Deploying applications to the cloud brings many benefits, including agility and innovation by eliminating much of the low-value technical work such as hardware acquisitions and installations, network connections and hypervisors, etc. Our customers who benefit from the benefits of the cloud realize that the nature of work is changing and optimizing towards tasks that bring more value to users.
Starting a new project using AWS gives access to cloud benefits from day one, but the reality for most organizations is that there are very few applications that operate in a completely isolated way. So how do we maximize the benefits of the cloud as soon as possible? Should we ensure that our existing systems are accessible through the Internet? Especially not! Should we switch everything to the cloud overnight? Of course not! You can securely and flexibly connect your data centers with AWS to facilitate hybrid architectures: deployments where you will need to link cloud components with your on-premises systems.
Hybrid connectivity: possible approaches
With AWS, you have the choice to establish your hybrid connectivity based on your needs. You can expand your existing private IP network by connecting a site-to-site virtual private network with AWS Site-to-Site VPN or by establishing a dedicated private AWS Direct Connect link, without the performance and latency variations common on the Internet.
By keeping your private IP address, you can join your cloud resources with those you have on-site. You can also keep your security architecture functional and integrated with your cloud deployments, including using routing tables to route traffic through your existing firewalls.
How to get started with AWS Direct Connect
AWS Direct Connect allows you to connect your data centers with your AWS resources through a dedicated link, with controlled, stable bandwidth and protected from Internet fluctuations. With this link and the Border Gateway Protocol (BGP), it is possible to establish routes between your private subnets on-site and those you use on the AWS cloud.
An AWS Direct Connect link is established through an interconnect in a selected location or through a partner’s network. In Quebec, education, higher education and research organizations served by the RISQ network can use their cloud access service and thus establish AWS Direct Connect connectivity easily, without necessarily involving the installation of new physical optical fibers. You can choose to use dedicated AWS Direct Connect connections (a connection that goes through a 1 Gb/s, 10 Gb/s, or 100 Gb/s Ethernet port dedicated to you alone) or hosted AWS Direct Connect connections (logical connections ranging from 50 Mb/s to 10 Gb/s).
To start the process of establishing an AWS Direct Connect connection with RISQ-Cloud, simply use the AWS console and create a connection.
In addition, provincial government institutions that are connected to the Integrated Multimedia Telecommunications Network (IMTN) also have the opportunity to use AWS Direct Connect connectivity through a partnership with the government provider.
The importance of a multi-account AWS environment
Connectivity between your data centers and AWS needs to be scalable and change-friendly – after all, one of the benefits of the cloud is increased agility! Without framing, you may face challenges with hybrid connectivity: Conflicting IP address ranges, routes to the Internet without filtering through your firewalls, breaches in your security zones, etc. It is important to architect your AWS environment in a way that facilitates governance and evolution while ensuring the security of your information assets.
AWS offers a number of services and features to help you manage, control and automate governance tasks. This allows you to control network configurations to ensure healthy growth that meets your goals. Specifically, we recommend that you establish a secure, multi-account AWS environment and use resource sharing to give your production, development, and test accounts the subnets they need for their respective applications.
AWS Control Tower automates the governance of your multi-account environment and provides a solid foundation for designing your secure, flexible hybrid network architecture. Once your multi-account environment is deployed, you can create an account for your hybrid network, specify the staff authorized to access that account, and then configure the desired Amazon Virtual Private Cloud (VPC) isolated virtual networks, with their private IP address ranges, subnet splitting, routing tables, and so on. You can then share the desired subnets with the AWS accounts dedicated to your organization’s applications, environments, and/or teams.
Secure, flexible hybrid architecture with AWS Secure Environment Accelerator
An increasing number of organizations are also opting for the AWS Secure Environment Accelerator (ASEA) solution as it significantly reduces the amount of work required to establish a flexible and secure multi-account environment that meets the high security requirements for Government of Canada services – often similar or even more stringent than those required by non-governmental organizations. ASEA establishes cross-functional accounts for shared network, operations, network perimeter, log archiving, and security. The solution also prepares the organizational units needed to structure AWS accounts for applications. Finally, ASEA does more than just create AWS accounts: Many resources are set up and managed by the solution, including networking to facilitate the creation of your VPCs and dynamically assign IP address ranges as needed. You will therefore have an entire AWS multi-account environment described in infrastructure as code ready for use and integration with your on-site network.
Ultimately, whether to facilitate the integration of your existing systems or to prepare for a major migration, establishing your hybrid connectivity is a common prerequisite that can be established through your existing connectivity partners.
No need to wait: You can start the process in the AWS console in minutes. You can also communicate with your AWS account team to discuss your needs and feed your thinking about the desired network architecture.
Finally, consider the AWS Secure Environment Accelerator solution to establish your landing zone and your flexible and secure hybrid architecture. It’s an accelerator that will allow you to link your AWS Direct Connect links to a best-practice cloud environment very quickly.
BRAMS Partnership with the leader
With its expertise, BRAMS offers you market-leading cloud solutions billed per use. With BRAMS, now you can unleash your full potential and focus on what matters most: Your activities. Thanks to its partnerships and collaboration with the biggest global cloud pioneers: Microsoft, Amazon Web Services, IBM Cloud and Google Cloud, Brams has become a multi-industry focus, to support companies of different sectors and sizes to move to the Cloud for more than two decades of expertise.