AWS Outposts Rack Features

You can seamlessly extend your existing Amazon VPC to your Outpost in your on-premises location. After installation, you can create a subnet in your regional VPC and associate it with an Outpost just as you associate subnets with an Availability Zone in an AWS Region. Instances in Outpost subnets communicate with other instances in the AWS Region using private IP addresses, all within the same VPC.

Each Outpost provides a new local gateway (LGW) that allows you to connect your Outpost resources with your on-premises networks. LGW enables low latency connectivity between the Outpost and any local data sources, end users, local machinery and equipment, or local databases.

You can provision an Application Load Balancer (ALB) to automatically distribute incoming HTTP(S) traffic across multiple targets on your Outposts rack, such as Amazon EC2 instances, containers, and IP addresses. ALB on Outposts is fully managed, operates in a single subnet, and scales automatically up to the capacity available on the Outposts rack to meet varying levels of application load without manual intervention.

With AWS Outposts Private Connectivity, you can establish a service link VPN connection from your Outpost to the AWS Region over AWS Direct Connect. Private Connectivity minimizes public internet exposure and removes the need for special firewall configurations.

Direct VPC routing for AWS Outposts allows on-premises environment to directly communicate with the Outpost using the private subnets configured in the VPC. In this mode, the LGW will automatically advertise all the VPC subnets to your on-premises network through BGP. Alternatively, you can use Customer-owned IP (CoIP) routing mode where the Outpost uses a separate IP address pool provided by you from your on-premises network. If you choose CoIP, the IP address pool is assigned to the local gateway and advertised back to your network through BGP. In this mode, the local gateway performs NAT for instances to the CoIP address when communicating to on-premises environment. 

You can add routes in your Outposts rack subnet route table to forward traffic between subnets within the same VPC spanning across multiple Outposts using LGW. This enables intra-VPC instance-to-instance communication across Outposts through your on-premises network, via direct VPC routing. With intra-VPC communication across multiple Outposts, you can build Multi-AZ like architectures for your on-premises applications running on Outposts racks that are anchored to two different Availability Zones (AZs).

Route 53 Resolver on Outposts allows you to resolve Domain Name Server (DNS) queries locally on an Outpost to enhance the availability and performance of on-premises applications. When you enable Route 53 Resolver on Outposts, Route 53 automatically stores DNS responses locally on the Outpost. Optionally, you can connect the Resolver on the Outpost with DNS servers in your on-premises data centers through Route 53 Resolver endpoints. Route 53 Resolver on Outposts provides continued DNS resolution for applications running on the Outpost during unexpected network disconnects to the parent AWS Region. It also enables low-latency DNS resolution by serving DNS responses locally. 

You can run a variety of AWS services locally to build and run your applications on premises.

Amazon ECS: Run highly scalable, high-performance container orchestration service that supports Docker containers and allows you to easily run and scale containerized applications on Outposts rack. With ECS on Outposts you can run containerized applications that require low latencies to on premises systems. Amazon ECS running on Outposts rack eliminates the need for you to install and operate your own container orchestration software, manage and scale a cluster of virtual machines, or schedule containers on those virtual machines in your on premises environments. With simple API calls, you can launch and stop Docker-enabled applications and query the complete state of your application with the same ease as you manage containers in the AWS Regions today.

Amazon EKS: Amazon EKS is a managed service that makes it easy for you to run Kubernetes on AWS without needing to install and operate your own Kubernetes control plane. You can use EKS on Outposts to run containerized applications that require particularly low latencies to on premises systems. With EKS on Outposts, you can manage containers on premises with the same ease as you manage your containers in AWS Regions.

Amazon RDS on Outposts: RDS on Outposts supports Microsoft SQL Server, MySQL, and PostgreSQL database engines, with support for additional database engines coming soon. Amazon Relational Database Service (RDS) makes it easy to set up, operate, and scale a relational database in the cloud. Amazon RDS provides cost-efficient and resizable capacity while automating time-consuming administration tasks including infrastructure provisioning, database setup, patching, and backups, freeing you to focus on your applications. Amazon RDS on Outposts brings these same benefits to your on-premises Outposts rack deployments. You can run fully managed databases on premises for low latency workloads that need to be run in close proximity to on-premises data and applications. You can manage RDS databases both in the AWS Regions and on premises using the same AWS Management Console, APIs, and CLI. It also enables low-cost, high-availability hybrid deployments, with disaster recovery back to the AWS Region, read replica bursting to Amazon RDS in the AWS Region, and long-term archival in Amazon Simple Storage Service (Amazon S3) in the AWS Region.

