Many organizations are required to keep data and services on premises for compliance and regulatory reasons. If those organizations want to use AWS' public cloud but would prefer to keep their workloads in-house, AWS Outposts is one way to do so.
An organization uses Outposts to extend its VPC networking and Amazon cloud services to a private data center, edge location or colocation facility. This consistent infrastructure reduces the overall complexity required to maintain and run a hybrid cloud. But setting up an Outpost isn't as simple as creating a new account. There are a few hoops to jump through before it's operational.
In this article, we'll break down some of the key elements you need to know before you get started. We'll look at how AWS Outposts works, when to use the service and how it's priced. We'll also review the installation process and show you how to deploy your first Outpost instances.
What is AWS Outposts and how does it work?
An Outpost is an on-premises device managed by AWS. It connects cloud-based services, APIs and managed infrastructure services to a client's private physical and virtual infrastructure.
Developers build and deploy applications using local computing power and on-board storage, with the same interface used in Amazon's public cloud regions. This can support a hybrid cloud strategy for applications that require low latency or need to meet local data processing or residency requirements.
Developers deploy resources locally via a reduced set of Amazon cloud services, such as Amazon Relational Database Service (RDS), Elastic Container Service (ECS) and Elastic Block Store (EBS). They can also create subnets to connect to an Amazon VPC hosted on Amazon's public cloud.
There's object storage through a variant of Amazon S3, though it doesn't have the redundancy levels of the standard version. Still, it uses the same S3 APIs, and you can distribute up to 96 TB of data across devices and servers on an Outpost. An administrator can create up to 100 buckets per Outpost, and data can be moved to and from a tethered AWS Region using AWS DataSync.
Organizations can also integrate approved third-party providers as part of the AWS Service Ready Program. Dozens of companies are listed, including consulting partners and technology vendors like Citrix, Datadog and Trend Micro.
An Outpost relies on consistent and indefinite network connectivity between the device and the nearest Availability Zone, which is part of a larger AWS Region. To achieve constant connectivity and retain a link to local workloads on premises, you are required to connect the Outpost to an existing on-premises network.
This network should be able to provide wide area network (WAN) access back to the AWS Region. It should also be able to contribute LAN/WAN access on a local network, where the workloads and applications on your on-premises network reside.
Potential use cases and limitations
The very existence of AWS Outposts shows the public cloud is not the end-all-be-all for IT infrastructure. AWS Outpost infrastructure is a good fit for organizations that want to upgrade their on-premises servers or connect their current system with a scalable storage plan. Here are a few scenarios where you could deploy it.
- Run data-intensive workloads to process data locally and cut back on expensive and wasteful data transmissions to and from the cloud.
- Support all applications deployed over a local data processing or low-latency network. This includes apps that send real-time responses to and from an end-user application, or those that communicate with on-premises systems to control on-site equipment.
- Close the gap between the factory floor equipment and executed functions through edge computing. Run manufacturing execution systems and supervisory control and acquisition systems on the AWS-managed device.
- Utilize machine learning and analytics services so health management systems can make use of low-latency processing with local data storage.
- Orchestrate, scale, manage and update the lifecycle of Virtual Network Functions across environments.
- Deploy GPUs for graphic processing, video rendering and audio segmenting.
- Run a managed software-defined data center through the VMware Cloud variant, which is scheduled to be available in 2020.
- Use S3 locally to support web applications, data analytics, hosting images and videos. There is no hierarchical relationship between the files within the object storage, therefore data objects can be distributed across several machines, making the S3 service accessible from anywhere. However, if any of that data is stored on the cloud, it could be an issue for many enterprises.
Organizations that already have a great on-premises setup are better off integrating their servers with AWS Direct Connect or Amazon VPC, which can help extend functionality and expand your current system in the format of your preference. An Outpost could be used for this, but it would require a relatively excessive amount of capacity management.
Also, Outposts isn't designed for disconnected operations or in locations with no internet connection. In those cases, you're better off using portable device services like Snowball Edge.
Useful Outposts resources
With Outposts, you can use the same APIs and connect to all the tools and services available on AWS' public cloud, but not every service is directly available on the device. However, these are some valuable native resources that can work well with your Outpost device.
- Use Amazon ECS for low-latency workloads that need to be close to on-premises applications and data.
- Use Amazon Elastic Kubernetes Service worker nodes for low-latency workloads that must run near on-premises data stores.
- Create Amazon EMR clusters to execute low-latency workloads with on-premises data and deploy applications on a constantly connected network.
- Use Amazon RDS to create a managed database with on-premises data centers. It enables you to use the same AWS Management console, CLI and RDS API in order to manage the RDS databases fully in the cloud. You can then use the nearest AWS Region for disaster recovery, archival storage or cloud bursting.
