Category: AWS Direct Connect

AWS customers can use AWS Direct Connect to establish a dedicated network connection from their premises to AWS. This gives them a more consistent network experience than a shared, Internet-based connection along with increased throughput and the potential to reduce network costs.

We have added several new Direct Connect locations already this year, and are adding even more today. This post summarizes the most recent additions to our roster!

The following locations are for the EU (Frankfurt) Region:

• Berlin, Germany – IPB.
• Munich, Germany – Equinix MU1 & MU3.
• Prague, Czech Republic – CE Colo.
• Zurich, Switzerland – Interxion.
• Vienna, Austria – Interxion.
• Warsaw, Poland – Equinix WA1.

The following location is for the EU (Ireland) Region:

• Marseille, France – Interxion.

The US East (Ohio) Region:

• Columbus, Ohio – Cologix COL2.

The Canada (Central) Region:

• Toronto, Canada – Allied 250 Front St W.

And the US East (Northern Virginia) Region:

• Philadelphia, Pennsylvania – Lightower.
• Newark, New Jersey – 165 Halsey Street.
• Atlanta, Georgia – Digital Realty ATL1 and ATL2.

See the Direct Connect Product Details for a full list of new and existing locations.

— Jeff;

At AWS we have had a number of HIPAA eligible service announcements. Patrick Combes, the Healthcare and Life Sciences Global Technical Leader at AWS, and Aaron Friedman, a Healthcare and Life Sciences Partner Solutions Architect at AWS, have written this post to tell you all about it.

-Ana

We are pleased to announce that the following AWS services have been added to the BAA in recent weeks: Amazon API Gateway, AWS Direct Connect, AWS Database Migration Service, and Amazon SQS. All four of these services facilitate moving data into and through AWS, and we are excited to see how customers will be using these services to advance their solutions in healthcare. While we know the use cases for each of these services are vast, we wanted to highlight some ways that customers might use these services with Protected Health Information (PHI).

As with all HIPAA-eligible services covered under the AWS Business Associate Addendum (BAA), PHI must be encrypted while at-rest or in-transit. We encourage you to reference our HIPAA whitepaper, which details how you might configure each of AWS’ HIPAA-eligible services to store, process, and transmit PHI. And of course, for any portion of your application that does not touch PHI, you can use any of our 90+ services to deliver the best possible experience to your users. You can find some ideas on architecting for HIPAA on our website.

Amazon API Gateway
Amazon API Gateway is a web service that makes it easy for developers to create, publish, monitor, and secure APIs at any scale. With PHI now able to securely transit API Gateway, applications such as patient/provider directories, patient dashboards, medical device reports/telemetry, HL7 message processing and more can securely accept and deliver information to any number and type of applications running within AWS or client presentation layers.

One particular area we are excited to see how our customers leverage Amazon API Gateway is with the exchange of healthcare information. The Fast Healthcare Interoperability Resources (FHIR) specification will likely become the next-generation standard for how health information is shared between entities. With strong support for RESTful architectures, FHIR can be easily codified within an API on Amazon API Gateway. For more information on FHIR, our AWS Healthcare Competency partner, Datica, has an excellent primer.

AWS Direct Connect
Some of our healthcare and life sciences customers, such as Johnson & Johnson, leverage hybrid architectures and need to connect their on-premises infrastructure to the AWS Cloud. Using AWS Direct Connect, you can establish private connectivity between AWS and your datacenter, office, or colocation environment, which in many cases can reduce your network costs, increase bandwidth throughput, and provide a more consistent network experience than Internet-based connections.

In addition to a hybrid-architecture strategy, AWS Direct Connect can assist with the secure migration of data to AWS, which is the first step to using the wide array of our HIPAA-eligible services to store and process PHI, such as Amazon S3 and Amazon EMR. Additionally, you can connect to third-party/externally-hosted applications or partner-provided solutions as well as securely and reliably connect end users to those same healthcare applications, such as a cloud-based Electronic Medical Record system.

