AWS Global Infrastructure Explained: The Backbone of the Internet

arafat_islam

Md. Arafat Islam

Posted on November 29, 2024

AWS Global Infrastructure Explained: The Backbone of the Internet

So, first of all,

What is the AWS Global Infrastructure?

The AWS Global Infrastructure is globally distributed hardware and data centers that are physically networked together to act as one large resource for the end customer.

The AWS Global Infrastructure is made up of the following resources:

- 34 Launched Regions
- 108 Availability Zones
- 135 Direct Connection Locations
- 600+ Points of Presence
- 41 Local ZOne
- 29 Wavelength Zones
Enter fullscreen mode Exit fullscreen mode

Regions

Regions are geographically distinct locations consisting of one or more availability zones.
AWS Global Infrastructure Map

Every region is physically isolated from and independent of every other region in terms of location, power, water supply.

The most important region we should give attention to which is:

- US-East-1
- Northern Virginia
- AWS First Region (2006)
Enter fullscreen mode Exit fullscreen mode

This is what a region will look like represented in an architectural diagram:

Image description

Okay, now Let's find the facts and understand why the US-East-1 region is so important...

Each region generally has three Availablity Zones

  • Some new users are limited to two eg. US-West New Services almost always become available first in US-East Not all AWS Services are available in all regions All your billing information appears in US-East-1 (North Virginia) The cost of AWS services varies per region

Image description

When you choose a region there are four factors you need to consider:

  1. What Regulatory Compliance does this region meet?
  2. What is the cost of AWS services in this region?
  3. What AWS services are available in this region?
  4. What is the distance or latency to my end-users?

Regions vs Global Services

Regional Services
AWS scopes its AWS Management Console in a selected region.
This will determine where an AWS service will be launched and what will be seen within an AWS Service's console.
You generally don't explicitly set the Region for a service at the time of creation.

Image description

Global Services
Some AWS Services operate across multiple regions and the region will be fixed to "Global". E.g. Amazon S3, CloudFront, Route53, IAM

Image description

For these global services at the time of creation:

  • There is no concept of region. eg. IAM User
  • A single region must be explicitly chosen. eg. S3 Bucket
  • A group of regions are chosen. eg. CloudFront Distribution

Availability Zones

An availability Zone (AZ) is a physical location made up of one or more data centers.

A data center is a secured building that contains hundreds of thousands of computers.

A region will generally contain 3 Availability Zones
Datacenters within a region will be isolated from each other (different buildings). But they will be close enough to provide low latency (< 10ms).

It's common practice to run workloads in at least 3 AZS to ensure services remain available in case one or two data centers fail. (High Availability)

AZs are represented by a Region Code, followed by a letter identifier eg. us-east-1a

A subnet is associated with an Availablity Zone.

You never choose the AZ when launching resources. You choose the Subnet which is associated with the AZ.

Image description

Here is an example of an architectural diagram, representing two AZs, the Subnet associated with those AZs, and EC2 instances (Virtual Machines) launched in those subnets

Image description

The US_EAST-1 region has 6 AZs (the most Availability Zones of any region)

Some important bullet points to be noted:
- A region has multiple Availability Zones
- An Availability Zone is made up of one or more data centers
- All AZS in an AWS Region are interconnected with high-
bandwidth, low-latency networking, over fully redundant,
dedicated metro fiber providing high-throughput, low-latency
networking between
- All traffic between AZS is encrypted
- AZs are within 100 km (60 miles) of each other.

Fault Tolerance

first, we have to know,
** What is a fault domain?
A fault domain is a section of a network that is vulnerable to damage if a critical device or system fails. The purpose of a fault domain is that if a failure occurs it will not cascade outside that domain, limiting the damage possible.

A collection of fault domains is called a fault level.

The scope of a fault domain could be:

  • specific servers in a rack
  • an entire rack in a data center
  • an entire room in a data center
  • the entire data center building

It's up to the Cloud Service Provider (CSP) to define the
boundaries of a domain

Each Amazon Region is designed to be completely isolated from the other Amazon Regions.

  • This achieves the greatest possible fault tolerance and stability Each Availability Zone is isolated, but the Availability Zones in a Region are connected through low-latency links Each Availability Zone is designed as an independent failure zone - A "Failure Zone" is AWS describing a Fault Domain.

Failure Zone

 - Availability Zones are physically separated within a typical 
   metropolitan region and are located in lower-risk flood 
   plains
 - discrete uninterruptible power supply (UPS) and onsite backup 
   generation facilities
 - data centers located in different Availability Zones are 
   designed to be supplied by independent substations to reduce 
   the risk of an event on the power grid impacting more than 
   one Availability Zone.
 - Availability Zones are all redundantly connected to multiple 
   tier-1 transit providers
Enter fullscreen mode Exit fullscreen mode

Multi-AZ for High Availability
If an application is partitioned across AZs, companies are better isolated and protected from issues such as power outages, lightning strikes, tornadoes, earthquakes, and more.

