Let’s get Connected_ Exploring Connectivity in your Cloud Journey

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Ahmed Raafat
Solutions Architect, Amazon Web Services
Eman Zulfi
Manager Innovation & Product Development-Batelco
Let’s Get Connected: Exploring
Connectivity in Your Cloud Journey

Key takeaways
What are the options for connecting into
AWS?
What is appropriate for my workloads?
What’s new? How does it affect my
architecture?

AWS Global Infrastructure
18 Regions – 55 Availability Zones – 136 Points of Presence
Region & Number of Availability Zones
AWS GovCloud (3) EU
Ireland (3), Frankfurt
(3), London (3), Paris
(3)
US West Asia Pacific
Oregon (3), Northern
California (3)
Singapore (3), Sydney
(3), Tokyo (4), Seoul
(2), Mumbai (2),
Osaka-Local (1)
US East
N. Virginia (6), Ohio (3) China
Beijing (2)
Ningxia (3)
Canada
Central (2) South America
São Paulo (3)
Announced Regions
Bahrain, Hong Kong SAR, Sweden

Sample Region
Zoom In: AWS Region Zoom In: AWS AZ
Datacenter Datacenter
Datacenter
Sample
Availability Zone
Availability
Zone B
Availability
Zone A
Availability
Zone C

Connecting to AWS
Hybrid Architecture

Hybrid Architecture
CORP

Hybrid Architecture—storage/archive
CORP
S3
DB
App
Archive

Hybrid Architecture—disaster recovery
CORP
DB
App
App

Hybrid Architecture—virtual desktops
CORP
Amazon
WorkSpaces
DB
App

Hybrid Architecture—split architecture
CORP
Web App DB

Hybrid Architecture—split architecture (2)
CORP
Web/App Web/App
NLB / ALB

- Public IPs
- Elastic IPs
- Internet data out pricing
- IPsec authentication and encryption
- Two main options
- AWS Managed VPN
- Software VPN (EC2)
- Launched in 2011
- Private connection
- Separate from the Internet
- Consistent network experience
- Connect through multiple locations
world wide.
- Port speeds of 1 Gbps, 10 Gbps or
sub-1 Gbps
Connectivity options
AWS Direct ConnectVPNPublic Internet

AWS Direct Connect locations
SuperNAP NV
Equinix SE
CoreSite LA
CoreSite NY
165 Halsey St, NJ
Equinix DC
CoreSite SV
Equinix CH
QTS Chicago
CoreSite VA
Equinix LA
Equinix SV
TierPoint
EdgeConneX
Pittock Block
Allied 250, Toronto CA
Cologix OH
Cologix Montreal CA
Netelligent Montreal CA
Cologix Montreal CA
CyrusOne Houston
Digital Realty ATL
Lightower PA
Markley Boston MA
Equinix DA
Oregon
N. California
N. Virginia
Ohio
Montreal
CoreSite DE
PhoenixNAP AZ

Eircom
Interxion Frankfurt
Equinix OS
Equinix TY
Equinix SY
Global Switch Sydney
Equinix SG
CIDS
SinnetItconic Madrid 2
Interxion Dublin
Interxion Stockholm
Interxion Marseille
Equinix AM
Global Switch Singapore
Sify Rabale
STT GDC Chennai
Equinix MU
Telehouse
CE Colo Prague
Equinix WA
GPX Mumbai
Interxion Zurich
Interxion Vienna
Interxion IPB Berlin
iAdvantage HK
Equinix HE
Kinx Seoul
LG U+ Seoul
Menara Kuala Lumpur
NEXTDC Canberra
NEXTDC
Melbourne
NEXTDC Perth
Seoul
Frankfurt
Sydney
Ireland
Tokyo
Singapore
Beijing
London
Mumbai
Digital Realty UK
Equinix FR
Equinix LD
Interxion Madrid

Introducing Direct Connect Gateway
• New global object
• Lives in AWS account, not region level
• Connect to VPCs in any region (not including China)
• Access regions via the AWS global network backbone
• Connect to multiple VPCs over one virtual interface

SuperNAP NV
Equinix SE
CoreSite LA
CoreSite NY
165 Halsey St, NJ
Equinix DC
CoreSite SV
Equinix CH
QTS Chicago
CoreSite VA
Equinix LA
Equinix SV
TierPoint
EdgeConneX
Pittock Block
Allied 250, Toronto CA
Cologix OH
Cologix Montreal CA
Netelligent Montreal CA
Cologix Montreal CA
CyrusOne Houston
Digital Realty ATL
Lightower PA
Markley Boston MA
Equinix DA
CoreSite DE
PhoenixNAP AZ