AWS Database Migration Service (DMS)
To date, customers have migrated over 20,000 databases to AWS through the AWS Database Migration Service. Customers often use DMS as part of their cloud migration strategy, and now it can be used to securely and easily migrate your core databases containing PHI to the AWS Cloud. As your source database remains fully operational during the migration with DMS, you minimize downtime for these business-critical applications as you migrate your databases to AWS. This service can now be utilized to securely transfer such items as patient directories, payment/transaction record databases, revenue management databases and more into AWS.

Amazon Simple Queue Service (SQS)
Amazon Simple Queue Service (SQS) is a message queueing service for reliably communicating among distributed software components and microservices at any scale. One way that we envision customers using SQS with PHI is to buffer requests between application components that pass HL7 or FHIR messages to other parts of their application. You can leverage features like SQS FIFO to ensure your messages containing PHI are passed in the order they are received and delivered in the order they are received, and available until a consumer processes and deletes it. This is important for applications with patient record updates or processing payment information in a hospital.

Let’s get building!
We are beyond excited to see how our customers will use our newly HIPAA-eligible services as part of their healthcare applications. What are you most excited for? Leave a comment below.

AWS Direct Connect helps our large-scale customers to create private, dedicated network connections to their office, data center, or colocation facility. Our customers create 1 Gbps and 10 Gbps connections in order to reduce their network costs, increase data transfer throughput, and to get a more consistent network experience than is possible with an Internet-based connection.

Today I would like to tell you about a new Link Aggregation feature for Direct Connect. I’d also like to tell you about our new Direct Connect Bundles and to tell you more about how we used Direct Connect to provide a first-class customer experience at AWS re:Invent 2016.

Link Aggregation Groups
Some of our customers would like to set up multiple connections (generally known as ports) between their location and one of the 46 Direct Connect locations. Some of them would like to create a highly available link that is resilient in the face of network issues outside of AWS; others simply need more data transfer throughput.

In order to support this important customer use case, you can now purchase up to 4 ports and treat them as a single managed connection, which we call a Link Aggregation Group or LAG. After you have set this up, traffic is load-balanced across the ports at the level of individual packet flows. All of the ports are active simultaneously, and are represented by a single BGP session. Traffic across the group is managed via Dynamic LACP (Link Aggregation Control Protocol – or ISO/IEC/IEEE 8802-1AX:2016). When you create your group, you also specify the minimum number of ports that must be active in order for the connection to be activated.

You can order a new group with multiple ports and you can aggregate existing ports into a new group. Either way, all of the ports must have the same speed (1 Gbps or 10 Gbps).

All of the ports in a group will connect to the same device on the AWS side. You can add additional ports to an existing group as long as there’s room on the device (this information is now available in the Direct Connect Console). If you need to expand an existing group and the device has no open ports, you can simply order a new group and migrate your connections.

Here’s how you can make use of link aggregation from the Console. First, creating a new LAG from scratch:

And second, creating a LAG from existing connections:

Link Aggregation Groups are now available in the US East (Northern Virginia), US West (Northern California), US East (Ohio), US West (Oregon), Canada (Central), South America (São Paulo), Asia Pacific (Mumbai), and Asia Pacific (Seoul) Regions and you can create them today. We expect to make them available in the remaining regions by the end of this month.

Update – we announced availability in the AWS GovCloud (US), EU (London), EU (Ireland), Asia Pacific (Tokyo), Asia Pacific (Singapore), and Asia Pacific (Sydney) Regions at the end of February.

Direct Connect Bundles
We announced some powerful new Direct Connect Bundles at re:Invent 2016. Each bundle is an advanced, hybrid reference architecture designed to reduce complexity and to increase performance. Here are the new bundles:

Level 3 Communications Powers Amazon WorkSpaces – Connects enterprise applications, data, user workspaces, and end-point devices to offer reliable performance and a better end-user experience:

SaaS Architecture enhanced by AT&T NetBond – Enhances quality and user experience for applications migrated to the AWS Cloud:

Aviatrix User Access Integrated with Megaport DX – Supports encrypted connectivity between AWS Cloud Regions, between enterprise data centers and AWS, and on VPN access to AWS:

Riverbed Hybrid SDN/NFV Architecture over Verizon Secure Cloud Interconnect – Allows enterprise customers to provide secure, optimized access to AWS services in a hybrid network environment:

