AWS Global Infrastructure Explained: The Backbone of the Internet
Md. Arafat Islam
Posted on November 29, 2024
So, first of all,
What is the AWS Global Infrastructure?
The AWS Global Infrastructure is globally distributed hardware and data centers that are physically networked together to act as one large resource for the end customer.
The AWS Global Infrastructure is made up of the following resources:
- 34 Launched Regions
- 108 Availability Zones
- 135 Direct Connection Locations
- 600+ Points of Presence
- 41 Local ZOne
- 29 Wavelength Zones
Regions
Regions are geographically distinct locations consisting of one or more availability zones.
Every region is physically isolated from and independent of every other region in terms of location, power, water supply.
The most important region we should give attention to which is:
- US-East-1
- Northern Virginia
- AWS First Region (2006)
This is what a region will look like represented in an architectural diagram:
Okay, now Let's find the facts and understand why the US-East-1 region is so important...
Each region generally has three Availablity Zones
- Some new users are limited to two eg. US-West New Services almost always become available first in US-East Not all AWS Services are available in all regions All your billing information appears in US-East-1 (North Virginia) The cost of AWS services varies per region
When you choose a region there are four factors you need to consider:
- What Regulatory Compliance does this region meet?
- What is the cost of AWS services in this region?
- What AWS services are available in this region?
- What is the distance or latency to my end-users?
Regions vs Global Services
Regional Services
AWS scopes its AWS Management Console in a selected region.
This will determine where an AWS service will be launched and what will be seen within an AWS Service's console.
You generally don't explicitly set the Region for a service at the time of creation.
Global Services
Some AWS Services operate across multiple regions and the region will be fixed to "Global". E.g. Amazon S3, CloudFront, Route53, IAM
For these global services at the time of creation:
- There is no concept of region. eg. IAM User
- A single region must be explicitly chosen. eg. S3 Bucket
- A group of regions are chosen. eg. CloudFront Distribution
Availability Zones
An availability Zone (AZ) is a physical location made up of one or more data centers.
A data center is a secured building that contains hundreds of thousands of computers.
A region will generally contain 3 Availability Zones
Datacenters within a region will be isolated from each other (different buildings). But they will be close enough to provide low latency (< 10ms).
It's common practice to run workloads in at least 3 AZS to ensure services remain available in case one or two data centers fail. (High Availability)
AZs are represented by a Region Code, followed by a letter identifier eg. us-east-1a
A subnet is associated with an Availablity Zone.
You never choose the AZ when launching resources. You choose the Subnet which is associated with the AZ.
Here is an example of an architectural diagram, representing two AZs, the Subnet associated with those AZs, and EC2 instances (Virtual Machines) launched in those subnets
The US_EAST-1 region has 6 AZs (the most Availability Zones of any region)
Some important bullet points to be noted:
- A region has multiple Availability Zones
- An Availability Zone is made up of one or more data centers
- All AZS in an AWS Region are interconnected with high-
bandwidth, low-latency networking, over fully redundant,
dedicated metro fiber providing high-throughput, low-latency
networking between
- All traffic between AZS is encrypted
- AZs are within 100 km (60 miles) of each other.
Fault Tolerance
first, we have to know,
** What is a fault domain?
A fault domain is a section of a network that is vulnerable to damage if a critical device or system fails. The purpose of a fault domain is that if a failure occurs it will not cascade outside that domain, limiting the damage possible.
A collection of fault domains is called a fault level.
The scope of a fault domain could be:
- specific servers in a rack
- an entire rack in a data center
- an entire room in a data center
- the entire data center building
It's up to the Cloud Service Provider (CSP) to define the
boundaries of a domain
Each Amazon Region is designed to be completely isolated from the other Amazon Regions.
- This achieves the greatest possible fault tolerance and stability Each Availability Zone is isolated, but the Availability Zones in a Region are connected through low-latency links Each Availability Zone is designed as an independent failure zone - A "Failure Zone" is AWS describing a Fault Domain.
Failure Zone
- Availability Zones are physically separated within a typical
metropolitan region and are located in lower-risk flood
plains
- discrete uninterruptible power supply (UPS) and onsite backup
generation facilities
- data centers located in different Availability Zones are
designed to be supplied by independent substations to reduce
the risk of an event on the power grid impacting more than
one Availability Zone.
- Availability Zones are all redundantly connected to multiple
tier-1 transit providers
Multi-AZ for High Availability
If an application is partitioned across AZs, companies are better isolated and protected from issues such as power outages, lightning strikes, tornadoes, earthquakes, and more.
