AWS offers over 200 fully-featured services from its global spread of data centers. Notable customers include BMW, Netflix, and Coca-Cola, but AWS serves millions of customers around the world, from start-ups to government agencies, and has been since 2006. Azure was launched in 2010, offering more than 200 products and cloud services on its platform. Users can build, run, and manage applications across not only clouds but also on-premises, and at the edge. 95% of Fortune 500 companies trust their business with Azure. Notable customers include the NBA, American Cancer Society, and PepsiCo. Google Cloud includes a broad suite of services accessed over the internet that help organizations go digital. Google Cloud Platform (which provides public cloud infrastructure for web-based applications) is a part of the larger Google Cloud suite. Since it first came online in 2008, some notable customers include LinkedIn, NewsCorp, Facebook, Verizon, and Twitch.
While each CSP generally offers the same basic capabilities, like dedicated connections, storage, and compute, there are some variations that may make one CSP suit your needs over another, depending on your use case. Variations in offerings also mean multicloud could very well suit your enterprise: By opting for storage with AWS and computing with GCP, for example, you can avoid over-reliance on a single CSP. The below table represents some of the key features of the highlighted CSPs, including their varying service naming:
Each of the CSPs offer varying performance speeds across their dedicated connections:
AWS offers three native network routing services. Transit Gateway (TGW) is a cloud-based network gateway that allows customers to connect Virtual Private Clouds (VPCs) across different accounts in a hub-and-spoke topology, and is the third evolution in the feature set. The release was preceded by Direct Connect Gateway (DGW), which was announced in 2017, and prior to that, Virtual Private Gateway (VGW). TGW serves as the most inclusive release yet, with an expansion of features upon previous versions meaning more networking possibilities. However, all three routing services are offered by AWS, and each suits different use cases: For example, VGW might be a great solution for a company looking to lower costs while operating in a single region, therefore having no need for the multi-region support that DGW and TGW offer.
Azure’s VNet is the fundamental building block for customer networks. VNet lets you create your own private space or “network bubble” in Azure, and is crucial to your cloud network as it offers isolation, segmentation, and other key benefits. Its prime function is to send traffic between an Azure virtual network and your business’ on-premises location over the public internet (but you can also use a VPN gateway to send traffic between VNets).
Google’s Cloud Router enables you to dynamically exchange routes between your Virtual Private Cloud (VPC) and peer network by using Border Gateway Protocol (BGP). Users can peer on their on-premises network, multicloud network, or another VPC network. Cloud Router has the ability to learn new IP addresses in your VPC network, and share them with the peering network.
Virtual Machines (VMs), commonly referred to as “instances,” are used in servers for various purposes, and act as the “motor that practically runs every aspect of our modern life.”
AWS offers computing through its EC2. These are highly customizable: Users can expand storage, add additional network interfaces, add resiliency leveraging Availability Zones, and more. AWS allows you to only pay for the capability you use, and offers different types of instances including on-demand, spot, and reserve, which can all benefit different use cases. Azure
Azure’s compute solution is its Virtual Machines (VMs). This provides users with tools like Cloud Services and Resource Manager to help with cloud application deployment and Azure Autoscaling.
Compute Engine VMs deliver configurable virtual machines running in Google’s data centers. These are customizable to your needs and can be created quickly, and host a lot of storage space. Below are the various billing models on offer from each of the leading CSPs:
There are three key factors that are important to consider when evaluating the security of cloud vendors: physical security (protecting enterprise data centers), technical security (monitoring network traffic and fixing vulnerabilities), and data access (controlling who has access to which data, and encryption functionality). Depending on your enterprise size and needs, you may need tighter protection in some areas, while look to save costs in other areas on measures you don’t need.
AWS shares its security products and features in this whitepaper. AWS provides security-specific tools and features across network security, configuration management, access control, and data security. In addition, AWS provides monitoring and logging tools to provide visibility into what is happening in your cloud environment. AWS provides several security capabilities and services to increase privacy and control network access. These include:
- Network firewalls built into Amazon VPC, which let you create private networks and control and monitor access to your multiple instances or applications;
- Connectivity options that enable private, or dedicated, connections from your office or on-premises environment;
- DDoS (distributed denial-of-service) mitigation technologies that apply at layer 3 or 4 as well as layer 7 of your network, which can be applied as part of content delivery strategies; and
- Automatic encryption of all traffic on the AWS global and regional networks between AWS secured facilities.
