Search for Well Architected Advice
< All Topics
Print

How do you provision redundant connectivity between private networks in the cloud and on-premises environments?

Provision redundant connectivity between private networks in the cloud and on-premises environments

To ensure high availability and minimize the risk of connectivity issues between private networks in the cloud and on-premises environments, provision redundant connectivity using multiple AWS Direct Connect connections or VPN tunnels. This redundancy provides resilience to failures, ensuring consistent connectivity and availability for workloads that depend on these private networks.

Establish connectivity redundancy champions in each team: Assign connectivity redundancy champions within each workload team to oversee the implementation of redundant network connections between cloud and on-premises environments. These champions are responsible for planning and configuring redundant Direct Connect connections, VPN tunnels, and ensuring redundancy across different Availability Zones and AWS Regions for high availability.

Provide training on implementing redundant connectivity: Train builder teams on best practices for provisioning redundant connectivity between cloud and on-premises networks. Training should include understanding AWS Direct Connect, VPN tunnels, and multi-region or multi-availability deployments. Empowering teams with the right knowledge ensures they can implement resilient connectivity solutions for critical workloads.

Develop connectivity redundancy guidelines and standards: Create clear guidelines for provisioning redundant network connectivity between private networks. These guidelines should include using multiple AWS Direct Connect locations, deploying multiple VPN tunnels, and ensuring redundancy across multiple Availability Zones or Regions. Documented standards help ensure consistency in achieving reliable and redundant network connectivity.

Integrate connectivity validation into CI/CD pipelines: Integrate connectivity validation checks into CI/CD pipelines to ensure redundancy is properly configured during deployment. Automated tests can verify connectivity via multiple redundant paths, providing early detection of misconfigurations or single points of failure. Integrating connectivity validation helps maintain a consistent focus on high availability during the development and deployment phases.

Define automated guardrails for connectivity redundancy: Use automated tools to enforce connectivity redundancy across private networks. Tools like AWS Config can ensure that multiple Direct Connect connections, VPN tunnels, and redundant instances in multiple Availability Zones are implemented as required. Automated guardrails reduce the likelihood of manual errors and ensure compliance with redundancy best practices.

Foster a culture of resilience in network connectivity: Encourage builder teams to prioritize resilience when designing private network connectivity solutions. Recognize and reward proactive steps taken to ensure high availability in connectivity, including deploying multiple connections and ensuring redundancy across Regions. Open discussions about connectivity failures and how they were mitigated can help create a culture of continuous improvement.

Conduct regular connectivity redundancy reviews: Schedule regular reviews of connectivity between cloud and on-premises networks to evaluate the effectiveness of redundant solutions. Ensure that multiple AWS Direct Connect connections or VPN tunnels are functioning correctly and provide the necessary failover capabilities. These reviews help maintain a focus on high availability and identify areas for improvement.

Leverage automation for consistent redundant configurations: Use Infrastructure as Code (IaC) tools like AWS CloudFormation or AWS CDK to automate the deployment of redundant connectivity configurations. Automating these processes ensures consistency across environments and helps prevent misconfigurations that could lead to connectivity issues.

Provide dashboards for visibility into redundant connectivity: Use dashboards to provide visibility into the health and redundancy of private network connections. Tools like Amazon CloudWatch and AWS Direct Connect monitoring can help track the status of connections, VPN tunnels, and overall network health. Dashboards help builder teams actively monitor redundancy and ensure connectivity remains resilient.

Supporting Questions

  • How do you ensure that builder teams provision redundant connectivity for cloud and on-premises networks?
  • What mechanisms are in place to validate that connectivity redundancy meets organizational standards for high availability?
  • How do you align connectivity redundancy practices with reliability and SLA requirements?

Roles and Responsibilities

Connectivity Redundancy Champion (within Builder Team)

Responsibilities:

  • Plan and configure redundant network connections between private cloud and on-premises environments.
  • Monitor the health and failover capabilities of network connections to ensure high availability.

Application Developer

Responsibilities:

  • Implement application features that consider redundant network connectivity requirements.
  • Use automated tools to validate the presence of redundant connections during the development process.

Operations Team Member

Responsibilities:

  • Assist builder teams with configuring redundant Direct Connect connections, VPN tunnels, and multi-availability deployments.
  • Provide guidance and training to ensure alignment with best practices for network redundancy and high availability.

Artifacts

Connectivity Redundancy Guidelines and Standards: A document outlining best practices for deploying multiple Direct Connect connections, VPN tunnels, and redundant connectivity across Availability Zones or Regions.

Training Resources for Redundant Network Solutions: Hands-on labs, workshops, and documentation to help teams understand how to implement and manage redundant network connectivity.

Automated Connectivity Configuration Templates: Scripts and configurations that automate the deployment of redundant network connections across cloud and on-premises environments.

Relevant AWS Services

Training and Awareness Tools:

  • AWS Skill Builder and AWS Well-Architected Labs: Resources for learning how to provision and manage redundant network connectivity.
  • AWS Trusted Advisor: Provides insights into the configuration of network connections and recommendations for ensuring redundancy.

Redundant Connectivity Components and Guardrails:

  • AWS Direct Connect: Provides private, dedicated connectivity between AWS and on-premises networks, supporting multiple connections for high availability.
  • AWS VPN: Creates redundant VPN tunnels to ensure continuous connectivity between cloud and on-premises environments.
  • AWS Config: Monitors configurations to ensure that redundant network components are implemented across different Availability Zones and Regions.

Monitoring and Visibility Tools:

  • Amazon CloudWatch: Tracks the health of network connections and generates alerts for connectivity issues, ensuring redundancy is maintained.
  • AWS Direct Connect Monitoring: Monitors the status of Direct Connect connections to ensure continuous availability.
  • AWS CloudFormation: Codifies redundant connectivity configurations, allowing for automated and consistent deployment of highly available network components.
Table of Contents