Amazon Web Services (s amzn) has been on a tear lately in terms of rolling out new features that go a long way toward patching the weak spots in its cloud armor while making it more accessible to lay developers, and it did so again today with the announcement of an actual virtual private cloud capability. Previously, AWS’s Virtual Private Cloud (VPC) features entailed a virtual private network connection that let users’ AWS-hosted applications communicate securely with on-premise servers, but that was about it. Now, AWS’s VPC capabilities have expanded drastically, a move that won’t eliminate all of its critics, but that will please a lot of customers — existing and potential — and further raise the bar for competitive cloud computing providers.
In essence, the new VPC features let users define their own network topologies to resemble what they might do in their own data centers, including the ability to assign IP address, create route tables and build a variety of subnets. The latter is particularly important because users can define how individual pools of VPC resources connect to other VPC resources, on-premise servers and/or the public Internet. Previously, VPC resources weren’t Internet-facing and could only be accessed the VPN connection to the customer’s data center. Route tables are policies that determine which traffic is sent to which set of VPC servers or subnets. For more on the specifics, you can read Jeff Barr’s in-depth explanation on the official Amazon Web Services blog, or check out cloud security pundit/skeptic Chris Hoff’s take on how the new VPC capabilities are a big deal, but still leave holes to fill.
From a market perspective, the new VPC capabilities mean other cloud providers will have push themselves even harder to attract enterprise customers or others that place a premium on security and advanced networking features. I wrote when AWS first introduced VPC in 2009 (sub req’d) that even if it wasn’t the greatest virtual private cloud feature on the planet, AWS’s considerable lead in mindshare meant VPC would allay some customers’ concerns enough to justify them choosing AWS when they otherwise might have chosen a provider with better security capabilities in place. Today is essentially a redux of that situation: OpSource, for example, arguably still gives users more advanced networking and VPN capabilities, but it has to in order to keep any small edge over AWS. However, the new stream of AWS VPC capabilities is certainly advanced enough to win over customers that really wanted to run their applications on AWS, but that were hesitant because of the previous VPC limitations.
When viewed together with Elastic Beanstalk, AWS’s new PaaS service, and CloudFormation, AWS’s new infrastructure configuration service, the new VPC features are part of a bigger picture that shows an AWS that’s far easier to use and far more flexible than it was just a year ago. And that’s a huge deal considering that the big ding against AWS used to be that although it was flexible if you could work with the API, it was too complex for some developers, and not nearly secure enough for sensitive applications. It’s the poster child for cloud computing and almost certainly the biggest public-cloud operation going in terms of revenue, and as long as it keeps rolling out respectable new capabilities (all of which, by the way, are manageable via the Amazon Management Console), even if they’re not necessarily best of breed, AWS should keep on leading the cloud computing discussion.
Image courtesy of Flickr user PhilWolff.