that establishes a dedicated network connection from your on-premises infrastructure directly to the AWS Cloud, bypassing public internet setups like:

1. cloud exchange colocation
2. any-to-any IP VPNs (usually MPLS)
3. point-to-point Ethernet networks.

Connections are secured by on-premises networks or colocation facilities using a third-party connectivity provider’s virtual cross-connection software.

You can use the same Direct Connect to privately pass your data into your virtual networks and public services via the AWS Direct Connect connection. Direct Connects are a single connection into AWS, so Direct Connect Resiliency will need to be planned for and implemented to achieve a highly resilient or “maximum resiliency” design. Note that the AWS SLA is determined based on the resiliency model chosen.

What are the benefits of Direct Connect?

Data that bypasses the public internet travels with higher bandwidth and reliability, and lower and more consistent latency. Security is also enhanced through this private connection as Direct Connect keeps your data removed from the public internet. Many enterprises also report cost savings due to significantly lower egress data costs versus the internet.

Specifically, Direct Connect offers the following features:

• Layer 3 connectivity between on-premises and Amazon Web Services through a connectivity provider
• Connectivity to AWS Availability Zones and Regions, or to all global regions via AWS Transit Gateway or AWS PrivateLink.
• Dynamic routing between your network and AWS via BGP.
• Multiple connection models to support uptime SLA requirements.
• Scalable data rates from 50 Mbps to 400 Gbps.

Onboarding with Direct Connect

Enterprises peer with AWS through AWS Direct Connect Partners. Order the Direct Connect circuit, and your connectivity provider extends your network to a Direct Connect peering location or Availability Zone. AWS peering locations are colocation facilities that host AWS edge locations to set up peering instances.

You also have the option to encrypt your data over a private Direct Connect. One of the main use cases for private IP VPN over AWS Direct Connect is helping customers in the financial, healthcare, and federal industries meet regulatory and compliance goals.

Private IP VPN over AWS Direct Connect ensures that traffic between AWS and on-premises networks is both secure and private, allowing customers to comply with their regulatory and security mandates.

What is AWS Direct Connect Dedicated?

With Direct Connect Dedicated, AWS Cloud customers can connect at global peering locations distributed around the world to reach the AWS global network directly. Connectivity interfaces are either 1 Gbps, 10 Gbps, 100 Gbps, or 400 Gbps. This typically means ordering two cross-connects from your rack directly to the AWS Direct Connect interfaces.

See Dedicated AWS Direct Connect connections for more information.

What are the benefits of Direct Connect Dedicated?

The benefits of an AWS Direct Connect dedicated connection include:

• improved application performance due to higher bandwidth
• lower, more consistent latency
• enhanced data security by bypassing the public internet and offering encryption
• reduced networking costs, especially for large data transfers, compared to public internet connections
• a more reliable and consistent network experience
• support for hybrid cloud integration
• seamless scaling alongside changing business needs.

Heavily regulated industries, such as banking, government, and retail, sometimes require dedicated and isolated connectivity; Direct Connect Dedicated (and Direct Connect in general) provides the necessary physical isolation.

Clients that generate huge amounts of data, such as large retailers, government agencies, and global manufacturers, use Direct Connect Dedicated to manage their massive database and storage needs.

It’s worth looking at costs before going down the Direct Connect Dedicated path, as it can get expensive – the current cost of a 100 Gbps Direct Connect Dedicated connection is over $16,000 per month while 400 Gbps is over $62,000 per month.

Direct Connect Peering Locations and AWS Regions

When you create a Direct Connect, you must choose a Direct Connect Availability Zone to connect to. The Availability Zone is the actual on-ramp location of the Partner Network-to-Network Interface (NNI) with AWS. The Region, in most cases, does not have to be the same as the Peering Location.

Once you connect to the Availability Zone, you’ll need to accept the partner connection in your AWS console. Once the partner connection is provisioned and after the connection is configured, it will appear in the Connections pane in the AWS Direct Connect console.

Before you can begin using a hosted connection, you must accept the connection. You can accept a hosted connection using either the AWS Direct Connect console or using the command line or API.

Once the connection is accepted, you can assign it a virtual interface type (public, private or transit), and connect it to your Direct Connect Gateway.

