Yesterday night, Amazon created quite a bit of flutter by announcing Amazon Virtual Private Cloud targeting the enterprise customers. For those people who believe in the idea that enterprises should shed all their existing IT infrastructure and jump right into the public clouds, this announcement is a big surprise. However, Werner Vogels, the colorful CTO of Amazon, offered some insights on their strategy.

Having said that, one should not dismiss this announcement as a mere market response. There is a clear wow factor here. This has a potential to uproot some of the players in the "cloud labs" category and, also, threaten some vendors in the Amazon ecosystem itself. Plus, it offers Amazon a direct line to enterprise customers without any intermediary.

Let us check out what Amazon offers as a part of Virtual Private Cloud (See Jeff Barr's post for more info)

• Create a virtual private cloud (VPC) on Amazon's infrastructure and assign a private IP address
• VPC's private IP can be further subdivided into subnets for managing the applications and services
• Seamlessly integrate your VPC with your existing IT infrastructure through an encrypted VPN connection
• Add/Remove AWS resources as per your needs
• Route traffic between your VPC and the Internet over the VPN connection so that it can be examined by your existing security and networking assets before heading to the public Internet (this is definitely something which will play well with the enterprises)
• Extend your existing security and management policies within your IT infrastructure to your VPC as if they were running within your infrastructure (well, there is definitely a level of spin out here and I will explain it later in the post)
  

The moment I saw the tweet about this announcement, it struck me that this is a direct threat to VPNCubed from CohesiveFT (See Cloud Ave's review of VPNCubed and our coverage about their support for EC2). I got in touch with folks at CohesiveFT to ask about their reaction. They highlighted a very important difference between their product and Amazon's. It is all about control. With VPNCubed, the control of network overlay lies in the hands of the customers whereas in the case of Amazon's offering, the control is with them and the need for a trust factor doesn't go away completely. VPNCubed supports multiple clouds (Sun Cloud, vCloud, Private Eucalyptus Cloud, etc.) and it can also work with a hardware based firewall whereas Amazon's cannot. CohesiveFT will be releasing a document soon with a detailed comparison. I will update this post as soon as they are ready with it.

Let us take the Redmonk approach and resort to the Q&A style to finish off this post.

1) Can you cut all the soundbites and tell me what it is and what are the advantages?

First, it is not a private cloud in the sense of being isolated from the resources of other customers. The EC2 instances in VPC are still part of the multi-tenant AWS public cloud. Now, they go a step deeper and do the separation at the virtual networking level. Without much information from them, it is just a matter of pure speculation when it comes to talking about the security of the Amazon VPC. If you hear any big talk about the security of this offering, take it with a pinch of salt. However, it is definitely more secure than the regular EC2 instances and the security available through their security groups.

Second, it can be seamlessly integrated with the existing IT infrastructure using encrypted VPN and, hence, it is possible to implement some of the existing IT policies on the VPC network.

Thirdly, the traffic from the internet is driven through the company's network. This offers some level of flexibility to the enterprise IT to monitor and dissect the traffic. However, we have to keep in mind that the instances and the virtual private cloud still lies in the hands of third party providers. So, before you let your imagination run wild about the security advantages, it is important to take these things into account.

To put it short, Virtual Private Cloud is the regular AWS public cloud with an isolation at a deeper level and with an additional encryption layer on top of it.

2) Why is there a "wow factor" then?

Well, with this move, Amazon is giving the enterprises an option to implement the cloud features without the high cost associated with the on-premise implementation. They offer them a sense of confidence to try out their cloud with the same economic benefits usually associated with the public clouds. This also eliminates the need to go through a third party provider to integrate Amazon cloud with the existing IT infrastructure. Overall, this has a potential to lure more enterprise customers to try out the cloud based computing, especially, the public clouds.

3) Does this offering help customers satisfy the regulatory compliance requirements while using the Amazon's cloud?

The short answer is no. If you want a long answer or more details, you have to entice the security gurus like Christofer Hoff or someone else to write a blog post on this.

4) Are there any other consequences to this offering?

I am keen to see its impact on some of the "cloud lab" companies like Skytap and others. I know that Skytap has a wider range of OS support than Amazon but many of these companies were luring the enterprises by highlighting the complete lack of control on AWS cloud. With this release, Amazon has taken the necessary steps to plug that hole. It will be interesting to see how it will play out for them. I will be talking to Skytap folks tomorrow and I will definitely ask them about it.