Feeds

Amazon virtual private clouds go global

Adds real private links and identity management

Top 5 reasons to deploy VMware with Tegile

Online retailing giant and cloud-computing pioneer Amazon is rolling out its Virtual Private Cloud (VPC) service to its data centers around the world. At the same time, it's giving customers dedicated private links into the cloudy infrastructure from their own premises, as well as an identity-management front end for the clouds that integrates with existing systems running at brick-and-mortar data centers.

The Amazon Web Services unit of the online retailer debuted its first VPC offering two years ago, allowing for chunks of the EC2 compute cloud to be carved out and isolated from other customers and to be linked to via an IPsec encrypted virtual private network (VPN) over the internet.

The original VPC offering required data centers to have VPN hardware and software, which was extended to the Amazon cloud. In March of this year, Amazon tweaked the VPC offering to give customers control over IP address ranges, subnets, and configuration of route tables and network gateways, just as they would have in their own data center. This allowed them to, for instance, create one subnet for web servers that sit on the internet and another subnet for applications and databases that do not.

The other change was that companies that do not have all this internal VPN gear – perhaps because AWS is their data center – could still set up VPN access to EC2 compute and S3 storage clouds with the VPC front end.

A few weeks later, Amazon went one step further and offered dedicated instances for VPC customers – literally pinning virtual workloads to specific servers in its data centers and turning a multi-tenant public cloud into what amounts to a hosted private cloud.

With Thursday's enhancements, AWS is extending the Virtual Private Cloud service to run across in its data centers in Dublin, Ireland (serving Europe), and Singapore and Tokyo (serving the Asia/Pacific region). The two data centers Amazon operates in Boardman, Oregon and Ashburn, Virginia already serve the east and west coasts of North America.

Amazon is also allowing for the networks in the corporate data center as well as those in branch offices to all be linked to AWS capacity over the VPC, linking the branch offices to the data centers using AWS as a backbone.

For those companies who don't like the unpredictability of performance on the VPN tunnel through the internet, Amazon is now rolling out a new feature called AWS Direct Connect, which provides a fully private, dedicated Gigabit Ethernet or 10 Gigabit Ethernet link from your data center into an AWS data center run by Amazon.

Direct Connect can be used to access public AWS resources as well as VPC resources that are cordoned off. It is implemented using an 802.1q VLAN – which means it can be partitioned into multiple logical networks – and for those who need lots of bandwidth, multiple links can be ganged up. Amazon says that most VPN hardware poops out at about 4Gb/sec of bandwidth, and at its current network transfer prices on the VPN service, the money can add up.

At the moment, AWS Direct Connect ports are only available into Amazon's Ashburn, Virginia data center (located in an Equinix facility). It costs 30 cents per hour for a Gigabit Ethernet port and $2.25 per hour for a 10GE port. Amazon doesn't charge for data pumped into the Virginia data center, but charges 2 cents per gigabyte transferred out of the facility. You can mix and match Direct Connect and standard VPN-based internet traffic within the same company and virtual networks, by the way.

The Direct Connect links are currently available only to customers residing in Virginia, and linking only to the Ashburn facility. Amazon says that it plans for direct links to be available from San Jose and Los Angeles into its Oregon data center as well as from London into Ireland and from Singapore and Tokyo into those AWS data centers in the next several months.

Amazon has also tweaked the Identity and Access Management feature of the AWS Management Console with an identity-federation feature. The IAM feature already allowed AWS administrators to control access to virtual compute, storage, and network resources on the Amazon cloud.

With the new federation features, IAM allows for whatever identity-management products that enterprises use internally to be cross-coupled with AWS authentication, so end users inside the corporate firewall can use their current authentication method (passwords, access keys, multi-factor authentication) and APIs in the IAM software to automatically and programmatically get access to AWS resources without having to create AWS credentials for each of those users by hand. IAM is a freebie feature of the Amazon cloud. ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
Azure TITSUP caused by INFINITE LOOP
Fat fingered geo-block kept Aussies in the dark
You think the CLOUD's insecure? It's BETTER than UK.GOV's DATA CENTRES
We don't even know where some of them ARE – Maude
Want to STUFF Facebook with blatant ADVERTISING? Fine! But you must PAY
Pony up or push off, Zuck tells social marketeers
Oi, Europe! Tell US feds to GTFO of our servers, say Microsoft and pals
By writing a really angry letter about how it's harming our cloud business, ta
SAVE ME, NASA system builder, from my DEAD WORKSTATION
Anal-retentive hardware nerd in paws-on workstation crisis
Astro-boffins start opening universe simulation data
Got a supercomputer? Want to simulate a universe? Here you go
prev story

Whitepapers

Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Reducing the cost and complexity of web vulnerability management
How using vulnerability assessments to identify exploitable weaknesses and take corrective action can reduce the risk of hackers finding your site and attacking it.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.