Direct Connect at re:Invent 2016
In order to provide a top-notch experience for attendees and partners at re:Invent, we worked with Level 3 to set up a highly available and fully redundant set of connections. This network was used to support breakout sessions, certification exams, the hands-on labs, the keynotes (including the live stream to over 25,000 viewers in 122 countries), the hackathon, bootcamps, and workshops. The re:Invent network used four 10 Gbps connections, two each to US West (Oregon) and US East (Northern Virginia):

It supported all of the re:Invent venues:

Here are some video resources that will help you to learn more about how we did this, and how you can do it yourself:

• NET205 – Future-Proofing the WAN and Simplifying Security On the way to Cloud (slides).
• NET305 – Extending Data Centers to the Cloud (slides).
• NET402 – Deep Dive: AWS Direct Connect and VPNs (slides).

— Jeff;

I introduced you to Amazon Elastic File System last year (Amazon Elastic File System – Shared File Storage for Amazon EC2) and announced production readiness earlier this year (Amazon Elastic File System – Production-Ready in Three Regions). Since the launch earlier this year, thousands of AWS customers have used it to set up, scale, and operate shared file storage in the cloud.

Today we are making EFS even more useful with the introduction of simple and reliable on-premises access via AWS Direct Connect. This has been a much-requested feature and I know that it will be useful for migration, cloudbursting, and backup. To use this feature for migration, you simply attach an EFS file system to your on-premises servers, copy your data to it, and then process it in the cloud as desired, leaving your data in AWS for the long term.  For cloudbursting, you would copy on-premises data to an EFS file system, analyze it at high speed using a fleet of Amazon Elastic Compute Cloud (EC2) instances, and then copy the results back on-premises or visualize them in Amazon QuickSight.

You’ll get the same file system access semantics including strong consistency and file locking, whether you access your EFS file systems from your on-premises servers or from your EC2 instances (of course, you can do both concurrently). You will also be able to enjoy the same multi-AZ availability and durability that is part-and-parcel of EFS.

In order to take advantage of this new feature, you will need to use Direct Connect to set up a dedicated network connection between your on-premises data center and an Amazon Virtual Private Cloud. Then you need to make sure that your filesystems have mount targets in subnets that are reachable via the Direct Connect connection:

You also need to add a rule to the mount target’s security group in order to allow inbound TCP and UDP traffic to port 2049 (NFS) from your on-premises servers:

After you create the file system, you can reference the mount targets by their IP addresses, NFS-mount them on-premises, and start copying files. The IP addresses are available from within the AWS Management Console:

The Management Console also provides you with access to step-by-step directions! Simply click on the On-premises mount instructions:

And follow along:

This feature is available today at no extra charge in the US East (Northern Virginia), US West (Oregon), EU (Ireland), and US East (Ohio) Regions.

— Jeff;

AWS Direct Connect makes it easy for you to create a dedicated network connection from your premises to AWS. This private connectivity can reduce your network costs, increase data transfer throughput, and provide a more consistent experience than a shared Internet-based connection.

I am pleased to be able to announce that we have opened up 5 more Direct Connect locations, bringing the total to 23. Here are the new locations:

• Equinix Slough (LD4, LD5, LD6) – supporting the EU (Ireland) region.
• Equinix Dallas (DA1, DA2, DA3, and DA6) – supporting the US East (Northern Virginia) region.
• GPX Mumbai – supporting the Asia Pacific (Singapore) region.
• Tivit São Paulo – supporting the South America (São Paulo) region.
• Equinix San Jose (SV1, SV5) – supporting the AWS GovCloud (US) region.

Every AWS region is now supported by a pair of Direct Connect locations. This allows you to incorporate an additional level of redundancy into your designs. In addition to using multiple VPNs for backup and provisioning two connections to the same site for device redundancy, you can now get site redundancy for every region. A single VPC can accommodate multiple connections; to learn how to set this up read Configure Redundant Connections with AWS Direct Connect.

You can use the Direct Connect Console to create a connection:

Connections are always made to a particular Direct Connect location and can run at 1 Gbps or 10 Gbps. If you don’t need that much capacity, you can work with one of our Direct Connect Partners to provision a more modest connection. To learn more, check out the Direct Connect User Guide.

