Feeds

Amazon virtual private clouds go global

Adds real private links and identity management

3 Big data security analytics techniques

Online retailing giant and cloud-computing pioneer Amazon is rolling out its Virtual Private Cloud (VPC) service to its data centers around the world. At the same time, it's giving customers dedicated private links into the cloudy infrastructure from their own premises, as well as an identity-management front end for the clouds that integrates with existing systems running at brick-and-mortar data centers.

The Amazon Web Services unit of the online retailer debuted its first VPC offering two years ago, allowing for chunks of the EC2 compute cloud to be carved out and isolated from other customers and to be linked to via an IPsec encrypted virtual private network (VPN) over the internet.

The original VPC offering required data centers to have VPN hardware and software, which was extended to the Amazon cloud. In March of this year, Amazon tweaked the VPC offering to give customers control over IP address ranges, subnets, and configuration of route tables and network gateways, just as they would have in their own data center. This allowed them to, for instance, create one subnet for web servers that sit on the internet and another subnet for applications and databases that do not.

The other change was that companies that do not have all this internal VPN gear – perhaps because AWS is their data center – could still set up VPN access to EC2 compute and S3 storage clouds with the VPC front end.

A few weeks later, Amazon went one step further and offered dedicated instances for VPC customers – literally pinning virtual workloads to specific servers in its data centers and turning a multi-tenant public cloud into what amounts to a hosted private cloud.

With Thursday's enhancements, AWS is extending the Virtual Private Cloud service to run across in its data centers in Dublin, Ireland (serving Europe), and Singapore and Tokyo (serving the Asia/Pacific region). The two data centers Amazon operates in Boardman, Oregon and Ashburn, Virginia already serve the east and west coasts of North America.

Amazon is also allowing for the networks in the corporate data center as well as those in branch offices to all be linked to AWS capacity over the VPC, linking the branch offices to the data centers using AWS as a backbone.

For those companies who don't like the unpredictability of performance on the VPN tunnel through the internet, Amazon is now rolling out a new feature called AWS Direct Connect, which provides a fully private, dedicated Gigabit Ethernet or 10 Gigabit Ethernet link from your data center into an AWS data center run by Amazon.

Direct Connect can be used to access public AWS resources as well as VPC resources that are cordoned off. It is implemented using an 802.1q VLAN – which means it can be partitioned into multiple logical networks – and for those who need lots of bandwidth, multiple links can be ganged up. Amazon says that most VPN hardware poops out at about 4Gb/sec of bandwidth, and at its current network transfer prices on the VPN service, the money can add up.

At the moment, AWS Direct Connect ports are only available into Amazon's Ashburn, Virginia data center (located in an Equinix facility). It costs 30 cents per hour for a Gigabit Ethernet port and $2.25 per hour for a 10GE port. Amazon doesn't charge for data pumped into the Virginia data center, but charges 2 cents per gigabyte transferred out of the facility. You can mix and match Direct Connect and standard VPN-based internet traffic within the same company and virtual networks, by the way.

The Direct Connect links are currently available only to customers residing in Virginia, and linking only to the Ashburn facility. Amazon says that it plans for direct links to be available from San Jose and Los Angeles into its Oregon data center as well as from London into Ireland and from Singapore and Tokyo into those AWS data centers in the next several months.

Amazon has also tweaked the Identity and Access Management feature of the AWS Management Console with an identity-federation feature. The IAM feature already allowed AWS administrators to control access to virtual compute, storage, and network resources on the Amazon cloud.

With the new federation features, IAM allows for whatever identity-management products that enterprises use internally to be cross-coupled with AWS authentication, so end users inside the corporate firewall can use their current authentication method (passwords, access keys, multi-factor authentication) and APIs in the IAM software to automatically and programmatically get access to AWS resources without having to create AWS credentials for each of those users by hand. IAM is a freebie feature of the Amazon cloud. ®

SANS - Survey on application security programs

More from The Register

next story
This time it's 'Personal': new Office 365 sub covers just two devices
Redmond also brings Office into Google's back yard
Kingston DataTraveler MicroDuo: Turn your phone into a 72GB beast
USB-usiness in the front, micro-USB party in the back
Dropbox defends fantastically badly timed Condoleezza Rice appointment
'Nothing is going to change with Dr. Rice's appointment,' file sharer promises
BOFH: Oh DO tell us what you think. *CLICK*
$%%&amp Oh dear, we've been cut *CLICK* Well hello *CLICK* You're breaking up...
Just what could be inside Dropbox's new 'Home For Life'?
Biz apps, messaging, photos, email, more storage – sorry, did you think there would be cake?
IT bods: How long does it take YOU to train up on new tech?
I'll leave my arrays to do the hard work, if you don't mind
Amazon reveals its Google-killing 'R3' server instances
A mega-memory instance that never forgets
prev story

Whitepapers

Designing a defence for mobile apps
In this whitepaper learn the various considerations for defending mobile applications; from the mobile application architecture itself to the myriad testing technologies needed to properly assess mobile applications risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.