Seamlessly Extending the Data Center - Introducing Amazon Virtual Private Cloud
At this 3rd anniversary of the launch of Amazon Elastic Compute Cloud (Amazon EC2), it is amazing to see the impact this service has had on the industry. It is truly disruptive technology and its impact has reached far beyond a pure technology offering as the benefits of the cloud have changed the way we view IT Infrastructure. As one of the CIOs at the ACM Cloud Computing Roundtable summarized it: "IT used to be the blocker in anything we did, but with our shift to the cloud IT is now the enabler." From young businesses and established enterprises to hospitals and governments agencies, all are equally enthusiastic cloud customers for whom IT infrastructure has changed forever.
Even though we keep rolling out new services and features, and several existing AWS services are already very successful, this is still Day One. We are only at the brink of what is possible to deliver in the cloud and at Amazon we continue to innovate to make this future a reality.
We continuously listen to our customers to make sure our roadmap matches their needs. One important piece of feedback that mainly came from our enterprise customers was that the transition to the cloud of more complex enterprise environments was challenging. We made it a priority to address this and have worked hard in the past year to find new ways to help our customers transition applications and services to the cloud, while protecting their investments in their existing IT infrastructure.
Protecting investments during the transition
Most enterprises with a datacenter practice have invested significantly over the past decade into the management of their systems and applications. CIOs of Fortune 500 companies are responsible for hundreds if not thousands of applications running in a variety of locations. Keeping track of those resources and managing access to them is a daunting task that continues to require significant investment.
The CIO of a large financial services company in the Northeast explained to me that his teams manage close to 3000 applications and services in 27 different locations. Consolidation of applications, resources and locations is a process that never stops in a world where mergers and acquisitions happen frequently. For him the cloud is attractive as a target for his consolidated services: it allows him to significantly reduce both his capital and operational costs, while gaining significant flexibility and reliability with resources that are globally distributed, without the headache of owning and maintaining them.
He has set the guideline that their current data center infrastructure should not expand any further and that all new development will target the cloud. He expects that the process of moving his existing applications and services to the cloud will take time to complete, as his road map is driven by many internal and external factors. And there are certainly some legacy applications that may never move. He has set the goal of moving 20% of his applications into the cloud by the end of 2010, but to meet this goal he needed to find a solution for a significant obstacle: how to integrate applications running in the cloud into his existing management frameworks. In his world, this especially applies to those management practices that manage policy-driven access controls and required, cross-application regulatory auditing.
This story is typical of many of the conversations I have had with CIOs around the globe. They have bought into the cloud as a target for a significant portion of their services, as the benefits are too obvious to ignore, and most expect that their transition will be a continuous process. They would accelerate the adoption of cloud services if they could access a form of cloud that would give them the best of both worlds: the flexibility and cost-effectiveness of accessing a virtually infinite pool of resources without owning it, while being able to integrate those resources into their existing datacenter environments such that they could continue to leverage existing investments in their management and control infrastructure.
Private Cloud is not the Cloud
These CIOs know that what is sometimes dubbed "private cloud" does not meet their goal as it does not give them the benefits of the cloud: true elasticity and capex elimination. Virtualization and increased automation may give them some improvements in utilization, but they would still be holding the capital, and the operational cost would still be significantly higher.
I often get asked to define "The Cloud," especially because of the many permutations that different vendors use in trying to make their existing businesses look like a cloud offering. I define the cloud by it benefits, as those are very clear. What are called private clouds have little of these benefits and as such, I don't think of them as true clouds.
The cloud:
- Eliminates Cost. The cloud changes capital expense to variable expense and lowers operating costs. The utility-based pricing model of the cloud combined with its on-demand access to resources eliminates the needs for capital investments in IT Infrastructure. And because resources can be released when no longer needed, effective utilization rises dramatically and our customers see a significant reduction in operational costs.
- Is Elastic. The ready access to vast cloud resources eliminates the need for complex procurement cycles, improving the time-to-market for its users. Many organizations have deployment cycles that are counted in weeks or months, while cloud resources such as Amazon EC2 only take minutes to deploy. The scalability of the cloud no longer forces designers and architects to think in resource-constrained ways and they can now pursue opportunities without having to worry how to grow their infrastructure if their product becomes successful.
- Removes Undifferentiated "Heavy Lifting."The cloud let its users focus on delivering differentiating business value instead of wasting valuable resources on the undifferentiated heavy lifting that makes up most of IT infrastructure. Over time Amazon has invested over $2B in developing technologies that could deliver security, reliability and performance at tremendous scale and at low cost. Our teams have created a culture of operational excellence that power some of the world's largest distributed systems. All of this expertise is instantly available to customers through the AWS services.
Elasticity is one of the fundamental properties of the cloud that drives many of its benefits. While virtualization has tremendous benefits to the enterprise, certainly as an important tool in server consolidation, it by itself is not sufficient to give the benefits of the cloud. To achieve true cloud-like elasticity in a private cloud, such that you can rapidly scale up and down in your own datacenter, will require you to allocate significant hardware capacity. While to your internal customers it may appear that they have increased efficiency, at the company level you still own all the capital expense of the IT infrastructure. Without the diversity and heterogeneity of the large number of AWS cloud customers to drive a high utilization level, it can never be a cost-effective solution.
We have been listening very closely to the real requirements that our customers have and have worked closely with many of these CIOs and their teams to understand what solution would allow them to treat the cloud as a seamless extension of their datacenter, where their standard management practices can be applied with limited or no modifications. This needs to be a solution where they get all the benefits of cloud as mentioned above while treating it as a part of their datacenter.
Introducing Amazon Virtual Private Cloud
We have developed Amazon Virtual Private Cloud (Amazon VPC) to allow our customers to seamlessly extend their IT infrastructure into the cloud while maintaining the levels of isolation required for their enterprise management tools to do their work.
With Amazon VPC you can:
- Create a Virtual Private Cloud and assign an IP address block to the VPC. The address block needs to be CIDR block such that it will be easy for your internal networking to route traffic to and from the VPC instance. These are addresses you own and control, most likely as part of your current datacenter addressing practice.
- Divide the VPC addressing up into subnets in a manner that is convenient for managing the applications and services you want run in the VPC.
- Create a VPN connection between the VPN Gateway that is part of the VPC instance and an IPSec-based VPN router on your own premises. Configure your internal routers such that traffic for the VPC address block will flow over the VPN.
- Start adding AWS cloud resources to your VPC. These resources are fully isolated and can only communicate to other resources in the same VPC and with those resources accessible via the VPN router. Accessibility of other resources, including those on the public internet, is subject to the standard enterprise routing and firewall policies.
Amazon VPC offers customers the best of both the cloud and the enterprise managed data center:
- Full flexibility in creating a network layout in the cloud that complies with the manner in which IT resources are managed in your own infrastructure.
- Isolating resources allocated in the cloud by only making them accessible through industry standard IPSec VPNs.
- Familiar cloud paradigm to acquire and release resources on demand within your VPC, making sure that you only use those resources you really need.
- Only pay for what you use. The resources that you place within a VPC are metered and billed using the familiar pay-as-you-go approach at the standard pricing levels published for all cloud customers. The creation of VPCs, subnets and VPN gateways is free of charge. VPN usage and VPN traffic are also priced at the familiar usage based structure
- All the benefits from the cloud with respect to scalability and reliability, freeing up your engineers to work on things that really matter to your business.
For more details on Amazon Virtual Private Cloud, visit the Amazon VPC detail page and the posting on the AWS developer weblog. For how our partners view Amazon VPC see for example the posting at RightScale
And happy birthday to Amazon EC2!