What is Virtual Interface?

An AWS Virtual Interface (VIF) on AWS Direct Connect is a logical connection that partitions a physical Direct Connect link into multiple isolated and dedicated network connections. There are three main types:

• Private VIF for secure access to your Virtual Private Clouds (VPCs).
• Public VIF for accessing public AWS services globally.
• Transit VIF for connecting to multiple VPCs via an AWS Transit Gateway.

What are the benefits of AWS VPN?

AWS VPN provides benefits including:

• security via industry-standard IPsec encryption
• reliability through high availability and redundant tunnels
• scalability by auto-scaling for remote access
• managed service support for ease of deployment and maintenance.

Key use cases include connecting on-premises networks to AWS, securely accessing cloud resources during cloud migration, and providing remote access for employees, all while integrating with existing authentication systems like Active Directory.

Other features include:

• flexible access and connectivity
• enhanced security
• scalability up to 4 Gbps
• routing over the internet
• potential cost savings depending on how much data is being transferred out.

Which AWS connectivity option is best for you?

Healthcare, financial services, government agencies, retail firms, and manufacturers all rely on AWS services, depending on their needs.

AWS offers hybrid cloud, AI, IoT, and mixed reality to quickly scale, improve security, and instantly update software.

Communicating with AWS cloud services can be fine-tuned among private and public connections. Users can connect their on-premises equipment privately via AWS APN Technology and Consulting partners, or connect across the internet via VPNs.

Your security needs and data flow, whether you’re part of an industry or public institution, will affect which connection is best.

Choosing Direct Connect Hosted or Direct Connect Dedicated

Direct Connect Hosted manages data up to 25 Gbps, whereas a Direct Connect Dedicated connection can connect up to 400 Gbps.

For government entities and corporations that need high speeds, low latency, and assured reliability, both Direct Connect products should be considered. There are use cases for high-data-rate users where the lower egress fees will allow Direct Connect to pay for itself.

For use cases where there only needs to be a single connection to a single virtual interface type, then Direct Connect Hosted should be used. A Direct Connect Dedicated connection should be used for use cases where greater than 25 Gbps is required, multiple virtual interfaces or multiple environments need to be supported over a single connection, or enhanced security like MACsec is needed. You can view the quotas of both types of connections here.

Choosing a virtual interface

AWS has different types of virtual interfaces to choose from when making a Direct Connect connection.

• Private Virtual Interface (VIF): Connects the customer’s on-premises network to one of their Amazon VPCs. Traffic over this interface is isolated and does not traverse the public internet.
• Public Virtual Interface (VIF): Connects the customer’s on-premises network to public AWS services like S3, DynamoDB, etc., allowing access to AWS public services without using the internet.
• Transit Virtual Interface (VIF): Facilitates hub-and-spoke connectivity, enabling efficient communication between multiple Amazon VPCs and on-premises networks with transitive routing.

Choosing the right connection type in AWS Direct Connect is crucial for optimizing performance, reliability, and cost. Some factors to consider include:

• Performance: Dedicated connections generally provide more predictable and consistent network performance compared to hosted connections. The choice of speed is also crucial based on your expected traffic volume.
• Redundancy: Consider implementing redundant connections to ensure high availability. AWS Direct Connect supports the creation of redundant connections to the same or different Direct Connect locations.
• Cost: Different connection types have associated costs. Evaluate the pricing model based on your organization’s budget and usage patterns; hosted connections, for example, might offer more flexible pricing options.
• Flexibility: Hosted connections provide more flexibility as they can be provisioned through partners, allowing for different speeds and simpler management.

Moving forward with AWS

No matter which connection you choose, Amazon Web Services is adaptable. The range of options may seem daunting, but if you triage your crucial levels of data protection, speed, and reliability against your budget, you can start with a solution and modify it later.

Megaport’s Network as a Service (NaaS) solutions enable fast, flexible, and secure connectivity to AWS and other top cloud providers, data center operators, systems integrators, and managed service providers.

Our global Software Defined Network (SDN) helps businesses rapidly and securely connect their networks to services through our easy-to-use portal or open API, reducing operating costs and increasing speed to market compared to traditional networking solutions. To learn more, chat to one of our Solutions Architects.