Fotolia

Tip

Compare dedicated cloud connections from AWS, Azure and GCP

Leading public cloud providers offer dedicated, albeit different, options to help enterprises securely connect to off-premises resources. Here's a breakdown of your options.

Regardless of which cloud provider you choose, you need the ability to quickly and reliably connect to their services. And, increasingly, enterprises achieve this through the use of dedicated network connections, rather than the public internet.

AWS, Microsoft Azure and Google Cloud each offer direct cloud connections to their resources. AWS has Direct Connect, and Azure has ExpressRoute. Google provides two services with different tiers -- Dedicated Interconnect and Partner Interconnect -- which are similar to the other offerings, except that Google offers Dedicated Interconnect in 10 Gbps increments, while Partner Interconnect, like the AWS and Azure options, ranges from 50 Mbps to 10 Gbps. All three services also enable enterprises to bond together multiple connections to attain faster speeds.

In addition to speed, these cloud connections provide IT managers with better governance over how and where their data flows into specific cloud data centers. This could be especially significant with the rollout of GDPR in Europe, which mandates how businesses must protect and readily provide customers' personal information in the region.

These dedicated connections can also offer cost savings for enterprises that shuttle multiple TBs of data to and from the cloud for applications that use AI or analytics. All three providers claim their cloud connections can reduce latency and jitter for mission-critical workloads.

There are, however, some important differences between these services that users should note.

Evaluate performance

One significant distinction, for example, is how each cloud provider approaches service-level agreements (SLAs).

AWS Direct Connect does not support an SLA. When the primary connection encounters a problem, enterprises can configure an automated backup to roll over to an encrypted virtual private network using IPsec.

Azure ExpressRoute does come with an SLA, but it also comes with a heftier price tag. This is partly because ExpressRoute includes redundant connections by default, whereas you have to purchase redundancy separately with the others. For example, a 50-Mbps connection with Azure is $55 per month, Google is $39 per month and AWS is about $21 per month, billed hourly. For a 10 Gbps connection on a monthly basis, Azure is $5,000, Google is $1,700 and AWS is about $1,620.

Google Cloud takes a different approach, conflating an SLA -- a legal term with remedies -- with service availability, a technical promise with no remedies. Google recommends enterprises adopt specific interconnect configurations, which consist of multiple connections that support 99.9% or 99.99% availability.

The give and take of layer control

Private networks ensure that data flows through physical routes, which enterprises control. All three providers' cloud connections provide different ways for enterprises to define the routes their data takes.

AWS Direct Connect only supports Layer 2 routing, as defined in the OSI networking stack, which has its pros and cons. On the plus side, Direct Connect provides a relatively simple mechanism to ensure data only moves from the enterprise border to one AWS region. This reduces the odds that a network engineer or hacker will find a way to direct traffic through an undesired route. This could prove particularly helpful for high-valued transactions that might otherwise become subject to hackers.

Previously, AWS customers could only route traffic to one availability zone. But the vendor now provides Direct Connect Gateways, which enable connections to multiple regions.

In contrast, Azure ExpressRoute only supports Layer 3 routing, which makes it possible to direct traffic through as many as 10,000 different routes. These different traffic avenues can be helpful when a router goes down or suffers performance issues. In these cases, you can route traffic over preconfigured backup routes.

The downside is that these route configurations also present potential security risks. Companies must adopt safeguards to reduce the risk of rogue employees or hackers rerouting sensitive traffic.

Google supports both Layer 3 and Layer 2 routing. By default, Google enables enterprises to connect apps from their private clouds to any Google Cloud data center. If IT managers have security or governance concerns, it's up to them to configure constraints for this connectivity. In contrast, Microsoft's ExpressRoute defaults to a connection to just one data center, which can be expanded, while AWS Direct Connect only provides a direct link to one region.

Bond a bigger network

Both Google and AWS provide a mechanism to bond multiple cloud connections to perform as one larger interconnect. Google's Dedicated Interconnect starts at 10 Gbps, and you can bond together as many as eight connections to transport up to 80 Gbps. AWS Direct Connect enables enterprises to bond up to four 10 Gbps interconnects, resulting in half of Google's possible bandwidth.

Azure ExpressRoute does not currently support interconnect bonding, but an enterprise can have multiple ExpressRoute circuits on an account.

At the end of the day, governance issues could be the biggest factor for any IT manager when it comes to interconnect adoption. It's also worth noting that several vendors offer services that route traffic to multiple clouds, a growing need as multi-cloud deployments gain traction.

Dig Deeper on AWS infrastructure