While some companies move 100% of their infrastructure to the cloud some prefer a hybrid system which combines on-premises infrastructure with cloud services.
The two ways to form a connection from on-premises server to AWS clouds is through a site-site connection and direct connect connection. In this post I would be explaining in easy to understand terms how to form this connection.
Site-Site VPN
This is a connection from an on-premises server to AWS through the internet.
But not so easy there are some cloud services and on-premises hardware you need to provision before this connection is formed. How does this connection happen?
First you create a virtual private network in your VPC, as a result you are provided with a VPN endpoint which lives in the virtual private gateway. This VPN endpoint is then provided to your on-premises device (router) that support IPsec (Internet Protocol Security), Your router and VPN endpoint then uses IPsec to authenticate each-other.
Once the encryption is established a secure tunnel is created over the internet which will facilitate the connection between your on-premises network and VPC. After this is done, your on-premises network can now see AWS subnets, and AWS can see your on-premises subnets.
Direct Connect (DX)
The connection does not have to go through the public Internet instead it goes through a private fibre link. This private fibre link is gotten by contacting a telecom provider who then provides a dedicated link from your on-premises network to AWS direct connect location. From these locations your connection then enters a logical lane through a virtual interface which is tied your VPC through a virtual private gateway or transit gateway (this can enable connection to more than one VPC)
Now your servers can interact and they do not need to go through the internet, they just utilize these fibre cable connections.
Pros and Cons
Site-Site VPN connections are fast to set up, cheap, and they are perfect for small or medium traffic, But they depend on the public internet which may not always be reliable and increase latency.
Direct Connect connections are reliable and cheaper since AWS gives discounts if you move a lot of data, But are more expensive upfront and takes lots of time to set up.
Conclusion
Chooses between the two connection models really boils down to your use case, availability, the size of your organization, safety and compliance laws and finances.
Top comments (0)