Equinix DA
Oregon
N. California
N. Virginia
Ohio
Montreal
AWS BACKBONE

Digital Realty UK
Eircom
Interxion Frankfurt
Equinix OS
Equinix TY
Equinix FR
Equinix SY
Global Switch Sydney
Equinix SG
CIDS
Sinnet
Equinix LD
Interxion Dublin
Interxion Madrid
Interxion Stockholm
Equinix AM
Global Switch Singapore
GPX Mumbai
Sify Rabale
Telehouse
Equinix MU
CE Colo Prague
Equinix WA
Interxion Marseille
Interxion Zurich
Interxion Vienna
Interxion IPB Berlin
iAdvantage HK
Kinx Seoul
LG U+ Seoul
Menara Kuala Lumpur
NEXTDC Canberra
NEXTDC
Melbourne
NEXTDC Perth
Equinix HE
Itconic Madrid 2
STT GDC Chennai

Seoul
NEXTDC Perth
Mumbai
Frankfurt
Sydney
Ireland
Tokyo
Singapore
Beijing
London
AWS BACKBONE

Connecting to AWS
Connectivity architectures

CORP

CORP
VPC
VPC
VPC

VPN

VPC
VPC
VPC
AWS managed VPN
Internet
CORP

VPC
VPC
VPC
AWS managed VPN
Internet
VGW
CORP
CGW

VPC
VPC
VPC
AWS managed VPN
Internet
VGW
Supported features:
• AES-256
• SHA-2
• Phase 1 DH groups—2, 14–18, 22, 23, and 24
• Phase 2 DH groups—1, 2, 5, 14–18, 22, 23, and 24
• NAT-T
CORP
CGW

VPC
VPC
VPC
AWS managed VPN
Internet
VGW
23.22.66.xx
50.16.172.yy
CORP
CGW

VPC
VPC
VPC
AWS managed VPN, 2 x CGW
Internet
VGW
CGW
CORP
CGW

VPC
VPC
VPC
AWS managed VPN, multiple VPCs
Internet
VGW
CGW
VGW
CORP
CGW

AWS managed VPN
Cost
Performance
Flexibility
Resiliency
• Easy install, minutes to set up
• NAT-T, AES-256, SHA-2 and latest
DH groups
• Static (1 prefix) or BGP (<100
prefixes)
• Repeat for every VPC
• $0.05 per VPN connection hour
• Data transfer
• Leverage both VGW endpoints (two
tunnels per VPC)
• Think about CGW redundancy (four
tunnels per VPC)
• Up to 1.25 Gbps (limited at VGW)

What’s new with AWS managed VPN?
- Bring your own Autonomous System
Number (ASN)
- Custom Pre-Shared Keys (PSKs)
- Custom inside tunnel IPs
- Amazon CloudWatch metrics to monitor
tunnel health and activity

VPC
VPC
VPC
Software VPN (Amazon EC2)
Internet
CORP

VPC
VPC
Software VPN (EC2)
Internet
CORP

Software VPN (EC2)
Cost
Performance
Flexibility
Resiliency
• Any open-source or commercial vendor
• Opens up proprietary feature sets
• Customer responsible for HA and scaling
• Advanced solutions can be built using
automation
• Vendor licensing
• EC2 hourly cost
• High availability cost
• Data transfer
• VPC endpoint HA achieved by
additional EC2 instance in second AZ
• Customer-side HA also recommended
• Defined by EC2 instance size & type
• Multi Gbps can be achieved per
VPN instance (for all tunnels)
• Multiple instances for the same VPC
are possible

