Choose appropriate dedicated connectivity or VPN for your workload

PostedDecember 20, 2024

UpdatedMarch 21, 2025

ByKevin McCaffrey

Selecting the right networking solutions is crucial for achieving optimal performance in cloud-based workloads. Dedicated connectivity or VPN can enhance reliability and security while meeting specific bandwidth and latency requirements necessary for seamless communication between on-premises and cloud resources.

Best Practices

Evaluate Bandwidth and Latency Requirements

Assess the specific bandwidth and latency needs of your workload to ensure that dedicated connectivity or VPN solutions can be effectively provisioned.
Conduct performance testing on existing connections to identify bottlenecks and areas for improvement.
Use tools like AWS CloudWatch to monitor network performance in real-time, enabling adjustments to be made proactively.

Select the Right Connectivity Option

Choose between AWS Direct Connect for dedicated bandwidth or Amazon VPN based on your workload’s needs for reliability and performance.
Consider factors like cost, required data transfer speeds, and the duration of the connection when selecting the right solution.
Use a hybrid model if necessary, combining both Direct Connect and VPN for redundancy and increased reliability.

Implement Network Optimization Techniques

Leverage AWS Global Accelerator to improve application availability and performance by directing traffic to optimal endpoints.
Utilize AWS Regional Edge Caches to reduce latency and improve load times for end-users located far from your primary resources.
Enable compression and caching for data transmitted over the network to reduce bandwidth usage and improve responsiveness.

Design for Resilience and Fault Tolerance

Set up multi-Region architecture to distribute workloads and reduce latency for end-users in different geographic locations.
Implement failover mechanisms to ensure seamless connectivity in case of a network failure by using route 53 health checks to reroute traffic as needed.
Regularly test disaster recovery processes to ensure that your networking configuration supports quick recovery from disruptions.

Regularly Review and Adjust Network Configurations

Establish a routine to audit your network configurations and resource allocations to ensure they continue to meet performance demands as your workload evolves.
Use AWS Cost Explorer to analyze network costs and performance over time, adjusting resources based on usage and effectiveness.
Stay informed on AWS updates and new features related to networking to keep your configuration optimized.

Questions to ask your team

What is the expected latency and throughput for your workload?
Have you evaluated the need for dedicated connectivity versus a VPN?
How do your on-premises resources interface with your cloud resources?
Did you conduct a bandwidth estimation for your hybrid workload?
Are you monitoring network performance and adjusting configurations as needed?
Have you assessed the geographic locations of your users and resources?
Are you utilizing edge locations to improve performance for users far from your primary resource region?

Who should be doing this?

Network Architect

Assess performance requirements including latency, throughput, and bandwidth needs for the workload.
Design the networking architecture to meet the performance goals of the application.
Select appropriate dedicated connectivity options (e.g., AWS Direct Connect) or VPN solutions.
Evaluate edge placement options to optimize performance based on physical constraints.
Collaborate with on-premises teams to ensure seamless integration and resource placement.

Cloud Engineer

Implement the chosen networking solutions and configurations based on the architecture design.
Monitor network performance metrics to ensure compliance with established requirements.
Perform ongoing assessments and optimizations of network resources to maintain performance efficiency.
Document networking configurations and changes for future reference and audits.

Project Manager

Coordinate between stakeholders including IT, operations, and executive teams.
Ensure timelines and budgets align with the performance configuration project.
Facilitate communication and updates on the networking strategy and performance improvements throughout the project lifecycle.

Security Specialist

Implement security measures for VPN connections and dedicated networking resources.
Conduct regular assessments to ensure compliance with security policies and standards.
Coordinate with network architects to ensure minimal security risks in the selected networking solutions.

What evidence shows this is happening in your organization?