Microsoft offers two key security solutions:
- Microsoft Sentinel — this is a “scalable, cloud-native, security information and event management (SIEM), security orchestration, automation, and response (SOAR)” solution. Sentinel provides users with enhanced visibility over the network through security analytics and threat intelligence, as well as proactive hunting and threat response.
- Microsoft Defender for Cloud — Defender helps your enterprise prevent, detect, and respond to threats with increased visibility and control over your Azure workspace. Through integrated security across your Azure cloud applications, it helps detect threats that might otherwise go unnoticed.
GCP’s infrastructure security whitepaper goes into detail describing the layers of security measures, starting with hardware and ending with operational security. Some of the components include:
- Custom hardware and software in data centers, as well as a strict hardware disposal policy;
- Global IP network that minimizes the number of hops across the public internet (which can be prone to cyberattacks); and
- Security monitoring that is focused on the movements and behavior of internal network traffic.
Deciphering the costs for cloud services can be a daunting task, especially when CSPs differ in their pricing models, also varying by solution. This section provides a high-level overview of the charges you can expect to be billed as an enterprise customer. As a note, you should always verify pricing using the various cloud provider website links provided and work with your cloud provider representative to fully understand the pricing for your particular solution.
Egress fees While you can migrate as much data into a CSP as you want for free, you’ll be charged per GB of data when you migrate it out – hence egress, meaning “leaving.” These costs may run up behind-the-scenes as applications continue to extract data, and are billed in arrears. Egress fees can vary depending on the volume of data you move, as well as where you move it to (transferring data among availability zones will come at a lower cost, but moving across continents, for example, could raise your cloud bill significantly). Plus, all of these fees are charged at a higher rate when routing traffic or data via a public connection, like the internet – we cover egress fees in more detail in our Egress E-Guide.
Egress rates per GB (in $USD) AWS
- 1GB-10TB — $0.09
- 10-50TB — $0.085
- 50-150TB — $0.07
- 150-500TB — $0.05
- 500+TB — Contact Amazon
- 5GB-10TB — $0.087
- 10-50TB — $0.083
- 50-150TB $0.07
- 150-500TB — $0.05
- 500+TB — Contact Microsoft
- 0-1TB — $0.12
- 1-10TB — $0.11
- 10+TB — $0.08
There are numerous benefits to using a CSP’s dedicated network connection to connect to its respective cloud rather than the public internet, similar to the benefits of using a private cloud over a public one. These include bolstered security, greater oversight and control, and more stable performance. Each CSP’s dedicated connection serves as a protected, private path for your workload to travel between your premises and the cloud. AWS
AWS Direct Connect is the “shortest path to your AWS resources.” With Direct Connect, your network traffic remains on AWS’ global network and therefore never touches the public internet, reducing the chances of bottlenecking or latency. Azure
Azure ExpressRoute acts similarly and allows you to create private connections between Azure data centers and your own data centers or on-premises infrastructure. Connecting via ExpressRoute can be useful for companies heavily relying on Microsoft cloud for services such as virtual compute, database service, or cloud storage, as is also the case with AWS cloud products. With Azure ExpressRoute, you can configure both Microsoft peering (to access public resources) and private peering over the single logical layer 2 connection. Each ExpressRoute comes with two configurable circuits that are included when you order your ExpressRoute. With the standard ExpressRoute, you can connect multiple VNets within the same geographical region to a single ExpressRoute circuit and can configure a premium SKU (global reach) to allow connectivity from any VNet in the world to the same ExpressRoute circuit. GCP
Over GCP’s Interconnect, you can only natively access private resources. If connectivity to GCP public resources (such as cloud storage) is required, you can configure private Google access for your on-premises resources. This does not include GCP’s SaaS offering, G Suite. In order to reach G Suite, you can always ride the public internet or configure peering using an IX. With the GCP Cloud Router having 1:1 mapping with a single VPC and region, the peerings (or rather VLAN attachments) are created on top of the Cloud Router. This functionality and model is similar to AWS Direct Connect and creating a virtual network interface (VIF) directly on a VGW.
