1. Home
  2. Training Library
  3. Designing Network & Data Transfer solutions in AWS - Level 2

Why Direct Connect?

Contents

keyboard_tab
Data Transfers with AWS DataSync
1
Amazon S3
Running Operations with the Snow Family
8
Amazon Kinesis
Amazon CloudFront Design Patterns

The course is part of this learning path

Instructor: David Ball

Why Direct Connect?

Hello and welcome to this lecture where I want to talk about why an organization would consider connecting their on-prem data center to AWS using an AWS Direct Connect.

Dipping Your Toes

In my experience, even with the abundance of material extolling the benefits of AWS, many organizations begin their cloud journey by “dipping their toes” in AWS.  Let me say clearly that there is nothing wrong with this approach.  It’s basic IT nature to view a new technology or service with a measure of healthy skepticism, thus its perfectly acceptable for organizations to take careful and deliberate steps to validate AWS’s ability to solve business challenges.

I have seen several organizations begin their cloud journey by using Amazon S3 buckets to easily expand the storage capacity of their backup repositories to support long-term data retention goals.  Once this use case is tested and validated, this organization may expand its use of AWS by using Infrastructure-as-Code principles to deploy simple EC2 instances.  Often, once EC2 instances are deployed, an organization will look to connect their AWS environment to their on-premises data center to support production applications by providing EC2 instances access to on-prem Active Directory domains, private DNS zones, database servers, file shares, intranet pages, you name it. 

To securely facilitate this connectivity, an AWS Site-to-Site, IPSec VPN tunnel can be created.  Depending upon the configuration of the AWS environment and what resources must communicate with one another, organizations new to the cloud typically choose to do one of two things. 

  1.       Deploy a Virtual Private Gateway

A Virtual Private Gateway is an AWS-managed VPN endpoint that includes redundancy and failover capabilities on the Amazon side of the Site-to-Site VPN connection.  A key point to remember however, is that a Virtual Private Gateway can only be attached, and provide VPN access to, a single AWS VPC.

altImage from https://docs.aws.amazon.com/whitepapers/latest/aws-vpc-connectivity-options/images/image2.png

  1.       Deploy a Transit Gateway

If an organization wishes to establish VPN connectivity from their on-premises data center to multiple AWS VPCs, they could choose to deploy a Virtual Private Gateway in each of those VPCs OR they could deploy a single AWS Transit Gateway.

altImage from https://docs.aws.amazon.com/whitepapers/latest/aws-vpc-connectivity-options/images/image4.png

Like the Virtual Private Gateway, AWS Transit Gateway is an AWS-managed service which provides a highly available, regional network transit hub.  The Transit Gateway VPN attachment can be used as the VPN endpoint on the Amazon side of a Site-to-Site VPN connection to enable the interconnection of multiple AWS VPCs within the same AWS region, and the on-premises network.  

Jumping In With Both Feet

There is no denying that the AWS Virtual Private Gateway or Transit Gateway managed services are the best, easiest, and quickest way to provision VPN IPSec connections to build a hybrid network between an on-premises data center and AWS.  However, as more and more resources and applications are deployed or migrated to AWS, the limitations of these VPN connections come into greater focus. 

For example, each VPN tunnel can achieve a maximum bandwidth of 1.25Gpbs/second.  Additionally, these VPN connections use the public internet which can have unpredictable and inconsistent performance, thus potentially making VPN connections unusable for latency sensitive applications. 

Organizations needing to overcome the limitations of VPN connections in order to maximize the benefits of AWS will inevitably consider AWS Direct Connect.

 

Difficulty
Intermediate
Duration
1h 6m
Description

This course covers the core learning objective to meet the requirements of the 'Designing Network & Data Transfer solutions in AWS - Level 2' skill

Learning Objectives:

  • Understand the most appropriate AWS connectivity options to meet performance demands
  • Understand the appropriate features and services to enhance and optimize connectivity to AWS public services such as Amazon S3 or Amazon DynamoDB.
  • Understand the appropriate AWS data transfer service for migration and/or ingestion
  • Apply an edge caching strategy to provide performance benefits for AWS solutions
About the Author
Students
207898
Labs
1
Courses
211
Learning Paths
163

Stuart has been working within the IT industry for two decades covering a huge range of topic areas and technologies, from data center and network infrastructure design, to cloud architecture and implementation.

To date, Stuart has created 150+ courses relating to Cloud reaching over 180,000 students, mostly within the AWS category and with a heavy focus on security and compliance.

Stuart is a member of the AWS Community Builders Program for his contributions towards AWS.

He is AWS certified and accredited in addition to being a published author covering topics across the AWS landscape.

In January 2016 Stuart was awarded ‘Expert of the Year Award 2015’ from Experts Exchange for his knowledge share within cloud services to the community.

Stuart enjoys writing about cloud technologies and you will find many of his articles within our blog pages.