— Jeff;

AWS Direct Connect makes it easy to establish a dedicated network connection from your premises to AWS. Our customers use Direct Connect to reduce their network costs, increase throughput, and provide a more consistent network experience than Internet-based connections.

Connect Now
Effective immediately, you can provision a single connection to any Direct Connect location in the United States and use it to access all four of the AWS Regions in the US (US East (Northern Virginia), US West (Northern California), US West (Oregon), and AWS GovCloud (US)). Data transferred between Regions flows over network infrastructure maintained by Amazon and does not flow across the public Internet.

If you have already used Direct Connect to create a dedicated connection, the new routing is already in effect. Our networking infrastructure now announces routes to the connection via the usual BGP announcements.

What You Get
As a Direct Connect user, you will see a number of benefits from this change.

Cost Savings – One connection, to any AWS Region in the US, can potentially take the place of up to four existing connections. You will pay less for your network circuits and for Direct Connect, and the per GB data transfer cost is also lower.

Improved AWS Access – Your on-premises applications can now connect to the public endpoints of AWS services running in any of the AWS Regions in the US.

Enhanced Data Protection – Data transferred between the application and AWS will not flow across the public Internet.

Pricing
This new feature is included in the cost of Direct Connect. You pay only for data transfer from the remote Regions to your Direct Connect Region. This data transfer is billed at the rate of $0.03/GB.

— Jeff;

AWS Direct Connect makes it easy for you to establish a dedicated network connection from your premises to AWS. You can do this to reduce your network costs, improve throughput, or to provide a more consistent network experience than is possible with an Internet-based connection.

Today we are making AWS Direct Connect even more powerful and flexible, with additional connection speeds, an updated console, and the ability to share virtual interfaces on a single connection between multiple AWS accounts. Let’s take a look at each one of these new features.

Additional Connection Speeds
We launched Direct Connect in 2011 with support for connection speeds of 1 and 10 Gigabits per second. Today we are expanding that range, with support for speeds of 50 to 500 Megabits per second.

Connections of this type are available in all eleven of the AWS Direct Connect locations, and can be ordered through select members of the AWS Partner Network (APN). This additional flexibility lets you use Direct Connect in new ways. For example, you can connect branch offices and subsidiaries that have modest connectivity needs.

Updated Direct Connect Console
We have revised the Direct Connect Console to make it easier for you to manage your Connections and your Virtual Interfaces.

As a reminder, a single 1 Gigabit or 10 Gigagit Connection supports multiple Virtual Interfaces. Each Interface can be public or private. A public interface can access all AWS services using public IP addresses. A private interface can access a single Virtual Private Cloud (VPC) using private IP addresses.

Here is how you create a public Virtual Interface:

If you look closely at the screen shot above, you will see that you can now set the IP address of the Amazon router. You can also choose to supply your own BGP key. Both of these features provide you with additional control and will let you choose addresses and keys that are in alignment with your organization’s policies.

And here’s how you create a private one. Note that a private Virtual Interface always connects to a specific Virtual Private Gateway on a particular VPC:

In either case you can choose to delegate ownership of the Virtual Interface to another AWS account as follows:

Shared Virtual Interfaces
You can now create Virtual Interfaces for multiple AWS accounts on a single 1 Gigabit or 10 Gigabit Connection. If you have VPCs owned by different AWS accounts, you can now create multiple Virtual Interfaces and share the underlying connection. When you share a Virtual Interface with another account, the state of the Interface (as seen by the new account) will be shown as “pending acceptance” until the invitation is accepted:

Accepting the request will make it available:

A similar invite/accept model applies to the new sub-Gigabit hosted connections:

If you create a connection using one of the new sub-gigabit port speeds, the APN Partner will use this connection sharing model to make the connection available to you. You will have to accept it in order to create a Virtual Interface on it and to start using it.

— Jeff;

AWS Direct Connect makes it easy to establish a dedicated network connection from your premises to AWS. You can establish private connectivity between AWS and your datacenter, office, or colocation environment. This has the potential to reduce your network costs, increase bandwidth throughput, and provide a more consistent network experience than Internet-based connections.