Regions and availability
Each of the three leading hyperscalers also vary in their global and regional availability. This is especially important to consider for enterprises that operate across multiple regions, as well as when needing to support a distributed and remote workforce. And while each CSP defines regions and zones slightly differently, they can generally be defined by the following. While a region refers to separate geographic areas (such as countries), availability zones are multiple, unique, and isolated locations within these regions. These availability zones may be a single or grouped selection of data centers that serve adjacent enterprises, and are “engineered to be isolated from failures in other availability zones” to ensure redundancy. Zones provide the ability to place cloud functions, such as storage, closer to various end users. AWS was the earliest in the cloud domain market by several years, which means that they’ve had more time to establish and expand their network. So, AWS is hosting in many locations worldwide. Azure and GCP are also hosting in many, but the difference is in the number of their respective availability zones.
- AWS has 66 availability zones with 12 more on the way.
- Azure has 54 regions worldwide and is available in 140 countries.
- Google Cloud Platform has been made available in 20 regions around the world with 3 more on the way. They also have 173 network edge locations, available in over 200 countries.
Each CSP offers three tiers of storage functionality: 1. File, 2. Block, and 3. Object. While file storage organizes data into a hierarchy of files in folders, block storage groups data into arbitrarily organized, evenly sized volumes, and object storage manages data and links it to its associated metadata. There are a handful of commonalities among the three CSPs storage solutions. They all offer:
- Versioning – a means of keeping multiple variants of an stored object in the same “bucket”;
- Encryption – transforming data files from its original plain text format to an unreadable format before being stored in the cloud;
- Fine-tuned security – this includes the ability to make files either publicly accessible or completely private; and
- Storage class tiers – users can pay more or less depending on how performant and redundant the storage class is. There are also options to reduce costs for less frequently accessed data.
AWS — Amazon Simple Storage Service (S3)
- File storage — Amazon’s Elastic File System (EFS) is an NFS-based file system that operates on cloud and local storage. AWS provides this as either a Standard storage class or EFS IA (infrequent access).
- Block storage — Elastic Block Store works with Amazon Elastic Compute Cloud. “General purpose” SSD volumes offer a base performance of 3 IOPS (input/output operations per second)/GB. Provisioned IOPS SSD volumes support up to 64,000 IOPS and 1,000 Mbps throughput.
- Object storage — S3 is AWS’s object storage offering, with a claimed “11 nines” (99.999999999%) of data durability of objects over a given year availability.
Azure — Azure Blob Storage
- File storage — Azure Files uses SMB (Server Message Block) and allows concurrent file share mounting in the cloud or on-premises. The maximum storage capacity is 4 PB, with ingress 25 Gbps and egress 50 Gbps.
- Block storage — Azure Disk provides managed disks for Azure virtual machines, with five nines availability and a maximum disk size of 65,536 GB for Ultra disk, with 160,000 down to 32,76 GB for standard disk, with 2,000 IOPS.
- Object storage — Azure Blob offers petabyte-scale object storage with 16 nines availability.
GCP — Cloud Storage
- File storage — Cloud Filestore provides NAS for Google Compute Engine, with storage offered as either standard or premium. Standard ranges from 1 TB to 10+ TB with 1000 IOPS and 180 Mbps, while premium starts at 3.5+ TB with a read throughput of 1.2 Gbps and 60,000 IOPS.
- Block storage — Persistent Disk block storage runs up to 64 TB and offers standard persistent disks, persistent SSDs, and local SSDs and NVMe storage. Write IOPS range from 15,000 to 30,000 and read IOPS from 15,000 to 100,000.
- Object storage — Google Object or blob storage provides different locations based on performance and redundancy requirements. The main storage tiers are Standard, Nearline, Coldline and Archive. GCP’s Object Lifecycle Management tool automatically moves storage to a lower-cost tier, according to user-specified rules.