AWS Global Network

The AWS Global Network represents the interconnections between AWS Global Infrastructure.
Commonly referred to as the "The Backbone of AWS".

Think of it as a private expressway, where things can move very fast between data centers.

Image description

  • Edge Locations can act as on and off-ramps to the AWS Global Network
    • AWS Global Accelerator / AWS S3 Transfer Acceleration uses Edge Locations as an on-ramp to quickly reach AWS resources in other regions by traversing the fast AWS Global Network
    • Amazon CloudFront (CDN) uses Edge Locations as an off- ramp, to provide at Edge Storage and compute near the end user.
  • VPC Endpoints: Ensuring your resources stay within the AWS Network and traverse over the public internet.

Points of Presence (PoP)

This is an intermediate location between an AWS Region and the end user, and this location could be a data center or a collection of hardware.

  • For AWS a Point of Presence is a data center owned by AWS or a trusted partner that is utilized by AWS Services related for content delivery or expediated upload.

PoP resources are:

- Edge Locations
- Regional Edge Caches
Enter fullscreen mode Exit fullscreen mode

Edge Locations are data centers that hold cached (copy) on the most popular files (eg. web pages, images, and videos) so that the delivery of distance to the end users is reduced.

Regional Edge Locations are data centers that hold much larger caches of less-popular files to reduce a full round trip and also to reduce the cost of transfer fees.

Image description

Image description
AWS Availability Zones are all redundantly connected to multiple tier-1 transit providers

AWS Services using PoPs

The following AWS Services use PoPs for content delivery or expediated upload -

Amazon CloudFront is a Content Delivery Network (CDN) Service that -

  • You point your website to CloudFront so that it will route requests to the nearest Edge Location cache
  • Allows you to choose an origin (such as a web server or storage) that will be the source of cached
  • Caches the contents of what origin would returned to various Edge Locations around the world

Amazon S3 Transfer Acceleration allows you to generate a special URL that can be used by end users to upload files to a nearby Edge Location. Once a file is uploaded to an Edge Location, it can move much faster within the AWS Network to reach $3.

AWS Global Accelerator can find the optimal path from the end user to your web servers. Global Accelerator are deployed within Edge Locations so you send user traffic to an Edge Location instead of directly to your web application.

AWS Direct Connect

This is a private/dedicated connection between your data center, office, co-location, and AWS.

Direct Connect has two very-fast network connection options:

  1. Lower Bandwidth 50MBps-500MBps
  2. Higher Bandwidth 1GBps-10GBps

Image description

  • Helps reduce network costs and increase bandwidth throughput. (great for high-traffic networks)
  • Provides a more consistent network experience than a typical internet-based connection. (reliable and secure)

Direct Connect Locations
These are trusted partnered data centers where you can establish a** dedicated high-speed, low-latency connection from on-premise to AWS.**

AWS Local Zones

Local Zones are data centers located very close to densely populated areas to provide single-digit millisecond low latency performance (eg. 7ms) for that area.

  • Los Angeles, California was the first Local Zone to be deployed
    • It is a logical extension of the US-West Region
    • The Identifier looks like the following: us-west-2-lax-1a

Image description

Only specific AWS Services have been made available

 - EC2 Instance Types (T3, C5, R5, R5d, 13en, G4)
 - EBS (io1 and gp2)
 - Amazon FSx
 - Application Load Balancer
 - Amazon VPC
Enter fullscreen mode Exit fullscreen mode

The purpose of the Local zone is to support highly demanding applications sensitive to latencies:
- Media & Entertainment
- Electronic Design Automation
- Ad-Tech
- Machine Learning

AWS Wavelength Zones

These zones allow for edge-computing on 5G Networks.
So, applications will have ultra-low latency being as close as possible to the users.

Here you create a subnet tied to a wavelength zone and then you can launch Virtual Machines (VMs) to the edge of the targeted 5G Networks.

Image description

Data Residency

This is the physical or geographic location of an organization's data, information, or cloud resources.

What are Compliance Boundaries?
A regulatory compliance (legal requirement) by a government or organization that describes where data and cloud resources are allowed to reside.

What is Data Sovereignty?
Data Sovereignty is the jurisdictional control or legal authority that can be asserted over data because its physical location is within jurisdictional boundaries.

For workloads that need to meet compliance boundaries strictly defining the data residency of data and cloud resources in AWS, you can use:

  • AWS Outposts is a physical rack of servers that you can put in your data center. Your data will reside whenever the Outpost Physically resides. AWS Outposts
  • AWS Config is a Policy as Code service.
    You can create rules to continuously check AWS resource
    configuration. If they deviate from your expectations you are
    alerted or AWS Config can in some cases auto-remediate.

