AWS Partner Network (APN) Blog

Achieving Business Agility in Hybrid Cloud with AWS Direct Connect

phoenixNAP Logo-1
APN Standard Consulting Partner-1
Connect with phoenixNAP-1
Rate phoenixNAP-1

By Bojana Dobran, Senior Marketing Specialist at phoenixNAP

The growing need for business agility has redefined IT at the organizational and infrastructure levels. Building an agile IT architecture that can quickly adapt to business needs and support dynamic teams has become a critical focus in most modern organizations.

An agile infrastructure is fast, robust, and easily scalable. Its creation usually involves collaboration between NetOps, DevOps, and SecOps teams—all of whom need to ensure the infrastructure is capable of handling bandwidth-heavy workloads, delivering uninterrupted connectivity, and transferring data quickly and safely.

As a model that’s flexible enough to meet these requirements, a hybrid cloud is often the top choice of IT decision makers. Its adaptability allows for a custom infrastructure design without major IT investments. Managing such environments, however, requires multiple strategies to ensure data safety and excellent customer experience.

As an AWS Partner Network (APN) Standard Consulting Partner, phoenixNAP is focused on security and compliance beyond the walls of our data center.

In this post, we will discuss these strategies, focusing on AWS Direct Connect as a technology that delivers improved network performance and security. You will learn how to leverage AWS Direct Connect in hybrid environments, what the best practices for its implementation are, and how it helps you achieve resilience.

AWS Direct Connect

With AWS Direct Connect, you can achieve private network connectivity between the Amazon Web Services (AWS) Cloud and your own environments. This helps you prevent significant security risks from the public internet and different network bottlenecks so you can build and utilize highly efficient and safer hybrid environments.

In our flagship data center in Phoenix, Arizona, we have multiple tenants using AWS Direct Connect. Our network carriers such as Alluvion Communications consider access to AWS Direct Connect a significant advantage in expanding their infrastructure, while many of our co-location tenants use it within their hybrid environments.

Although their individual needs differ, our customers saw similar benefits of choosing AWS Direct Connect and in choosing phoenixNAP as the only edge location in Arizona providing connectivity to it. The information presented in this post is derived from our experience in helping these organizations establish an environment that fully supports their business needs.


Figure 1 – AWS Direct Connect architecture with both a public and private virtual interface.

Agile-by-Design: Hybrid Cloud Implementation

The flexibility and cost-efficiency of distributing workloads between dedicated and cloud environments are some of the principal drivers of hybrid cloud adoption and a crucial step for achieving agility.

Organizations can work with hyper-scale providers or more specialized data center vendors to cost-effectively tailor an IT platform to their needs. More importantly, you can get access to specialized technologies and even staffing resources to complement in-house IT teams.

Companies that do not have large IT teams or lack in-house security expertise can leverage the hybrid cloud to access enterprise-grade network and security technologies. One such technology is AWS Direct Connect, a fully private network service between a data center and AWS.

Providing an advanced level of network security and consistency, AWS Direct Connect can support agile implementations in multiple ways.

Network Performance and Consistency

While most hybrid cloud strategies focus on storage flexibility, a part of your infrastructure planning should address security and connectivity. Ensuring faster and consistent data transfer requires advanced strategies and technologies, especially in companies handling heavy data loads and sensitive information.

Available from selected data center locations on a consumption-based pricing model, AWS Direct Connect provides quick and scalable connectivity to AWS with pre-provisioned virtual connections. A direct Ethernet fiber-optic cable connection from your data center router to the AWS Direct Connect router enables dedicated data transfer to your AWS services, including Amazon Simple Storage Service (Amazon S3) and Amazon Elastic Compute Cloud (Amazon EC2).

This kind of transfer is faster, stable, and more consistent than going through the public cloud internet while allowing for greater flexibility in managing and transferring sensitive data.

The overall network experience is more powerful and consistent, and bandwidth costs are significantly lower. On most locations, and for the greatest number of applications, it can measure 1-10 Gpbs with less than 10-millisecond latency. This is ideal for latency-sensitive applications, and is also in line with agile network principles, which prioritize the creation of a network that is agile in both capacity and configuration.

AWS Direct Connect can be set up by an APN Partner as a hosted connection, but such a connection delivers slower port speeds and supports only a single virtual interface.

