“…NetFoundry has made our life easier during our migration projects. NetFoundry delivers a new level of network agility embracing cloud migration and modern application practices. We highly recommend them to our customers.”

– B. Reddy, Head of Cloud Consultancy and Engineering Services, Cloud Comrade

“NetFoundry’s efficiency in Cloud Endure migration is impressive. Their agile approach helped us build cloud-native application-specific connectivity back to AWS for a Japanese copier multinational, saving costs spent on connectivity. They also enabled a time-effective data transfer from the data center to AWS cloud.”

– Varoon Rajani, Chief Executive Officer, Blazeclan

The Great 21st Century Data Migration

As we migrate our applications to AWS, the two most common questions we hear from customers and partners like Cloud Comrade and Blazeclan are:

  1. “How do I get my applications out of private computing, and into AWS as fast as possible, while mitigating risk of doing so?”.
  2. “How do I ensure that my new cloud-based applications do not lack the performance they once had within the private computing, and can be securely accessed by app users?”.

In this blog, I will showcase how two powerhouse solutions can be joined together to answer those two questions. NetFoundry tackles the roles of securely segmenting application access, and enhancing performance for the complete lifecycle of the application.  The NetFoundry solution is paired with AWS CloudEndure, which provides the keys for secure disaster recovery, continuous backup, and live migration.

Results include maximized throughput performance and security, for a server, application and data migration to an AWS Virtual Private Cloud (VPC) utilizing AWS CloudEndure.  At the conclusion, you will know how a programmable, on-demand NetFoundry Network optimizes performance and security of an AWS CloudEndure migration process and beyond into production usage.

Overview

NetFoundry Components

  • NetFoundry Service (Console)Web-based orchestrator of the enhanced private network. The administrator has options as to how the network is segmented for access, as well as the ability to programmatically perform all actions through API interaction and automate intelligence for calls to action.  Customers use the Console (or the APIs it is built on) to control their private NetFoundry networks.
  • NetFoundry Client [/Gateway]Software on an endpoint Operating System (OS) that securely routes data through customer’s private SDNs, on top of the NetFoundry Fabric. In this case, it is co-installed with the AWS CloudEndure Client Agent.
  • NetFoundry Cloud GatewaySoftware image available in the AWS marketplace as an Amazon Machine Image (AMI) that routes the data towards an application service in AWS. This software is located where the AWS CloudEndure Replication Server will be created.
  • NetFoundry AppWAN – Logical groupings of services (Application IP Hosts or IP Subnets) accessible in the Local Area Network (LAN) of one or more geographically differentiated NetFoundry Cloud Gateways. NetFoundry AppWANs are similar in function to Network Access Control Lists (ACLs) which occur in firewalls except that they are created in the NetFoundry Cloud and enforced at NetFoundry Clients and Gateways.
  • NetFoundry Global Fabric – On-demand, Internet-overlay network which securely connects endpoints and services.  Key features include:
    • 99.99% service availability and NaaS simplicity.  NetFoundry manages the Fabric infrastructure as NaaS, similar to how AWS manages compute infrastructure as IaaS, while customers control the Fabric via web console and API.
    • Dynamic performance optimization. NetFoundry endpoints dynamically route, based on the real-time conditions of each path across the Fabric, to minimize latency and maximize throughput.  The Fabric is built on multiple tiers one providers, giving the endpoints a set of resilient and robust paths.
    • Acceleration. The NetFoundry Fabric uses “pluggable transports” so that protocols such as UDP and QUIC variants can be used for long haul data transport, rather than protocols like TCP which are less optimized for long haul transport. When connectionless protocols are used, any missing packets can be recreated at the edges of the Fabric, reducing retransmission delay.
    • Zero Trust, least privileged access security. The NetFoundry Fabric and Platform enable a Zero Trust model – a model that is more secure than VPNs, eliminating the complexity, costs and performance impairments caused by VPNs.
    • Cloud-native, vendor-independent orchestration. This enables instant scaling, single pane of glass control and network-independent telemetry data.