Today we are introducing our eleventh Direct Connect location, and our second in Europe.

The new location is in Dublin, Ireland at the Eircom Clonshaugh facility. If you have equipment within this facility, you can use Direct Connect to optimize your connection to AWS. If your equipment is located somewhere else, you can work with one of our APN Partners supporting Direct Connect to establish a connection from your location to a Direct Connection location, and from there on to AWS.

You can get started with Direct Connect by opening up the AWS Management Console and signing up for Direct Connect.

— Jeff;

You can use AWS Direct Connect to create a dedicated network connection from your datacenter, office, or colocation environment to AWS. Connections are always made to a particular Direct Connect location, and can run at either 1 Gbps or 10 Gbps.

We are making two important announcements today. First, we are opening up an AWS Direct Connect location in Seattle. Second, we are introducing AWS Direct Connect support for AWS GovCloud (US).

AWS Direct Connect in Seattle
AWS customers in the Pacific Northwest can now make use of the AWS Direct Connect location at the Equinix SE2 facility in Seattle. If you are running your own equipment in SE2 you can use Direct Connect to optimize the connection to AWS. If your equipment is located elsewhere, you will need to establish a connection from your location to an AWS Direct Connect location in order to connect to AWS.  The best way to do this is to work with an APN Partner that supports AWS Direct Connect. They will be happy to work with you to establish your connection.

AWS Direct Connect Support for AWS GovCloud (US)
Direct Connect now allows you to transfer data from any AWS Direct Connect location in the United States to AWS GovCloud (US). As you may know, this AWS Region was designed for the specific regulatory and compliance requirements of Controlled Unclassified Information (CUI). Depending on your needs, you can also run unclassified workloads in AWS GovCloud (US) to take advantage of the unique capabilities of the Region.

To help you learn more about this exciting new aspect of AWS GovCloud (US), we have set up a pair of special online events:

• AWS GovCloud (US) Office Hours will run from 1:00 PM to 3:00 PM EST on Tuesday, May 14th.
• The Introduction to AWS GovCloud (US) Region webinar will be held on May 15th at 1:30 PM EST.

Both of these events are free but space is limited and preregistration is recommended.

— Jeff;

Did you know that you can use AWS Direct Connect to set up a dedicated 1 Gbps or 10 Gbps network connect from your existing data center or corporate office to AWS?

New Locations
Today we are adding two additional Direct Connect locations so that you have even more ways to reduce your network costs and increase network bandwidth throughput. You also have the potential for a more consistent experience. Here is the complete list of locations:

• CoreSite 32 Avenue of the Americas, New York – Connect to US East (Northern Virginia). New.
• Terremark NAP do Brasil – Connect to South America (Sao Paulo). New.
• CoreSite One Wilshire, Los Angeles, CA – Connect to US West (Northern California).
• Equinix DC1 DC6 & DC10, Ashburn, VA – Connect to US East (Northern Virginia).
• Equinix SV1 & SV5, San Jose, CA – Connect to US West (Northern California).
• Equinix SG2, Singapore – Connect to Asia Pacific (Singapore).
• Equinix TY2, Tokyo – Connect to Asia Pacific (Tokyo).
• TelecityGroup Docklands, London – Connect to EU West (Ireland).

If you have your own equipment running at one of the locations listed above, you can use Direct Connect to optimize the connection to AWS. If your equipment is located somewhere else, you can work with one of our APN Partners supporting Direct Connect to establish a connection from your location to a Direct Connection Location, and from there on to AWS.

Console Support
Up until now, you needed to fill in a web form to initiate the process of setting up a connection. In order to make the process simpler and smoother, you can now start the ordering process and manage your Connections through the AWS Management Console.

Here’s a tour. You can establish a new connection by selecting the Direct Connect tab in the console:

After you confirm your choices you can place your order with one final click:

You can see all of your connections in a single (global) list:

You can inspect the details of each connection:

You can then create a Virtual Interface to your connection. The interface can connected to one of your Virtual Private Clouds or it can connect to the full set of AWS services:

You can even download a router configuration file tailored to the brand, model, and version of your router:

Get Connected
And there you have it! Learn more about AWS Direct Connect and get started today.

— Jeff;