The Schwartz
Cloud Report

Blog archive

Amazon Extends Connectivity of Cloud Service

Amazon Web Services has rolled out three new features to its portfolio of cloud services that should appeal to enterprise users by making it easier to extend their datacenters to the cloud.

Today marks the general availability of AWS Virtual Private Cloud (VPC), AWS Direct Connect and new identity federation capabilities.

"With today's launch of Amazon VPC worldwide, AWS Direct Connect and the new IAM federated identity capabilities, enterprises have even more flexibility and control over deploying their workloads to the cloud," said Amazon Web Services VP Adam Selipsky in a statement. "These capabilities provide even more privacy, and along with AWS's existing cloud services allow enterprises to choose the environment that is best suited to each of their workloads."

The new AWS Direct Connect feature allows customers to create connections from their datacenters to an AWS location with a dedicated network link. By bypassing the Internet and creating dedicated network connections, users gain improved privacy and better network and data transfer performance, while seeing increased bandwidth and reduced latency between the customer's datacenter and AWS, according to the company.

Currently, AWS Direct Connect is available at one location, Equinix's colocation facility in Virginia, allowing users to connect to services in AWS's East Coast region. In the coming months, Direct Connect locations will be available in San Jose, Los Angeles, London, Tokyo and Singapore.

The new Amazon VPC offering lets customers provision instances on a private, isolated section of the AWS cloud service. "You can now build highly available AWS applications that run in multiple Availability Zones within a VPC, with multiple (redundant) VPN connections if you'd like," wrote AWS evangelist Jeff Barr in a blog post. "You can even create redundant VPCs. And, last but not least, you can do all of this in any AWS Region."

Amazon said users can define a virtual network topology that closely matches a typical network that an organization might run within their own datacenters. Customers have control over the virtual networking environment including IP address ranges, creation of subnets and configuration of route tables and network gateways.

In his blog post, Barr wrote:

  • The VPC is available in multiple Availability Zones in every AWS Region.

  • A single VPC can now span multiple Availability Zones.

  • A single VPC can now support multiple VPN connections.

  • You can now create more than one VPC per Region in a single AWS account.

  • You can now view the status of each of your VPN connections in the AWS Management Console. You can also access it from the command line and via the EC2 API.

  • Windows Server 2008 R2 is now supported within a VPC, as are Reserved Instances for Windows with SQL Server.

Lastly, AWS rolled out Identity Federation to its Identity and Access Management (IAM) service. With Identity Federation, customers can use existing enterprise identities to access AWS without having to create a new identity. It lets users create temporary security credentials for AWS to let identities from an existing directory such as an LDAP server, to use IAM's access controls.

In a separate blog post, Barr explained how the Identity Federation capability can allow organizations to request temporary security credentials. "Identity federation opens up new use cases for our enterprise customers," he noted. "You can provision temporary security credentials for identities you are responsible for managing, with no limits on the number of identities you can represent or the number of credentials you can obtain."

Posted by Jeffrey Schwartz on August 04, 2011


Featured