Amazon ElastiCache on Outposts: ElastiCache is a fully managed in-memory data store, compatible with Redis or Memcached, optimized for real-time applications with sub-millisecond latency. Amazon ElastiCache on Outposts allows you to seamlessly set up, run, and scale popular open-source compatible in-memory data stores on AWS Outposts rack capacities, as in the AWS Regions. You can build data-intensive apps or boost the performance of your existing databases by retrieving data from high throughput and low latency in-memory data stores. Amazon ElastiCache on Outposts enables real-time use cases like Caching, Session Stores, Gaming, Geospatial Services, Real-Time Analytics, and Queuing, when deployed for local-data processing and low-latency applications.

Amazon EMR: Amazon EMR clusters running on AWS Outposts rack in your data center, co-location space, or on-premises facility provide a truly consistent and seamless hybrid cloud analytics experience. You can deploy secure and managed EMR clusters in your data center in minutes. This gives business users the latest versions of Apache Spark, Apache Hive, and Presto to access critical on premises data sources and systems for big data analytics. When launching an EMR cluster into an Outpost, you can use the EMR console, SDK, or CLI to specify the subnet associated with your Outpost. Your EMR clusters run in the on-premises Outposts rack instance and appear in the EMR console like any other cluster.

As new versions of AWS services become available in the AWS Region, AWS services running locally on Outposts rack will be upgraded automatically to the latest version just as in the AWS Region today. Services such as Amazon RDS on Outposts patch both OS and database engines within scheduled maintenance windows with minimum downtime.

AWS Outposts rack is an extension of the AWS Region. You can seamlessly extend your Amazon Virtual Private Cloud on premises and connect to a broad range of services available in the AWS Region. You can access all regional AWS services in your private VPC environment — for example, through Interface Endpoints, Gateway Endpoints, or their regional public endpoints.

AWS Elastic Disaster Recovery (AWS DRS) minimizes downtime and data loss in the event of a site failure with fast, reliable recovery of on-premises and cloud-based applications using affordable storage, minimal compute, and point-in-time recovery. With AWS DRS, you can configure your Outposts racks as the source or the destination of your data replication and recovery.

You can access AWS tools running in the AWS Region such as AWS CloudFormation, Amazon CloudWatch, AWS CloudTrail, Elastic BeanStalk, Cloud 9, and others to run and manage applications on Outposts rack the same way as you do in the AWS Region today.

AWS Outposts rack builds on the AWS Nitro System technologies that enables AWS to provide enhanced security that continuously monitors, protects, and verifies your Outpost’s instance hardware and firmware. With AWS Nitro, virtualization resources are offloaded to dedicated hardware and software, minimizing the attack surface. Finally, Nitro System's security model is locked down and prohibits administrative access, eliminating the possibility of human error and tampering.

AWS Outposts rack has an updated shared responsibility model underlying security. AWS is responsible for protecting Outposts rack's infrastructure similar to how it secures infrastructure in the AWS Regions today. Customers are responsible for securing their applications running on Outposts rack as they do in the Region today. With Outposts rack, customers are also responsible for the physical security of their Outposts racks, and for ensuring consistent networking to the Outpost.

Data-at-rest: Data is encrypted at rest by default on EBS volumes, and S3 objects on Outposts rack.

Data-in-transit: Data is encrypted in transit between Outposts rack and the AWS Region, through the service link.

Deleting data: All data is deleted when instances are terminated in the same way as in the AWS Region.

Outposts rack is designed for high availability with redundant top of rack networking switches, power elements, and built-in, always active, additional capacity (if provisioned) to enable reliable auto recovery workflows the same way as in AWS Regions. Similar to AWS Auto Scaling in the AWS Regions today, we recommend best practices for high availability deployments and auto recovery workflows for easy failover in case of any underlying host issue. Customers can also deploy multiple Outposts at a site, each tied to a different Availability Zone for even higher availability. In addition, customers can use EC2 placement groups on AWS Outposts rack to ensure instances within a group are placed on distinct Outposts racks to reduce the impact of hardware failures.

AWS Outposts rack support for AWS Resource Access Manager (RAM) lets customers share access to Outposts rack resources – EC2 instances, EBS volumes, S3 capacity, subnets, and local gateways (LGWs) – across multiple accounts under the same AWS organization. This new capability allows distributed teams and business units in customer organizations to configure VPCs, launch and run instances, and create EBS volumes on the shared Outpost.

VMware Cloud on AWS Outposts is a jointly-engineered solution that brings the VMware Cloud on AWS experience to virtually any datacenter, co-location space, or on-premises facility. It runs VMware’s enterprise-class Software-Defined Data Center (SDDC) on dedicated AWS Nitro System-based EC2 bare metal Outposts rack instances.

VMware Cloud on AWS Outposts is optimized for VMware workloads that need to remain on premises to meet low latency, local data processing, or data residency requirements. It simplifies IT operations by delivering a fully managed service on premises and allows you to innovate faster with direct access to 200+ native AWS services over Elastic Network Interface (ENI) or VMware Transit Connect.