AWS Global Network
The AWS Global Network represents the interconnections between AWS Global Infrastructure.
Commonly referred to as the "The Backbone of AWS".
Think of it as a private expressway, where things can move very fast between data centers.
-
Edge Locations can act as on and off-ramps to the AWS
Global Network
- AWS Global Accelerator / AWS S3 Transfer Acceleration uses Edge Locations as an on-ramp to quickly reach AWS resources in other regions by traversing the fast AWS Global Network
- Amazon CloudFront (CDN) uses Edge Locations as an off- ramp, to provide at Edge Storage and compute near the end user.
- VPC Endpoints: Ensuring your resources stay within the AWS Network and traverse over the public internet.
Points of Presence (PoP)
This is an intermediate location between an AWS Region and the end user, and this location could be a data center or a collection of hardware.
- For AWS a Point of Presence is a data center owned by AWS or a trusted partner that is utilized by AWS Services related for content delivery or expediated upload.
PoP resources are:
- Edge Locations
- Regional Edge Caches
Edge Locations are data centers that hold cached (copy) on the most popular files (eg. web pages, images, and videos) so that the delivery of distance to the end users is reduced.
Regional Edge Locations are data centers that hold much larger caches of less-popular files to reduce a full round trip and also to reduce the cost of transfer fees.
AWS Availability Zones are all redundantly connected to multiple tier-1 transit providers
AWS Services using PoPs
The following AWS Services use PoPs for content delivery or expediated upload -
Amazon CloudFront is a Content Delivery Network (CDN) Service that -
- You point your website to CloudFront so that it will route requests to the nearest Edge Location cache
- Allows you to choose an origin (such as a web server or storage) that will be the source of cached
- Caches the contents of what origin would returned to various Edge Locations around the world
Amazon S3 Transfer Acceleration allows you to generate a special URL that can be used by end users to upload files to a nearby Edge Location. Once a file is uploaded to an Edge Location, it can move much faster within the AWS Network to reach $3.
AWS Global Accelerator can find the optimal path from the end user to your web servers. Global Accelerator are deployed within Edge Locations so you send user traffic to an Edge Location instead of directly to your web application.
AWS Direct Connect
This is a private/dedicated connection between your data center, office, co-location, and AWS.
Direct Connect has two very-fast network connection options:
- Lower Bandwidth 50MBps-500MBps
- Higher Bandwidth 1GBps-10GBps
- Helps reduce network costs and increase bandwidth throughput. (great for high-traffic networks)
- Provides a more consistent network experience than a typical internet-based connection. (reliable and secure)
Direct Connect Locations
These are trusted partnered data centers where you can establish a** dedicated high-speed, low-latency connection from on-premise to AWS.**
AWS Local Zones
Local Zones are data centers located very close to densely populated areas to provide single-digit millisecond low latency performance (eg. 7ms) for that area.
-
Los Angeles, California was the first Local Zone to be
deployed
- It is a logical extension of the US-West Region
- The Identifier looks like the following: us-west-2-lax-1a
Only specific AWS Services have been made available
- EC2 Instance Types (T3, C5, R5, R5d, 13en, G4)
- EBS (io1 and gp2)
- Amazon FSx
- Application Load Balancer
- Amazon VPC
The purpose of the Local zone is to support highly demanding applications sensitive to latencies:
- Media & Entertainment
- Electronic Design Automation
- Ad-Tech
- Machine Learning
AWS Wavelength Zones
These zones allow for edge-computing on 5G Networks.
So, applications will have ultra-low latency being as close as possible to the users.
Here you create a subnet tied to a wavelength zone and then you can launch Virtual Machines (VMs) to the edge of the targeted 5G Networks.
Data Residency
This is the physical or geographic location of an organization's data, information, or cloud resources.
What are Compliance Boundaries?
A regulatory compliance (legal requirement) by a government or organization that describes where data and cloud resources are allowed to reside.
What is Data Sovereignty?
Data Sovereignty is the jurisdictional control or legal authority that can be asserted over data because its physical location is within jurisdictional boundaries.
For workloads that need to meet compliance boundaries strictly defining the data residency of data and cloud resources in AWS, you can use:
- AWS Outposts is a physical rack of servers that you can put in your data center. Your data will reside whenever the Outpost Physically resides.
AWS Config is a Policy as Code service.
