Interconnecting the Enterprise Multicloud AWS Direct Connect
Apr 30, 2019
Today’s enterprises make use of applications and services that live on-premises, in public clouds and even in edge data centers. IT has entered the multicloud era and connecting the modern enterprise isn’t easy.
There are a range of offerings available to interconnect an enterprise’s on-premises data centers to resources that live in the public cloud. Internet gateways are fraught; they’re inexpensive, but they offer slow, best-effort speeds. They are also not always the best choice for the security-conscious.
VPNs are a mature technology, available in a variety of encryption and authentication methods and have a definite security advantage over internet gateways. However, they trade capability for cost, as they typically are a more expensive option, especially when performance requirements are high enough to push hardware to the limits.
As multicloud deployments become more common, demands on multicloud connectivity are straining capacity and budgets. Enterprises are now regularly reexamining their options for multicloud connectivity and the list of available options is regularly expanding.
Enterprises do not consist of a single data center and a single cloud provider. Enterprises have multiple locations and are increasingly using multiple cloud providers. Interconnectivity between all of these different infrastructures is restricted by the combination of physical and virtual connectivity available at a given location.
Connectivity between cloud providers is usually good, however, there is usually quite a bit of variation, especially when smaller cloud providers are in the mix. Many enterprises engage high-end co-location providers, such as Equinix, and one of the biggest reasons why is the stunning amount of connectivity these high-end co-los can offer. They have made putting the “multi” in multicloud the case for their continued existence.
Juniper Networks’ prominent presence at AWS Summit, Sydney next week is an excellent opportunity to talk about how we enable AWS Direct Connect to offer high-performance, secure networking between infrastructures in an enterprise multicloud.
Why AWS Direct Connect?
When organizations try to implement a hybrid cloud environment, they face a unique set of challenges when it comes to delivering secure connectivity to the cloud. AWS Direct Connect simplifies the process of establishing a dedicated and secure network connection between your data center and Amazon Web Services. Direct Connect is fully compatible with all other services from AWS.
It gives your business a more performant, reliable and secure network experience compared to a more traditional site-to-site VPN. Direct Connect does not rely on the internet to provide connectivity. Internet data flows are sporadic and unreliable, regularly experiencing latency spikes when dealing with large amounts of data.
Direct Connect, as the name implies, is a physical ethernet connection from your co-lo or private router to an AWS router. No latency spikes, no unpredictability. It offers the ability to send data at wire speed, while offering organizations the flexibility of choosing how (or whether) to encrypt data flows across this link. Organizations can, for example, choose to use VPNs to create an encrypted tunnel across Direct Connect; the choice is up to the customer.
Juniper and AWS Partnership
With AWS and Juniper’s hybrid cloud partnership, Juniper emphasizes the ability to deliver secure connectivity. Physical devices such as the MX or SRX can provide carrier-grade routing, optionally with IPsec and, in the case of the SRX, it’s inclusive of next-generation firewalling and unified threat management features. Alternatively, the vMX and vSRX can be deployed as virtual devices on a range of hypervisors atop co-lo-based servers.
The partnership between Juniper and AWS helps deliver three key benefits for customers:
Ease of migration: Customers receive a consistent experience of security-enabled solutions across hybrid environments.
Full suite of automation tooling: API-based cloud-class routing and security in AWS and hybrid environments.
Increased scale for security, routing and connectivity: Seamlessly meet dynamically changing business needs by adding AWS Direct Connect links, as needed.
A Quick Guide
Juniper provides simple solutions for both routing and security needs.
Security: Juniper offers fast and elastic protection with the SRX and vSRX, identifying and blocking potential threats in hybrid cloud-to-enterprise connectivity. It also leverages metadata instead of traditional IP in all security policies while at the same time automating workloads and the metadata discoveries.
Routing: With both the virtual and physical MX and SRX devices, Juniper provides advanced and robust routing, evolvable connectivity speeds for today and the future and both MACsec and IPsec capabilities that provide additional security on top of private dedicated links.
Orchestration: Along with routing capabilities provided by the physical devices, users can now simplify management and control using Contrail features. As Juniper wrote earlier this year, Contrail Enterprise Multicloud can now orchestrate EVPN-VXLAN for data center interconnect. And Contrail SD-WAN can intersect using open standards-based BGP to orchestrate enterprise-wide secure connectivity through branch and campus sites or to those vSRXs in AWS. For example, Vodafone has partnered with AWS and Juniper to offer this SD-WAN service as a fully managed solution.
Using AWS Direct Connect with Juniper gives you the ability to establish a secure and dedicated network connection from your private, possibly co-lo-based, clouds and enterprise WAN to AWS. By combining the best of Juniper and AWS networking products and services, our customers experience a highly reliable and secure network experience.