Amazon’s (s AMZN) new Elastic Network Interfaces should enable companies to deploy workloads in Amazon’s Virtual Private Cloud in a more flexible manner. As such, the technology helps move Amazon Web Services — built to provide inexpensive and fairly vanilla web-scale computing infrastructure — up the stack to enterprise-class computing, experts said this week.
With Amazon VPCs, business customers can define and provision their own private section of the Amazon Web Services (AWS) cloud for their compute loads, selecting their own IP addresses, subnets, etc. Elastic Network Interfaces (ENIs) result from Amazon’s separating IP addresses and some of their associated attributes from the underlying EC2 storage instances, according to an Amazon Web Services blog post.
In short, that makes VPCs more conducive to running legacy applications, which in turn means companies can start using Amazon’s VPCs to bridge the gap between their internal IT services and services running on Amazon’s cloud infrastructure.
According to the blog post:
Similar to an EBS volume, ENIs have a lifetime that is independent of any particular EC2 instance. They are also truly elastic. You can create them ahead of time, and then associate one or two of them with an instance at launch time. You can also attach an ENI to an instance while it is running (we sometimes call this a “hot attach”). Unless the Delete on Termination flag is set, the ENI will remain alive and well after the instance is terminated. We’ll create a ENI for you at launch time if you don’t specify one, and we’ll set the Delete on Terminate flag so you won’t have to manage it. Net-net: You don’t have to worry about this new level of flexibility until you actually need it.
EBS refers to Elastic Block Store, which provides block level storage volumes for use with Amazon EC2 instances.
The ENI capability has two distinct use cases, explained cloud design expert Randy Bias, the CTO of Cloudscaling. First, ENI better enables Amazon to support legacy or existing enterprise applications. Second, it provides greater flexibility and more options for those who are building next-generation web-scale applications and who require better tools for automating their elastic workloads, Bias said via email.
“Existing enterprise apps that have complex networking requirements or perhaps security concerns where application servers need to be dual-homed can now be moved to AWS without being re-architected,” he said. ENI also allows the deployment of specific security software such as firewalls or intrusion detection systems that a legacy app must have for corporate or other reasons.
Shlomo Swidler, the CEO and founder of Orchestratus, a cloud computing consultant, agreed that ENIs will enable companies to put more workloads on AWS or at least consider doing so. “Lots of people who have designed apps that require multiple network interfaces will say, ‘This is cool. The things that I used to not be able to do, maybe I can revisit.’
“Security products can now use these ENIs to capture packets and do routing independent of the actual IP addresses to the apps themselves. That will allow you to deploy a service for a third party to use: You can give them a service, but you don’t have to actually give them access to the bits that run that service. They don’t even launch the image your software is contained in,” he said.
According to the blog, each ENI will live within a particular subnet of the VPC, with attributes including private IP address, elastic IP address, MAC address, and security group or groups.
With moves like this one, Amazon continues to add enterprise-class capabilities to AWS, and it could assuage doubts some companies still have about deploying their important workloads on AWS infrastructure.