You can create rules to continuously check AWS resource
configuration. If they deviate from your expectations you are
alerted or AWS Config can in some cases auto-remediate.IAM Policies can be written explicitly to deny access to
specific AWS Regions. A Service Control Policy (SCP) is
permissions applied organization-wide.
AWS for Government
First of all, we need to know, what is the public sector.
The public sector includes public goods and governmental services. Such as:
- military - public education
- law enforcement - healthcare
- infrastructure - the government itself
- public transit
AWS can be utilized by the public sector or organizations developing cloud workloads for the public sector.
AWS achieves this by meeting regulatory compliance programs along with specific governance and security controls
AWS has special regions for US regulation called GovCloud
GovCloud
To understand what GovCloud is first, we need to understand what FedRAMP is.
Federal Risk and Authorization Management Program (FedRAMP)
a US government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services.
Now, what is GovCloud?
A Cloud Service Provider (CSP) generally will offer an isolated region to run FedRAMP workloads.
AWS GovCloud Regions allow customers to host sensitive Controlled Unclassified Information and other types of regulated workloads.
- GovCloud Regions are only operated by employees who are U.S. citizens, on U.S. soil.
- They are only accessible to U.S. entities and root account holders who pass a screening process
Customers can architect secure cloud solutions that comply with:
- FedRAMP High baseline
- DOJ's Criminal Justice Information Systems (CJIS) Security Policy
- U.S. International Traffic in Arms Regulations (ITAR)
- Export Administration Regulations (EAR)
- Department of Defense (DoD) Cloud Computing Security Requirements Guide
AWS in China
AWS China is the AWS cloud offering in Mainland China.
AWS China is completely isolated intentionally from AWS Global to meet regulatory compliance for Mainland China.
- AWS China is on its own domain at: amazonaws.cn
- In order to operate in an AWS China Region you need to have a Chinese Business License (ICP license)
- Not all services are available in China eg. Route53
- Running in Mainland China (instead of Singapore) means you would not need to traverse the Great Firewall.
Sustainability
AWS Cloud's Sustainability goals are composed of three parts:
-
Renewable Energy
AWS is working towards having its AWS Global Infrastructure
powered by 100% renewable energy by 2025.
AWS purchases and retires environmental attributes to cover
the non-renewable energy for AWS Global Infrastructure:
- Renewable Energy Credits (RECs)
- Guarantees of Origin (GOs)
- Cloud Efficiency AWS's infrastructure is 3.6 times more energy efficient than the median of U.S. enterprise data centers surveyed.
- Water Stewardship Direct evaporative technology to cool our data center Use of non-potable water for cooling purposes (recycled water) On-site water treatment allows us to remove scale-forming minerals and reuse water for more cycles Water efficiency metrics to determine and monitor optimal water use for each AWS Region
AWS Ground Station
AWS Ground Station is a fully managed service that lets you control satellite communications, process data, and scale your operations without having to worry about building or managing your own ground station infrastructure.
Use cases for Ground Station:
- weather forecasting
- surface imaging
- communications
- video broadcasts
To use Ground Station:
- You schedule a Contact (select satellite, start and end time, and the ground location
- use the AWS Ground Station EC2 AMI to launch EC2 instances that will uplink and downlink data during the contact or receive downlinked data in an Amazon S3 bucket.
Use Case:
A company reaches an agreement with a Satellite Imagery Provider to take satellite photos of a specific region. They use AWS Ground Station to communicate with that company's Satellite and download the S3 image data.
AWS Outposts
AWS Outposts is a fully managed service that offers the same AWS infrastructure, AWS services, APIs, and tools to virtually any data center, co-location space, or on-premises facility for a truly consistent hybrid experience.
AWS Outposts is the rack of servers running AWS Infrastructure on your physical location
AWS Outposts comes in 3 form factors: 42U, 1U and 2U
AWS delivers it to your preferred physical site fully assembled and ready to be rolled into final position. It is installed by AWS and the rack needs to be simply plugged into power and network.
These are servers that you can place into your existing racks:
- 1U - 2U
- suitable for 19-inch wide - suitable for 19-inch wide
- 24-inch deep cabinets - 36-inch deep cabinets
- AWS Gravion2 (up to 64 vCPUs) - Intel processor
(up to 64 vCPUs)
- 128 GiB memory - 256 GiB memory
- 4TB of local NVMe storage - 8TB of local NVMe storage
Posted on November 29, 2024
Join Our Newsletter. No Spam, Only the good stuff.
Sign up to receive the latest update from our blog.