On the last AWS Community Day – Bay Area, Dr. Steffen Gebert, Director of Tech & Infrastructure at emnify, dives into what serverless networking means for us as communication platform developers and how we implement fully serverless cloud-native communication. Watch the presentation below or read on for some key takeaways.
AWS Transit Gateway – A Serverless Cloud Router
When interconnecting different networks on AWS, Virtual Private Cloud (VPC) Peering is often the first thing that comes to mind. VPC peering creates a one-to-one communication line between two VPCs where the peering relationship is not transitive.
In complex networking architectures with many VPCs, the number of peering connections to configure and manage is overwhelming. Plus, when communication to an on-premises system is required, you will need to deploy and manage separate VPN gateways for every onsite connection.
AWS Transit Gateway (TGW) addresses this scalability issue by streamlining the networking of multiple VPCs and on-premises systems via a central hub. It functions like a serverless router where you have attachments - similar to “virtual cables” that can be plugged into the router, as well as a routing table for each attachment. Attachments to the following instances are supported:
- VPC via Elastic Network Interface
- IPsec-based VPN
- AWS Direct Connect service
- Transit Gateways in other cloud regions
With Transit Gateway, there is no need for peering connections between multiple VPCs, and only one VPN connection is required for connecting multiple VPCs to an on-site location. Connected instances can all inter-communicate with each other, or you can isolate different VPCs that are connected to the same Transit Gateway.
Benefits of Serverless Networking with AWS Transit Gateway
The TWG offers multiple advantages you can expect from a serverless solution including:
- Easy implementation via API
- Horizontal scalability allowing for thousands of VPC/VPN connections thanks to its implementation on AWS HyperPlane
- Managed infrastructure to bypass ongoing operations and maintenance.
When paired with emnify’s IoT communication cloud, its benefit further extends to cellular communication security.
In IoT, private networking between devices and the application is critical to give support teams remote access to devices at a customer site for troubleshooting and lifecycle management. It also adds another layer of security for data transport, besides device encryption, while helping to avoid carrier-grade Network Address Translation (NAT).
TGW delivers a fast and straightforward way to establish a secure private network for IoT cloud communication.
Private Networking in IoT Cloud Communication
Setting up a VPN service in traditional telco environments often entails expensive upfront and recurring costs. You need to provision private APNs, static IP, and RADIUS servers to configure IPsec connection over the public Internet, which can take weeks, if not months. Plus, many IoT devices don’t even require access to the Internet but are restricted to user-owned networks reachable through VPN for security purposes.
With the emnify communication platform running on AWS, private networking between a VPC and IoT devices can be set up in a much more streamlined fashion using the TGW. By sharing the TGW with your AWS account, you can quickly create an intra-cloud connection/ attachment between your VPC and the emnify platform to route IoT data traffic into AWS resources and get access to remote devices. Communication to your VPC is entirely isolated from other users as each attachment has a separate routing table.
For customers deploying other cloud services or on-premises systems, custom IPsec setup can be replaced with managed AWS Site-to-Site VPN to establish a private communication layer between the application, emnify platform, and IoT devices.
Overall, cloud-native communication with TGW offers great benefits in terms of:
- End-to-end data security as communication between the mobile network and IoT application is now secured. With intra-cloud connect, traffic is not exposed to the public Internet but stays within the AWS environment
- Automated integration enabling fast, self-service provisioning via API in a matter of minutes instead of weeks – no private APNs or RADIUS needed
- High availability thanks to cloud deployment
- Fully serverless and managed data path to offload the complexity of data routing and security while having errors quickly resolved
Summary
Amid growing serverless network functions available in AWS, new use cases are now possible in a serverless way through the Transit Gateway. At emnify, we leverage serverless networking and orchestration to enable cloud-native communication features with short delivery time, high reliability, and horizontal scalability for IoT businesses.
If you are interested in learning more about the emnify Cloud Connect solution, feel free to drop us a message below or sign up to our platform and get access to all available functionalities for 30 days at zero costs.
Nhu Ho
Nhu has over six years of experience working with networking technologies and IoT connectivity solutions. She’s an avid tech learner with a customer-focused mindset.