  • IAM Policies can be written explicitly to deny access to
    specific AWS Regions. A Service Control Policy (SCP) is
    permissions applied organization-wide.

AWS for Government

First of all, we need to know, what is the public sector.
The public sector includes public goods and governmental services. Such as:

- military           - public education
- law enforcement    - healthcare
- infrastructure     - the government itself
- public transit
Enter fullscreen mode Exit fullscreen mode

AWS can be utilized by the public sector or organizations developing cloud workloads for the public sector.

AWS achieves this by meeting regulatory compliance programs along with specific governance and security controls

Image description
AWS has special regions for US regulation called GovCloud

GovCloud

To understand what GovCloud is first, we need to understand what FedRAMP is.

Federal Risk and Authorization Management Program (FedRAMP)
a US government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services.

Image description

Now, what is GovCloud?
A Cloud Service Provider (CSP) generally will offer an isolated region to run FedRAMP workloads.

AWS GovCloud Regions allow customers to host sensitive Controlled Unclassified Information and other types of regulated workloads.

  • GovCloud Regions are only operated by employees who are U.S. citizens, on U.S. soil.
  • They are only accessible to U.S. entities and root account holders who pass a screening process

Image description

Customers can architect secure cloud solutions that comply with:

  • FedRAMP High baseline
  • DOJ's Criminal Justice Information Systems (CJIS) Security Policy
  • U.S. International Traffic in Arms Regulations (ITAR)
  • Export Administration Regulations (EAR)
  • Department of Defense (DoD) Cloud Computing Security Requirements Guide

AWS in China

AWS China is the AWS cloud offering in Mainland China.
AWS China is completely isolated intentionally from AWS Global to meet regulatory compliance for Mainland China.

- AWS China is on its own domain at: amazonaws.cn
Enter fullscreen mode Exit fullscreen mode

Image description

  • In order to operate in an AWS China Region you need to have a Chinese Business License (ICP license)
  • Not all services are available in China eg. Route53
  • Running in Mainland China (instead of Singapore) means you would not need to traverse the Great Firewall.

Sustainability

AWS Cloud's Sustainability goals are composed of three parts:

  1. Renewable Energy AWS is working towards having its AWS Global Infrastructure powered by 100% renewable energy by 2025. AWS purchases and retires environmental attributes to cover the non-renewable energy for AWS Global Infrastructure:
    • Renewable Energy Credits (RECs)
    • Guarantees of Origin (GOs) Image description
  2. Cloud Efficiency AWS's infrastructure is 3.6 times more energy efficient than the median of U.S. enterprise data centers surveyed.
  3. Water Stewardship Direct evaporative technology to cool our data center Use of non-potable water for cooling purposes (recycled water) On-site water treatment allows us to remove scale-forming minerals and reuse water for more cycles Water efficiency metrics to determine and monitor optimal water use for each AWS Region

AWS Ground Station

AWS Ground Station is a fully managed service that lets you control satellite communications, process data, and scale your operations without having to worry about building or managing your own ground station infrastructure.

Image description

Use cases for Ground Station:

- weather forecasting
- surface imaging
- communications
- video broadcasts
Enter fullscreen mode Exit fullscreen mode

To use Ground Station:

  • You schedule a Contact (select satellite, start and end time, and the ground location
  • use the AWS Ground Station EC2 AMI to launch EC2 instances that will uplink and downlink data during the contact or receive downlinked data in an Amazon S3 bucket.

Use Case:
A company reaches an agreement with a Satellite Imagery Provider to take satellite photos of a specific region. They use AWS Ground Station to communicate with that company's Satellite and download the S3 image data.

AWS Outposts

AWS Outposts is a fully managed service that offers the same AWS infrastructure, AWS services, APIs, and tools to virtually any data center, co-location space, or on-premises facility for a truly consistent hybrid experience.

A quick note:
Image description

AWS Outposts is the rack of servers running AWS Infrastructure on your physical location

Image description

AWS Outposts comes in 3 form factors: 42U, 1U and 2U

Image description
AWS delivers it to your preferred physical site fully assembled and ready to be rolled into final position. It is installed by AWS and the rack needs to be simply plugged into power and network.

These are servers that you can place into your existing racks:

- 1U                              - 2U
- suitable for 19-inch wide       - suitable for 19-inch wide
- 24-inch deep cabinets           - 36-inch deep cabinets
- AWS Gravion2 (up to 64 vCPUs)   - Intel processor
                                    (up to 64 vCPUs)
- 128 GiB memory                  - 256 GiB memory
- 4TB of local NVMe storage       - 8TB of local NVMe storage
Enter fullscreen mode Exit fullscreen mode
💖 💪 🙅 🚩
arafat_islam
Md. Arafat Islam

Posted on November 29, 2024

Join Our Newsletter. No Spam, Only the good stuff.

Sign up to receive the latest update from our blog.

Related