AWS CloudEndure Components

  • AWS CloudEndure Service (Console)Web-based orchestrator of the migration process. The administrator has options as to how migration is to be performed including mass instruction through API interaction, a “blueprint” for how the replication occurs, and the ability to migrate “Direct/Internet” or “VPN/Private”.
  • AWS CloudEndure Client AgentSoftware on an endpoint Operating System (OS) that byte-copies local disks and securely migrates the data to AWS for replication.
  • AWS CloudEndure Replication Server – Software instance created on-demand by the service in the target AWS location that stores the migrated data from the AWS CloudEndure Client Agent.

Assumptions

  • The reader has a basic understanding of IP networking, AWS VPCs, and NetFoundry AppWANs.
  • An existing AWS CloudEndure membership has been obtained and the Service Console is accessible.
  • An existing NetFoundry membership has been obtained and the Service Console is accessible.
  • An existing AWS membership has been obtained and a VPC in an appropriate region is accessible.

The server to be migrated has AWS CloudEndure and NetFoundry Gateway software installed locally.

Architecture and Flow

NetFoundry Architecture

AWS Migration NetFoundry AppWAN

(A) The NetFoundry Gateway software endpoints are installed and registered to the customer’s private NetFoundryNetwork.
(B) An AppWAN is provisioned to permit access over the NetFoundry Fabric to the IP Host or Subnet within the AWS VPC.
(C) The endpoints make real-time decisions on how to send and receive data using multiple paths over the NetFoundry Fabric (Internet).

AWS CloudEndure Architecture Including NetFoundry

AWS Migration NetFoundry AppWAN

(1) Data replication is at-rest encrypted/prepared by the AWS CloudEndure software.
(2) Data is sent to the private IP of the target Staging Area Replication Server. The destination will be recognized by the NetFoundry Gateway software and sent to the Replication Server over the NetFoundry Fabric.
(3) Data exits the NetFoundry Fabric and is sent to the LAN reachable Replication Server for storage.

Setup

For the purpose of visualization, the setup process was conducted via the AWS CloudEndure Console and NetFoundry Console.  Automation through RESTful APIs are available in both systems for almost all steps, which reduces the already diminutive preparation time significantly.  Additionally, a NetFoundry Network may exist prior to an AWS CloudEndure migration, or other available services, and be utilized for the purpose of migration when the need arises.

NetFoundry Configuration

AWS Migration NetFoundry AppWAN

AWS Migration NetFoundry AppWAN

AWS CloudEndure Configuration

AWS Migration NetFoundry AppWAN

Finalizing Configuration

  • An installation program for NetFoundry Client software and AWS CloudEndure software is downloaded to the source machine and installed. Both installations are done at the command line of the OS and can be automated to simplify or perform in mass.
  • A “registration code” (NetFoundry) and an “Agent Installation Token” (AWS CloudEndure) received in the configuration processes above are entered at the command line of the source machine. This identifies the source machine to the respective Consoles.
  • Interoperation with AWS occurs with AWS CloudEndure for the destination Replication Server, and Cloud Formation is used to automate the installation of the destination NetFoundry Gateway.

Configuration is complete and the migration is ready to be initiated.  The NetFoundry AppWAN may persist after this process, if desired, for continual replication or other activities which require the source machine to communicate to the destination AWS VPC.  Once migration is complete, a customer can install NetFoundry Client software on other endpoints which may be given direct, secure, and highly performant access to the AWS VPC by way of the AppWAN.

Performance Baselines

Experiment One – Migration, Private Datacenter to Private AWS VPC (South Korea)

  • Method: Direct Internet vs. NetFoundry over Internet
  • Replication Size: 8GB Solid State Disk
  • Induced Factors: 0.05% Loss at Replication Server Side (5/10000 Packets Dropped)
  • Native Factors: Intercontinental Latency (~175ms Round Trip), Intercontinental Loss (Unmeasured)

Outcome:

  • Replication Total Time, Direct Internet: 23 minutes
  • Replication Total Time, NetFoundry over Internet: 10 minutes
  • NetFoundry Improvement: 56.5% Time Decrease*

 

