Eclipse Digital - Fotolia
Many organizations are required to keep data and services on premises for compliance and regulatory reasons. If those organizations want to use AWS' public cloud but would prefer a consistent hybrid cloud environment, AWS Outposts is one way to do so.
An organization uses AWS Outposts devices to extend its VPC networking and Amazon cloud services to a private data center or colocation facility. This reduces the overall complexity required to maintain and run a hybrid cloud. But setting up an AWS Outpost isn't as simple as creating a new AWS account. There are a few hoops to jump through before an Outpost is operational.
In this article, we'll break down how AWS Outposts works, when to use the service, how to install the device and how to deploy your first Outpost instances.
What is AWS Outposts and how does it work?
AWS Outposts is an on-premises device managed by AWS. It connects cloud-based services, APIs and managed infrastructure services to a client's data center or on-premises location.
Developers build and deploy applications using local computing power and on-board storage, with the same interface used in Amazon's public cloud regions. This local access and storage is important to establish low latency and to meet local data processing requirements.
Developers can deploy resources locally via a reduced set of Amazon cloud services, such as Amazon Relational Database Service (RDS), Elastic Container Service (ECS) and Elastic Block Store (EBS). They can also create subnets to connect an Outpost to an Amazon VPC hosted on Amazon's public cloud.
Outposts rely on a consistent and indefinite network connection between the device and the nearest Availability Zone. To achieve constant connectivity and retain a link to local workloads on premises, you are required to connect the Outpost to an existing on-premises network.
This network should be able to provide wide area network (WAN) access back to the AWS Region. It should also be able to contribute LAN/WAN access on a local network, where the workloads and applications on your on-premises network reside.
Potential use cases and limitations
The very existence of AWS Outposts shows the public cloud is not the end-all-be-all for IT infrastructure. AWS Outposts would be a good fit for organizations that want to upgrade their on-premises servers or connect their current system with a scalable storage plan. Here are a few scenarios where you could deploy Outposts.
- Run data-intensive workloads to process data locally and cut back on expensive and wasteful data transmissions to and from the cloud.
- Support all applications deployed over a local data processing or low-latency network, including those required for sending real-time responses to and from an end-user application or required to communicate with on-premises systems to control on-site equipment.
- Close the gap between the factory floor equipment and executed functions by running manufacturing execution systems and supervisory control and acquisition systems on the AWS-managed device.
- Utilize AWS machine learning and analytics services so health management systems can make use of low-latency processing with local data storage.
- Orchestrate, scale, manage and update the lifecycle of Virtual Network Functions across environments.
- Deploy GPUs for graphic processing, video rendering and audio segmenting.
- A VMware variant of Outposts is scheduled to be available in 2020. This can be used to run a managed software-defined data center.
AWS plans to add support for Amazon S3 object storage on Outposts, which will be useful for hosting web applications, data analytics, hosting images and videos. There is no hierarchical relationship between the files within the object storage, therefore data objects can be distributed across several machines, making the S3 service accessible from anywhere. However, the data is stored on the cloud, which could be an issue for many enterprises.
Organizations that already have a great on-premises setup are better off integrating their servers with AWS Direct Connect or Amazon VPC, which can help extend functionality and expand current systems in the format of their preference. Outposts could be used for this, but it would require a relatively excessive amount of capacity management.
Also, an Outpost device isn't designed for disconnected operations or in locations with no internet connection. In those cases, you're better off using portable device services like Snowball Edge.
Useful Outposts resources
With Outposts, you can use the same AWS APIs, and connect to all the tools and services available on AWS' public cloud. However, not every service is available directly on an Outpost device. Here are some valuable native resources that can work well with your Outpost device.
- Use Amazon ECS for low-latency workloads that need to be close to on-premises applications and data.
- Use Amazon Elastic Kubernetes Service worker nodes for low-latency workloads that must run near on-premises data stores.
- Create Amazon EMR clusters to execute low-latency workloads with on-premises data and deploy applications on a constantly connected network.
- Use Amazon RDS to create a managed database with on-premises data centers. It enables you to use the same AWS Management console, CLI and RDS API in order to manage the RDS databases fully in the cloud.