- Use an App Mesh Envoy proxy or container to run various low-latency workloads, in order to manage the on-premises data centers and applications over a low-latency networking connection.
Here are some terms you need to know before you order an Outpost.
Outpost Site. A client-managed location space where AWS will deploy and install the device.
Outpost Configuration. Each configuration has unique weight, cooling and power needs, established on a case-by-case basis. The configuration also consists of a mix of networking support, EC2 compute capacity, and EBS or S3 storage capacity.
Outpost Equipment. On-premises hardware such as switches, servers, racks and cabling that establishes access to AWS Outposts services.
Outpost Capacity. Storage and compute capacity resources available to your Outpost, accessed and managed from the Outposts console.
Local Gateway. A direct interweaved virtual routing that employs unfettered communication between your on-premises network and the device.
Service Link. The networking route used to communicate between the AWS Region and your device.
AWS Outposts cost considerations
Of course, none of the potential benefits of this service matter if the price doesn't make fiscal sense for your business. Outposts are purchased for three-year terms, and payments can be made upfront or spread out over the course of the deal. Upfront payments can be full or partial, and they lower the total price, compared to putting $0 down to get started.
Outposts aren't cheap. EC2 configurations cost anywhere from a little over $100,000 to well over $1 million, depending on the region and payment plan. This cost includes delivery, installation, maintenance and upgrades. Storage is charged per month, per gigabyte.
How to order an Outpost device
Before you order an Outpost, make sure your site meets the detailed physical requirements, all of which are specified on the AWS website. You'll also need an AWS Enterprise Support plan. Once you've checked those boxes, follow these steps to order, install and launch your Outpost.
- Access the Outposts console at https://console.aws.amazon.com/outposts/. Then, select the Create Outpost option.
- Enter a name and description for the installment.
- Select the next option of Create Site. Fill out the form and submit. Then, select the site and choose an Availability Zone.
- Finally, click Create Outpost.
Order Outpost capacity
- Return to the Outposts console and find the Outposts catalog option in the navigation panel.
- Select the right capacity config for your needs, which will include a mix of EBS volumes, S3 capacity, EC2 instances and network speeds. If the capacity configs don't meet your vision, request a custom configuration with an option in the navigation panel. For instance, you can select from a general-purpose instance type, as well as instance types optimized for graphics, compute, memory and I/O.
- Now, select Place Order. Choose the Outpost previously created and click Place Order again on the next page.
At this point, the order has been submitted and you can check the status through the Outposts console. It should say "order received." An AWS rep will contact you within three days, and you will also receive an email, stating that the order has been changed to "order processing."
To complete the order, AWS will schedule a time for you to speak with a representative. Before this call, AWS will give you a checklist of important points for you to verify for installation. Once everything checks out, the team will arrive at the appointed time.
They will position the rack in place. Your electrician can then connect the power to the rack, and the AWS team will establish the networking to the uplink you provide.
After this, AWS will configure the rack capacity. When you confirm that the storage and virtual machine instances are available through your account, the installation is complete.
Launch your first Outpost
Now that your Outpost is installed, launch your first EC2 instance using an Outpost subnet.
Create the subnet
When you create an Outpost subnet and link it with a VPC in the associated AWS Region, the VPC will cover the Outpost itself as well.
- Open your AWS Management Console.
- Find the Outposts option in the navigation panel and select the installed Outpost.
- Choose Actions, and then click Create Subnet.
- Select your VPC and determine an IP range for the subnet that you can allocate.
- Select Create.
The subnet has been created, and we can begin to configure the route.
You are required to link an existing VPC with your local gateway routing table. This connects your local network to the public cloud.
When you create the route, you are given the option to select certain local gateways, internet gateways, IP addresses and peering connections that can be designated as destinations.
- Click the Locate gateway route tables in the navigation panel.
- Select a routing table and click Actions and Associate VPC.
- Choose the dedicated VPC and click Associate VPC.
The routing is now set up.
Launching the instance
Within the Outpost subnet, the security group for controlling inbound and outbound traffic works exactly as it would for an instance within an Availability Zone subnet.
In order to connect the EC2 instance within the subnet, link a key pair the same way you would within an Availability Zone subnet.
To launch the instance, execute the run-instances command in the AWS CLI. At this point, you can dedicate an Elastic IP address from a client-owned IP pool and perform these commands.
- describe-coip-pools -- to receive information about a client-owned IP pool.
- allocate-address -- to dedicate the Elastic IP address, in combination with the customer-owned-ipv4-pool option for the PoolID, which was returned in the previous command.
- associate-address -- to link the Elastic IP with the Outpost instance.