By now, just about everyone is familiar with the potential benefits of the public cloud, even if they haven't yet decided to leverage it in some way. The elasticity and scalability offered by the cloud combined with pay-as-you-go pricing can be compelling.
However, for heavy cloud users, simply comparing the costs and relative flexibility of running workloads in the cloud versus running them on-premise doesn't tell the whole story. Potential users must consider how they're actually going to get access to the systems that reside in the cloud -- especially in relation to hybrid cloud and storage-intensive applications.
Typically, businesses will use the public Internet to get where they need to go, but this can be an expensive and technically challenging way to secure high-quality access to cloud-hosted resources. To answer this challenge, cloud service providers are increasingly offering direct connections into their networks, with Amazon's Direct Connect as one of the more mature options.
The Internet connectivity challenge
Let's say you've decided to leverage Amazon's S3 and Glacier services to provide offsite backups for your on-premise network. This is a popular use case for cloud storage that combines nearly limitless scalability, very high data durability, and the elimination of a big chunk of backup/recovery capital expense. Assuming you have a decent-sized connection, your current on-premise Internet pipe will probably work well for relatively small amounts of data. A 100Mbps Internet connection, for example, will handle 40GB to 45GB per hour at full utilization.
If you work with large image-based backups (say, of a virtualized environment) or simply have a lot of data to move, that relatively large circuit may not be anywhere near big enough to transfer each night's full data load to the cloud. Additionally, if you use a commodity Internet connection, your traffic is almost sure to be routed through a few different ISPs before it reaches the AWS network -- bumping up latencies and potentially restricting your throughput due to congestion. If you decide to ship backups to the cloud all day long (say, by using a caching cloud appliance like Amazon's Storage Gateway), you may also have to implement QoS on your Internet circuit to prevent normal Internet traffic from being crowded out by your backups.
Direct connections to the cloud
For network backups and many other use cases, a large portion of cloud customers find they want a direct connection to the resources they've hosted in the cloud. After all, hybrid cloud providers market themselves as a true extension of your internal infrastructure. It's only logical to try to make that extension as transparent as possible. But how, exactly, do you connect to the cloud?
It often turns out to be no more complicated than getting an Ethernet Private Line (EPL) connection to a remote office. In Amazon's case, a product called Amazon Direct Connect allows you to lease a 1Gbps or 10Gbps router port that offers direct, unfettered access to all of its services, including EC2, S3, and Glacier. These are priced per hour (30 cents per hour for a 1Gbps port; $2.25 per hour for 10Gbps ports) and feature substantially lower transfer fees than Amazon charges for public Internet transfers, dipping to as little as 2 cents per gigabyte versus 12 cents per gigabyte for outbound public Internet transfers.
Of course, getting access to the port you're leasing will require finding a connection from your premises to one of the nine different data centers and carrier hotels Amazon uses to provide this peering service. Depending on your location, such a connection can range from the very cheap to the very expensive. Nevertheless, it will typically be a third to a quarter the cost of getting a similar amount of commodity Internet bandwidth, and it will be subject to substantially lower end-to-end latency.
With Amazon Direct Connect, you can provision that circuit in a number of different ways, using 802.1q VLAN trunking to segregate traffic between different uses. One example might be to separate traffic going into an EC2 Virtual Private Cloud (effectively giving you direct "inside" access to your EC2 workloads) from traffic going to Amazon's S3, Glacier, and so on. On the public service side, Amazon will provide your on-premise router with a limited private BGP feed that allows it to direct traffic across the Direct Connect link without the need to maintain static routes.
Although I've focused on Amazon Direct Connect in this example, other cloud service providers offer similar types of services; considering some are ISPs themselves, that's not terribly surprising. Using Amazon isn't the only way you can get this kind of service.