Guidance for Building Your Enterprise WAN on AWS
Overview
Background
Network modernization is a journey akin to how Software as a Service (SaaS) transformed on-premises workloads. As a global enterprise, you run workloads across your WAN that span on-premises and the cloud. The on-premises workloads reside in geographically dispersed data centers and are accessed from remote locations and branch offices. As your business expands globally, you are faced with changing traffic patterns and unpredictable bandwidth peaks that span many time zones.
Historically, building a global network to meet these requirements required capacity planning in advance and investment in fixed cost infrastructure or circuits with long-term contracts. With data center consolidation and application modernization initiatives taking advantage of cloud computing services that accelerate time-to-market for business owners, you must ensure the network is an enabler and not a blocker.
In order for your network to be as flexible as cloud compute, you need to modernize the network infrastructure to consume it as a service. AWS WAN solutions, including this Guidance, use a Network-as-a-Service (NaaS) consumption model. As defined by Gartner, NaaS allows you to consume the network from the cloud as a service, provides access to scale capacity up or down when needed, and offers the flexibility of only paying for what you use.
Benefits
The architecture diagram above is an example of a Solution created with Well-Architected best practices in mind. To be fully Well-Architected, you should follow as many Well-Architected best practices as possible.
Optimize Costs
Reduce Complexity
Increase Availability
Architecture Diagram
These technical details feature an architecture diagram to illustrate how to effectively use this solution. The architecture diagram shows the key components and their interactions, providing an overview of the architecture's structure and functionality step-by-step.
Well-Architected Pillars
The architecture diagram above is an example of a Solution created with Well-Architected best practices in mind. To be fully Well-Architected, you should follow as many Well-Architected best practices as possible.
Operational Excellence
AWS Cloud WAN and SiteLink are used throughout this Guidance to enhance your operational excellence. AWS Cloud WAN allows you to accelerate workload migration by simplifying your global connectivity patterns through network policies and automated network management. It provides a centralized dashboard that helps you visualize and control your network by monitoring performance and health, and automating routine tasks. With features like SiteLink, you can easily simplify on-premises connectivity between your data centers, helping you reduce operational overhead and human errors for your global network.
Security
In this Guidance, we recommend you use Direct Connect or Site-to-Site VPN to connect your on-premises environment to AWS. To encrypt your traffic, you can either use Direct Connect with MAC Security (MACsec) or Site-to-Site VPN, which supports Internet Protocol security (IPsec) VPN connections. Furthermore, Traffic Encryption Options in AWS Direct Connect lists various ways you can build a secure, consistent, low latency network experience. Also, all data flowing across AWS Regions over the AWS global network is automatically encrypted at the physical layer before it leaves AWS secured facilities. More information about encryption in transit within AWS can be found in Data protection in Amazon EC2.
Reliability
This Guidance consists of AWS Cloud WAN, Direct Connect, and Site-to-Site VPN, which are AWS managed networking services built on top of the AWS Global Infrastructure that delivers the highest network availability of any cloud provider. Additionally, this Guidance requires you to connect your on-premises network to the cloud. While the reliability of the on-premises network is your responsibility, this Guidance uses Direct Connect which has a resiliency model that provides recommendations on how to build a highly available network connection between your on-premises environment and AWS.
Performance Efficiency
This Guidance helps you improve your performance efficiency in a number of ways. For one, you can decide to use Site-to-Site VPN over the internet compared to dedicated circuits through Direct Connect for your hybrid connectivity. Second, you can choose Direct Connect locations to be closest to your data centers to improve latency, jitter, and other performance parameters. Third, for your global network, you can use AWS Cloud WAN to track network events, routes, and performance. Using this Guidance to replace existing WAN services, such as multiprotocol label switching (MPLS), can decrease round-trip network latency by 200ms and increase bandwidth by 66x for long-haul intercontinental connections (for example, US West to Asia-Pacific).
Cost Optimization
AWS Cloud WAN, Direct Connect, and Site-to-Site VPN offer usage-based pricing, allowing you the flexibility to pay only for the network resources you use. Data transfer out (DTO), in the case of Direct Connect, and data processing, in the case of AWS Cloud WAN, are based on the amount of traffic consumed. Additionally, data transfer for network traffic that is sent into AWS over Direct Connect is free of charge. Finally, you have the flexibility to increase your usage over time, so you can avoid unnecessary costs, build, and operate cost-aware workloads.
Sustainability
AWS Cloud WAN, an AWS managed service, allows you to scale your Regional connections, as well as your global network footprint, in minutes. Also, because this Guidance uses Site-to-Site VPN and Direct Connect, you can choose the optimal on-premises connectivity option based on your current requirements. This helps you optimize your workloads as your demand grows and minimize the environmental impacts of running cloud workloads.
Implementation resources
Disclaimer
Did you find what you were looking for today?
Let us know so we can improve the quality of the content on our pages