Amazon just announced the limited beta of Amazon Virtual Private Cloud (Amazon VPC), a secure and seamless bridge between existing IT infrastructures and the AWS cloud. Amazon VPC enables us to connect our existing infrastructure to a set of isolated AWS compute resources via a Virtual Private Network (VPN) connection.
“Amazon VPC enables you to use your own isolated resources within the AWS cloud, and then connect those resources directly to your own datacenter using industry-standard encrypted IPsec VPN connections. With Amazon VPC, you can:
- Create a Virtual Private Cloud on AWS’s scalable infrastructure, and specify its private IP address range from any block you choose.
- Divide your VPC’s private IP address range into one or more subnets in a manner convenient for managing applications and services you run in your VPC.
- Bridge together your VPC and your IT infrastructure via an encrypted VPN connection.
- Add AWS resources, such as Amazon EC2 instances, to your VPC.
- Route traffic between your VPC and the Internet over the VPN connection so that it can be examined by your existing security and networking assets before heading to the public Internet.
- Extend your existing security and management policies within your IT infrastructure to your VPC as if they were running within your infrastructure.”
Besides the standard EC2 rates, you will need to cover the VPN connection ($0.05 per VPN Connection-hour) and data transfer through the VPN tunnel ($0.10 per GB IN – and starting with $0.17 per GB OUT).
Amazon is trying to get a jump on it's competitors in the enterprise space. While many enterprises have used Amazon Web Services, most perceive it as being insufficiently secure for important or confidential data, and too nuts-and-bolts to provide the economies promised by Platform As A Service. Microsoft, IBM and Rackspace are trying to find the right mix of scale and security for enterprise clients: With Azure, Microsoft is building its own platform and infrastructure-as-a-service offering called Azure; IBM is creating several gradations of a hybrid cloud, from private cloud infrastructure deployed inside a corporation’s own data center, to services delivered from Big Blue’s DCs; and Rackspace is hoping security-minded customers use its dedicated hosting that can scale up to the Rackspace cloud.
Michael Crandell, CEO of Rightscale tried to explain a bit more what Amazon is trying to do with VPC:
"Something that initially puzzled me is what the benefits of a VPC are when all the marketing fluff dissipates. Here is what I’ve learned. First, instances in the VPC are separated from non-VPC instances at a deeper network level than instances in different security groups or belonging to different users. As is typical, Amazon doesn’t say anything of substance about the nature of this isolation. Let’s see how soon that will have to change to actually attract enterprises…Second, instances in the VPC can seamlessly integrate into a company’s internal network routing. This is significant because it means that tools used to inventory, secure, audit, manage and access all servers in the IT infrastructure can now be brought to bear on instances in the cloud as well."
The Amazon offering is different from IBM and Microsoft’s efforts in that it provides access to the raw infrastructure, rather than PaaS, which both Microsoft and IBM are betting heavily upon. In the next few years, as more enterprise compute will shift to some of these companies, Amazon apparently believes it will remain relevant and can get a slice of that enterprise pie through VPC. The question will be whether or not businesses find Amazon's VPC private enough.
In any case, this is an interesting direction for sharing resources between the DC and the Public Cloud. I will be rather interested in what Eucalyptus, Nagius/Ganglia do with this to better enable the Private Cloud, which would enable AWS in a sense to compete more directly with Microsoft and IBM.
Comments