AWS' most significant step yet to embrace hybrid cloud will come as a welcome move to many enterprise users, but it will potentially prompt some concerns for others -- particularly around lock-in.
AWS Outposts are compute and storage racks that consist of AWS hardware and software, designed to go into customer data centers for on-premises deployments. AWS will not only deliver racks of hardware loaded with its software services, but also install and maintain them for customers, AWS CEO Andy Jassy said in his opening keynote for re:Invent 2018. AWS Outposts will be available starting next year, but details on pricing and configuration options are somewhat sparse for now.
Outposts arrive after the likes of Microsoft's Azure Stack and Oracle Cloud at Customer, similar offerings that forklift their respective vendor's cloud software stack onto specialized hardware that lives on premises. Those options compete with traditional players in data center gear, such as Dell EMC and Hewlett Packard Enterprise. But, like Microsoft and Oracle, AWS can now claim to offer better integration between its public cloud and Outposts than any third-party vendor.
"Deep down, all CIOs know that identical cloud and on-premises stacks, managed by a vendor, are key to what they want: workload portability," said Holger Mueller, vice president and principal analyst with Constellation Research in Cupertino, Calif.
Customers also need on-premises installations due to concerns around data sovereignty and latency.
Despite the potential benefits of products such as Outposts, more cautious customers might worry about the lock-in risks that come with the use of a single vendor. Enterprises with heterogeneous data center environments will look to see how much of an investment AWS makes to ensure Outposts play well with others.
AWS has made overtures to hybrid cloud before, particularly through its deal with VMware to port the popular virtualization platform to AWS. To that end, VMware Cloud on AWS will be supported on Outposts, with customers able to use the same controls to run their VMware workloads. It's a natural move, given the reality of AWS customers' investment in VMware, as well as the value the partnership has brought to AWS.
Outposts will be available in single server, as well as quarter-, half- and full-rack forms. AWS will handle all the patching and software updates in concert with its public cloud. The systems will be available with a broad selection of storage, memory and compute options, and they can be easily upgraded, AWS said.
AWS Outposts represent AWS' determination to not just command public cloud, but also extend its overall IT reach.
"No one thought AWS would do bare metal, until they did in conjunction with VMware," said Dave Bartoletti, an analyst at Forrester Research. "No one thought AWS would run in the data center, either, until they built the underlying technology to make it happen without sacrificing the fully managed experience they provide in the public cloud."
Enterprises shouldn't necessarily view Outposts as a private cloud, but rather determine the types of workloads that could benefit if Amazon services run closer to an enterprise app or database, Bartoletti said. "AWS is not selling you a software stack; they are selling a fully managed cloud service," he said.
AWS storage, security and databases
Holger Muellervice president and principal analyst at Constellation Research
Other notable news from Jassy's keynote concerned Glacier Deep Archive, a storage service set to arrive next year. Deep Archive is aimed at customers who like the low cost and massive scale of tape-based storage, yet want to move to a more modern and manageable option.
It builds on AWS' previous archival storage option, Glacier, and will have 99.9999999% availability, Jassy said. Moreover, it will be one-fourth the cost of Glacier at $1 per terabyte, per month. What wasn't clear is how quickly customers will be able to retrieve data with Deep Archive, but it will likely be slower than plain-vanilla Glacier.
Another new service targeted chief information security officers: AWS Security Hub, which provides a single GUI for customers to manage security and compliance software across their entire AWS environment. It will integrate with a raft of third-party security products that run on AWS, such as Trend Micro and McAfee.
Rumblings prior to re:Invent suggested that AWS would unveil new database options, and these bore fruit with Amazon Timestream, a time series database targeted at IoT workloads. The managed service can analyze trillions of events per day at a fraction of the price of relational databases, and it uses a serverless architecture for cost savings and efficiency, AWS said.
AWS also rolled out Quantum Ledger Database, a managed service that provides an immutable, cryptographically verifiable data store for companies that want to build applications that use blockchain-like functionality without having to use a blockchain framework.
Alternatives, such as Hyperledger or Ethereum, use peer-to-peer networks of nodes to create a decentralized architecture that ensures no single point of failure and require a majority consensus across nodes in the network before a transaction is committed. The Quantum Ledger Database service uses a centralized model, but AWS said the tradeoff is better performance than traditional blockchain frameworks.
An overarching theme at this year's conference is that AWS continues to be customer-driven, not competitor-driven, Forrester's Bartoletti said. This is evidenced by new compute instances, particularly for high-performance computing workloads, and storage options such as automated tiering meant to break down barriers that prevent enterprises from shifting more applications and storage types to public cloud.
Another emphasis is on managed services, he added.
"They are trying to offer fully managed version of multiple stacks that each meet a set of customers where they are," he said. "Some want to build and run platforms; others don't."