Hybrid Connectivity Strategy Guide: A comprehensive guide that outlines best practices for selecting and configuring dedicated connectivity or VPN solutions for hybrid workloads, considering performance factors like bandwidth and latency.
Bandwidth and Latency Estimation Template: A customizable template for estimating bandwidth and latency requirements for hybrid workloads, aiding in the planning and provisioning of adequate networking resources.
Performance Efficiency Checklist: A checklist designed to ensure that all aspects of performance efficiency are considered when selecting and configuring networking resources, including dedicated connectivity and VPN options.
Networking Resource Configuration Report: A report that documents the decisions made regarding networking resource configurations, including the justification for choosing specific bandwidth and latency requirements.
Hybrid Cloud Deployment Diagram: A visual diagram showing the architecture of a hybrid cloud implementation, illustrating how on-premises resources connect to cloud resources using dedicated connectivity and VPN solutions.

Cloud Services

AWS

AWS Direct Connect: Provides dedicated network connections between your premises and AWS, enabling consistent network performance and reduced latency.
AWS VPN: Establishes secure connections between your on-premises network and AWS VPC, ensuring data privacy and integrity over the internet.
Amazon VPC: Allows you to provision a logically isolated section of AWS Cloud where you can launch AWS resources in a virtual network you define.

Azure

Azure ExpressRoute: Creates private connections between Azure datacenters and infrastructure on your premises or in a colocation environment, enhancing reliability and performance.
Azure VPN Gateway: Provides a secure connection between your on-premises networks and Azure through site-to-site VPNs.
Azure Virtual Network: Enables you to create private networks with control over IP address ranges, subnets, route tables, and network gateways.

Google Cloud Platform

Google Cloud Interconnect: Offers high-performance connectivity between your on-premises network and Google Cloud, enabling low-latency and high-bandwidth connections.
Google Cloud VPN: Establishes secure tunnels between your on-premises network and Google Cloud, ensuring data security across the internet.
Google VPC: Allows you to create and manage your own private network within Google Cloud with customizable networking capabilities.

Question: How do you select and configure networking resources in your workload?
Pillar: Performance Efficiency (Code: PERF)

Operational Excellence

Determine what your priorities are

Structure your organization to support your business outcomes

Organizational culture to support your business outcomes

Implement observability in your workload

Reduce defects, ease remediation, and improve flow into production

Mitigate deployment risks

Be ready to support a workload

Uilize workload observability

Understand the health of your operations

Manage workload and operations events

Evolve your operations

Security

Securely operate your workload

Manage identities for people and machines

Manage permissions for people and machines

Detect and investigate security events

Protect your network resources

Protect your compute resources

Classify your data

Protect your data at rest

Protect your data in transit

Anticipate, respond to, and recover from incidents

Incorporate and validate the security properties of applications throughout the design, development, and deployment lifecycle

Reliability

Manage service quotas and constraints

Plan your network topology

Design your workload service architecture

Design interactions in a distributed system to prevent failures

Design interactions in a distributed system to mitigate or withstand failures

Monitor workload resources

Design your workload to adapt to changes in demand

Implement change

Back up data

Fault isolation to protect your workload

Design your workload to withstand component failures

Test reliability

Plan for disaster recovery (DR)

Cost Optimization

Implement cloud financial management

Govern usage

Monitor your cost and usage

Decommission resources

Evaluate cost when you select services

Meet cost targets when you select resource type, size and number

Use pricing models to reduce cost

Plan for data transfer charges

Manage demand, and supply resources

Evaluate new services

Evaluate the cost of effort

Performance

Select the appropriate cloud resources and architecture patterns for your workload

Select and use compute resources in your workload

Store, manage, and access data in your workload

Select and configure networking resources in your workload

Support more performance efficiency for your workload

Sustainability

Select Regions for your workload

Align cloud resources to your demand

Take advantage of software and architecture patterns to support your sustainability goals

Take advantage of data management policies and patterns to support your sustainability goals

Select and use cloud hardware and services in your architecture to support your sustainability goals

Implement organizational processes support your sustainability goals