AWS Direct Connect

Direct Connect
VPC
VPC
VPC
CORP

Direct Connect
DX Location
VPC
VPC
VPC
CORP

Direct Connect
AWS Direct
Connect
Devices
DX Location
VPC
VPC
VPC
CORP

Direct Connect—physical connectivity

1) Customer presence in the same DX location

AWS Direct Connect
Letter of Authorization and Connecting Facility Assignment
Please consider this letter as notification for connecting facility assignment for the purpose of
establishing or augmenting connectivity between the parties identified above. This document authorizes
a connection to the ports indicated above. All charges for the physical connection are the sole
responsibility of company.
For location specific information on requesting a cross-connect, visit the "Requesting Cross-Connects"
section of the user guide:
http://docs.aws.amazon.com/DirectConnect/latest/UserGuide/Colocation.html
The requester(s) use of AWS services will be governed by the terms of the AWS Customer Agreement
(available at http://aws.amazon.com/agreement), or a separate agreement between the requester(s)
and AWS.
EXPIRATION NOTICE The authorized connectivity must be completed within 90 days of this LOA-CFA's
issue date or this LOA-CFA will expire.
* Amazon Corporate LLC is a subsidiary of Amazon.com, Inc.
Issue Date .
Oct 13, 2016
Issued By* .
Amazon Web Services Spain S.L.
Facility - Meet Me Room .
Interxion MAD2 – MAD2.211
Customer Demarcation/ZSide .
Rack: R77B1.R99B09
Patch Panel: PP2:SOUTH
Strands: 40818
Requested By .
Company requesting name
Issued To .
Interxion, Madrid, ESP
Connection ID ..
MAD50_Test
Optic and Connector Types ..
1000BASE-LX Single Mode Fiber (SMF)
Lucent Connector (LC)
Letter Of
Authorization(LOA)
and Connecting
Facility Assignment

2) Circuit between customer data center and DX location

APN Partners supporting AWS Direct Connect
https://aws.amazon.com/directconnect/partners/

2) Circuit between customer data center and DX location
3) Service provider network extending to DX location

Direct Connect—Resiliency
CORP
Internet
Customer
Routers
Colocation
DX Location 1
`
Customer
Routers
Colocation
DX Location 2
`
VPC
VPC
VPC
AWS Direct
Connect Devices
AWS Direct
Connect Devices

DX physical connectivity considerations
AWS account that owns the DX port?
Adding/removing virtual interfaces?
Routing ownership?
End-to-end costs?

Direct Connect cost considerations
Port hour + data transfer
Data in $0; data out priced lower than Internet
Factor in circuit costs/DX location equipment

End-to-end costs
Choosing the right location(s)
Latency
Connectivity back to data centers

Direct Connect (DX)
Cost
Performance
Flexibility
Resiliency
• 18 AWS regions, 90 POPs worldwide
• LOA available within up to 72 hours
• Lead time of circuit build-out could take
weeks
• Port hours
• Data out transfer
• Service provider circuit/MPLS
• Colo cage (if applicable)
2 x DX in two locations + VPN
2 x DX in two separate locations
2 x DX in one DX location
DX + VPN
DX
• 1 Gbps or 10 Gbps ports
• 100, 200, 300, 400, or 500 Mbps
ports available through partners
• LAG several connections in a group
for aggregate bandwidth

Batelco Global Business
TRANSCENDING BORDERS WITH OUR GLOBAL
SOLUTIONS

WHY BATELCO?
1981 Batelco was
Founded
14 Batelco Group
OPCOs
24x7 Support Services
Talented NOC
25+
Global POPs
In Europe, ME & Asia
40+ Global & Regional
Data Centers
50+
Regional &
Global Partners
Fully Integrated Service
Provider in the Kingdom of
Bahrain
Long Track Record with Regional
MNCs and US Government

WE TAKE PRIDE IN OUR PERFORMANCE

BATELCO GULF NETWORK (BGN)
 Fully Protected Terrestrial fiber optic cable
(1,400KM)
 Fully owned cable (No Capacity
Restriction and Highly Scalable)
 Shortest Intergulf Latency
 Fiber is elevated on electricity
pylons and less prone to cable cuts
 interconnected with other regional submarine cables
 Creating new diversity to the regions
UAE
Qatar
Bahrain
Kuwait
KSA

OUR SUPPORT
 Highly Qualified Engineers
 Dedicated Client Partner
 Service Level Agreement
 Network Monitoring Tools
 NOC and Service Management Center
 Business Continuity Management
24x7
DEDICATED
SUPPORT

Please complete the session’s survey by
scanning the QR Code printed on your badge or
through the link below.
https://amzn.to/BahrainSessions

Let’s get Connected_ Exploring Connectivity in your Cloud Journey

Recommandé

Recommandé

Contenu connexe

Tendances

Tendances (20)

Similaire à Let’s get Connected_ Exploring Connectivity in your Cloud Journey

Similaire à Let’s get Connected_ Exploring Connectivity in your Cloud Journey (20)

Plus de Amazon Web Services

Plus de Amazon Web Services (20)

Let’s get Connected_ Exploring Connectivity in your Cloud Journey

Notes de l'éditeur