- Use an App Mesh Envoy proxy or container to run various low-latency workloads, in order to manage the on-premises data centers and applications over a low-latency networking connection.
Here are some terms you need to know before you order an Outpost device.
Outpost Site. A client-managed physical environment where AWS will deploy and install an Outpost.
Outpost Configuration. Each Outpost config has unique weight, cooling and power needs, established on a case-by-case basis. The configuration also consists of a mix of networking support, Amazon EC2 compute capacity and EBS storage capacity.
Outpost Equipment. On-premises hardware such as switches, servers, racks and cabling that establishes access to AWS Outposts services.
Outpost Capacity. Storage and compute capacity resources available to your Outpost, accessed and managed from the Outposts console.
Local Gateway. A direct interweaved virtual routing that employs unfettered communication between your on-premises network and the Outpost device.
Service Link. The networking route used to communicate between the AWS Region and Outpost device.
How to order an Outpost device
Before you order an Outpost, make sure your site meets the detailed physical requirements needed to accommodate the device, all of which are specified on the AWS website. You'll also need an AWS Enterprise Support plan. Once you've checked those boxes, follow these steps to order, install and launch your Outpost.
- Access the Outposts console at https://console.aws.amazon.com/outposts/. Then, select the Create Outpost option.
- Enter a name and description for the Outpost installment.
- Select the next option of Create Site. Fill out the form and submit. Then, select the site and choose an Availability Zone.
- Finally, click Create Outpost.
Order Outpost capacity
- Return to the Outposts console and find the Outposts catalog option in the navigation panel.
- Select the right capacity config for your needs, which will include a mix of EBS volumes, EC2 instances and network speeds. If the capacity configs don't meet your vision, request a custom configuration with an option in the navigation panel.
- Now, select the Place Order option. Choose the Outpost previously created and click Place Order again on the next page.
At this point, the order has been submitted and you can access the status through the Outposts console. It should say "order received." An AWS rep will contact you within three days, and you will also receive an email, stating that the order has been changed to "order processing."
To complete the order, AWS will schedule a time for you to speak with one of its representatives. Before this call, AWS will give you a checklist of important points for you to verify for installation. Once everything checks out, the AWS team will arrive at the appointed time.
The AWS team will position the rack in place. Your electrician can then connect the power to the rack, and the AWS team will establish the networking to the uplink you provide.
After this, AWS will configure the rack capacity. When you confirm that the EBS capacity and EC2 instance are available through your account, the installation is complete.
Launch your first Outpost
Now that your Outpost is installed, launch your first EBS volumes and EC2 instances, using an Outpost subnet.
Create the subnet
When you create an Outpost subnet and link it with a VPC in the associated AWS Region, the VPC will cover the Outpost itself as well.
- Open your AWS Management Console.
- Find the Outposts option in the navigation panel and select the installed Outpost.
- Choose Actions, and then click Create Subnet.
- Select your VPC and determine an IP range for the subnet that you can allocate.
- Select Create.
The subnet has been created, and we can begin to configure the route.
You are required to link an existing VPC with your local gateway routing table, so there is an established link between the VPC and your local network.
When you create the route, you are given the option to select certain local gateways, internet gateways, IP addresses and peering connections that can be designated as destinations.
- Click the Locate gateway route tables in the navigation panel.
- Select a routing table and click Actions and Associate VPC.
- Choose the dedicated VPC and click Associate VPC.
The routing is now set up.
Launching the instance
Within the Outpost subnet, the security group for controlling inbound and outbound traffic works exactly as it would for an instance within an Availability Zone subnet.
In order to connect the EC2 instance within the subnet, link a key pair, the same way you would within an Availability Zone subnet.
To launch the instance, execute the run-instances command in the AWS CLI. At this point, you can dedicate an Elastic IP address from a client-owned IP pool and perform these commands.
- describe-coip-pools -- to receive information about a client-owned IP pool.
- allocate-address -- to dedicate the Elastic IP address, in combination with the customer-owned-ipv4-pool option for the PoolID, which was returned in the previous command.
- associate-address -- to link the Elastic IP with the Outpost instance.