Highly Resilient Connections in AWS

Highly Resilient Connections in AWS

Today, we’ll discuss networking options when building highly resilient systems and architectures within the AWS sandbox. We’ll go over several functional alternatives, including VPC peering, AWS Transit Gateway, AWS Private Link, AWS Direct Connect, and a few other generic options, to give you an idea of how each fares against the other tradeoffs you can expect.

Understanding Resiliency and your requirements

Given the nature of cloud services, achieving greater resiliency is simply a question of how much infrastructure you can afford to have on standby and how quickly you need to get things back up and running. Here we’ll define the four tiers of importance for systems, which you can use to determine how critical a particular system is to the functioning of your business.
A tier 1 system is one that absolutely must not malfunction in any given scenario, even when processing a single transaction, while a tier 4 system may remain offline for a while without compromising business operations. Within the scope of a retail business, transaction processing would be a tier 1 application, while attendance management might be tier 4, just as an example.

Connectivity Options

We’ve put together a list of AWS connectivity options for your perusal. The list, in order of complexity and dependency on AWS-provided services and architectures, runs as follows:

Software Site-to-site VPN

This is an entirely client managed solution, where the customer manages all aspects of connectivity through any number of third party VPN service providers. As the infrastructure and operations management functions exist outside Amazon’s purview, availability and redundancies are as high or low as you want (or can get) them to be.
As the least reliable solution, and SSTS VPN is also likely going to cost you the least, though it might justify a lower price tag by giving you subpar latency or bandwidth.
GSA Schedule

Transforming for Innovation, Sustainability and Security

Schedule an Appointment

Schedule an Appointment

Choose your Appointment date and time for no obligation cloud consulting services and starting your journey into AWS.

Transforming for Innovation and Sustainability securing future competitive advantage

AWS-managed VPN over existing network

An AWS-managed VPN allows you to run your AWS services via an existing internet connection. As the most barebones option available, it requires additional services (like BGP-enabled dynamic routing) to be handled by the client and instituted at their own endpoint.
In the simplest cases, this is both the cheapest connectivity option as well as the easiest to manage. You’re still dependent on your internet connection, though, so you cannot improve aspects of connectivity, such as latency and availability. Availability of service, thus, is at the mercy of your internet provider.

AWS Direct Connect

AWS Direct Connect is Amazon’s own direct-to-VPC connectivity option for those that require a more robust connection than what your run of the mill internet provider offers. You’re communicating with your AWS servers directly through Amazon’s network, and thus your service is guaranteed by Amazon themselves (which makes it more reliable than an internet connection).
You can also make use of an AWS-managed VPN over your AWS Direct Connect line to benefit from your existing VPN equipment without having to deal with the unreliability of a conventional Internet Provider. Dynamic
Strictly in terms of bandwidth, a Direct Connect line offers you more bang for your buck than a conventional VPC or internet connection. On the flip side, you may have to talk things over with local telecom and hosting provider to get the necessary infrastructure for your Direct Connection set up, especially if you’re located in either the Asia Pacific or Africa regions.

Frequently Asked Questions

A Microservice is the breaking up of traditionally tightly coupled application components into small specialized services that communicate through HTTPS REST and HTTPS API interfaces.
Since Microservices are small specialized services, they can be quickly and efficiently rearranged to accommodate future capabilities unknown at the present time.
Microservices are independent and modular which allows for significant flexibility in communications patterns and often prevent cascading failure.
DevOps is the combination of development and operations into a single function of software development and infrastructure management. The main priority of DevOps is the reduction of barriers to speed of delivery.
DevSecOps empowers everyone in the development process using a security focused tool set to address timely security decisions at speed and scale of each development stage. The main priority of DevSecOps is risk reduction through DevOps security accountability and governance.
Security automation in DevSecOps increases speed of code releases while reducing the risk using static application security testing (SAST), dynamic application security testing (DAST), and code dependency checking.
High business value is realized from quick and efficient response to market opportunities and challenges, optimization for innovation, and reduction of technical debt all lead to superior competitive advantage.
CCT is pleased to discuss your requirements and present a proposal for your review and consideration. Call us today at 1-800-804-9726 x105.

AWS Transit Gateway/Transit VPC

Every option we’ve discussed up till now has you pulling all your cloud-based resources and AWS services through a single VPC (Virtual Private Cloud) connection. Transit Gateway gives you access to an entire region’s VPC connections, letting you pull substantially more resources than a single VPC. These multiple redundant connections lend to highly resilient connections in AWS.

There are also other benefits to Transit Gateway. While interfacing with and managing your connections to hundreds of VPCs would otherwise be a very tedious and complex process, Transit Gateway allows you to abstract this step, letting you benefit from a nearly unlimited pool of resources without dealing with any of the unwieldy aspects of the process. Your billing rate also reflects this move towards a simpler interface; instead of paying for each individual service and resource you’re tacking on to your suite, Transit Gateway as a service bill you by a per hour per/GB transferred model, which is easier to calculate and plan for.
By linking you to Amazon’s greater pool of resources through multiple VPC connections, Transit Gateway functions as a hub through which you’re linked to the AWS cloud. As such, it can work with any of your preferred means of network connection (AWS Direct Connect or a standard ISP coupled with AWS-Managed VPN).

Alternatives to AWS Transit Gateway | VPC Peering and Amazon PrivateLink

Alternatives to Transit Gateway, such as VPC Peering and AWS PrivateLink, might be more feasible for smaller businesses that don’t need the processing firepower or have other requirements that Transit Gateway doesn’t accommodate. VPC Peering, for example, removes the layer of abstraction that allows Transit Gateway to pull resources as the need arises, meaning you’ll still have to actively allocate resources. On the other hand, VPC Peering has a lower cost associated with it. It doesn’t have an aggregate bandwidth limit (the bandwidth for a single VPC connection is limited to 50 Gbps with Transit Gateway). However, that fact in itself is a little misleading (your Instance and service-specific limits still apply, so you’d only be able to benefit from a higher bandwidth in very specific scenarios).
AWS PrivateLink is another alternate to Transit Gateway that’s preferable for businesses with very specific needs. If you’re operating on a client/server model that relies on both ends being managed via cloud services, PrivateLink might be the right fit for you. Businesses that require unidirectional communication between separate VPCs might find a PrivateLink solution cheaper overall than Transit Gateway, all while affording them the same level of functionality.

What clients say about Cloud Computing Technologies

"CCT's diverse skills and expertise has reduced our technical debt by millions of dollars to which we have reinvested into future capabilities."
Mrs Hanson
Mrs. Hanson
"With CCT migrating our critical systems into the AWS, 80% our staff is now remote working."
Mrs Miller
Mrs. Miller
"CCT showed us how to meeting regulatory compliance in AWS Landing Zone and greatly improved our cloud security controls."
Mrs Wilson
Mrs. Wilson
"CCT provided our agency with application rationalization services and successfuly applicaton migrations meeting all KPIs and SLAs."
Mr Smith
Federal Agency
"I highly recommend the data science team at CCT. They are technically proficient, great communicators, unbiased, and reduced our false positives by 68%."
Mr Brown
Mr. Brown
"The team at CCT is knowledgable and insightful in developing a cloud architecture leading to our mission success."
Mr Robinson
Mr. Robinson

Experience and Agile Expertise

you can trust
Years in business
180 +
Contracts Awarded