Experiment Two – Migration, Private AWS VPC (Oregon) to Private AWS VPC (N. Virginia)

  • Method: Direct Internet vs. NetFoundry over Internet
  • Replication Size: 8GB Solid State Disk
  • Induced Factors: None
  • Native Factors: Continental Latency (~50ms Round Trip), Continental Loss (Unmeasured)

Outcome:

  • Replication Total Time, Direct Internet: 12 minutes, 56 seconds
  • Replication Total Time, NetFoundry over Internet: 9 minutes, 54 seconds
  • NetFoundry Improvement: 23.5% Time Decrease*

 

Experiment Three – Migration, Private AWS VPC (Oregon) to Private AWS VPC (N. Virginia)

  • Method: P2P VPN over Internet vs. NetFoundry over Internet
  • Replication Size: 8GB Solid State Disk
  • Induced Factors: None
  • Native Factors: Continental Latency (~50ms Round Trip), Continental Loss (Unmeasured)

Outcome:

  • Replication Total Time, P2P VPN over Internet: 26 minutes 30 seconds
  • Replication Total Time, NetFoundry over Internet: 13 minutes 20 seconds
  • NetFoundry Improvement: 49.7% Time Decrease*

 

Experiment Four – Migration, Private AWS VPC (Oregon) to Private AWS VPC (N. Virginia)

  • Method: P2P VPN over Internet vs. NetFoundry over Internet
  • Replication Size: 8GB Solid State Disk and 100GB Solid State Disk
  • Induced Factors: None
  • Native Factors: Continental Latency (~50ms Round Trip), Continental Loss (Unmeasured)

Outcome:

  • Replication Total Time, Direct Internet: 6 hours 20 minutes
  • Replication Total Time, NetFoundry over Internet: 1 hour 19 minutes
  • NetFoundry Improvement: 63.4% Time Decrease*

* For the preceding outcomes, “Percent Time Decrease” is measured with the formula: [(original_value – new_value)/original_value * 100]

Analysis of Results and Conclusions

Experiment Review

Each experiment conducted was an effort to show differing conditions and technologies in work.

  • Experiment one emphasized heightened performance for long-distance migrations with an added destructive (lossy) presence.
  • Experiment two emphasized heightened performance for USA centric (AWS to AWS) migrations.
  • Experiment three emphasized heightened performance for USA centric (AWS to AWS) migrations when compared with an overlay VPN technology.
  • Experiment four emphasized heightened performance for large scale USA centric (AWS to AWS) migrations when compared with an overlay VPN technology.

AWS Migration NetFoundry AppWAN

In Summary

The focus of our analysis was driven by a desire to reduce “time to ready” for a migration.  An increase of throughput delivered by the underlying network and transport directly correlates to a reduction of “time to ready”.  At a high level, the conclusion we draw from the presence of NetFoundry while performing an AWS CloudEndure migration is a substantial reduction of “time to ready” in the range of 23% to 63%.  AWS CloudEndure natively utilizes many techniques to enhance its own application’s throughput, and the enhancement to the transport network that NetFoundry complements results in an exponential boost to the throughput.

As described by our customers at the top of the post, success!

AWS Migration NetFoundry AppWAN

About the Author and NetFoundry

My name is Nic Fragale, and I am a Senior Solutions Architect at NetFoundry.  Converse to solutions utilizing private circuitry and existing Virtual Private Networking (VPN) technologies, NetFoundry makes it easy to instantly spin up and manage highly secure, performant, edge-to-cloud networks to AWS over the Internet with web-based orchestration tools and Application Programming Interfaces (APIs)Zero Trust Networking and enhanced performance are innate to every NetFoundry Network through application specific segmentation across a global cloud fabric through a methodology called AppWANs.

Contacts

Are you as excited as we are?  Ready to take the next step?  Here are some ways to get in contact with us.

NetFoundry

Website: https://netfoundry.io

Inquiries: info@netfoundry.io

Headquarters: Charlotte, North Carolina, USA

CloudEndure

Website: https://cloudendure.com

Website: https://aws.amazon.com

Inquiries: cloudendure-info@amazon.com