Security and Compliance

In a hybrid cloud model, organizations that transfer sensitive data can leverage AWS Direct Connect through a third-party data center or co-location facility to achieve security and network performance goals. This means you don’t have to build a private on-premises infrastructure to secure your critical data.

As opposed to the classic Virtual Private Network (VPN) connection, AWS Direct Connect uses the intranet to transfer data. Doing so bypasses the public internet to achieve greater security and lower latency.

AWS Direct Connect also uses the industry standard 802.1q VLANs to enable the distribution of the connection into multiple interfaces. This means it can be used to access different services, adding to your infrastructure flexibility. The connection is also IPsec-encrypted, while traffic flow control is possible through custom BGP settings and diversity of available routing possibilities.

Adding such a critical layer of security to your infrastructure, AWS Direct Connect is recommended for organizations with strict compliance and regulatory requirements. Private data transfer minimizes the risk of breach or network intrusion, which is essential for achieving compliance.


Figure 2 – The Meet-Me-Room is phoenixNAP’s data center in Phoenix, Arizona.

Availability and Resilience

When it comes to redundancy, AWS gives a set of recommendations on how to achieve it. One of the best practices is first to segment workloads based on how critical they are and then set multiple remote connections. Development workloads and other non-critical applications should have at least two AWS Direct Connect connections established on different devices at a single location.

For workloads that require higher resiliency, it’s recommended you set up connections from two different facilities. Such redundant connections ensure traffic will not be interrupted even in case of a networking or power issue in a single hosting facility.

Setting up an AWS Direct Connect connection involves creating virtual interfaces, which are used to connect to your Amazon Virtual Private Cloud (VPC). You can create public or private virtual interfaces and connect them to your public AWS resources and AWS Direct Connect, respectively.

Multiple private virtual interfaces can be tied in with a virtual private gateway (VGW) that can be associated with an AWS Direct Connect gateway. By setting up multiple and dynamically routed connections, you achieve the highest level of redundancy and availability.

Best practices for creating redundant connections include:

  • Connecting each VGW to at least two AWS Direct Connect locations.
  • Ensuring you have a public virtual interface on each AWS Direct Connect connection at two or more locations.
  • Using the same routes in each private virtual interface.
  • Regular failover testing.

Cost-Effective Implementation

AWS Direct Connect implementation is a streamlined process that essentially results in lower bandwidth costs and improved overall experience. A private connection to your public cloud repository gives you greater flexibility to allocate bandwidth. You can also access burst resources, as well as additional public cloud and on-demand services that can be combined with private cloud deployments.

The precondition to accessing AWS Direct Connect is having the whole or parts of the infrastructure set up in a facility that is one of the AWS Direct Connect edge locations. Co-located environments in these data centers have additional benefits, such as being able to access global networks and other critical IT resources.

With phoenixNAP, the only AWS Direct Connect location in Arizona, you can set up a bare metal backend to AWS via Direct Connect in several steps. After making a connection request and getting the Letter of Authorization and Connecting Facility Assignment (LOA-CFA), you can request cross-connect from the phoenixNAP team and create a hosted connection. You’ll then be able to create a Private Virtual Interface, from where you can access and manage your connection.

For detailed steps on how to set up an AWS Direct Connect connectivity with phoenixNAP, consult this guide.


Providing pathways to high-class security and network technologies, hybrid clouds are ideal for organizations lacking in staff or resources to build high-performance infrastructures. By outsourcing some of the services from a trusted cloud or data center provider, you can achieve platform flexibility and access industry-leading technologies to take your performance and security to the next level.

AWS Direct Connect is one of the technologies that can contribute to the creation of agile networks in hybrid cloud environments. Through the various benefits it can bring to organizations, it helps ensure the needed capacity that can be upgraded or changed any time according to the organization’s needs.

The content and opinions in this blog are those of the third party author and AWS is not responsible for the content or accuracy of this post.


phoenixNAP Logo-1
Connect with phoenixNAP-1

phoenixNAP – APN Partner Spotlight

phoenixNAP is an APN Standard Consulting Partner. They design and develop world-class products and services for customers of all sizes, specializing in performance, security, and availability.

Contact phoenixNAP | Practice Overview

*Already worked with phoenixNAP? Rate this Partner

*To review an APN Partner, you must be an AWS customer that has worked with them directly on a project.