FinOps Cloud Practitioners who focus on virtual networking & routing use cases to support public cloud have a huge advantage over their peers. Carriers or Cloud Routing service provides who install connectivity between IaaS and SaaS is the #1 product set Cloud Engineering, Dev and FinOps teams always overlook. Why? There are nearly 100 different options to route service requests between cloud instances and tenancies, yet most organizations pick the option, which is the easiest to deploy, not the most cost-effective, reliable and flexible.
What is FinOps Cloud Networking?
Using a carrier grade layer 1-3 connection between Public Cloud to On-premises or from a Colocation facility to connect your environments is the typical topology. However, FinOps practioners have started to rely on their IT team to support this or allow cloud ops to make the decision and be done with it. Mostly because when it comes to WAN, organizations feel that is separate from Cloud. It should always be factored into the cloud cost optimization models
How to keep Cloud Networking Costs in check?
- Ensure the bandwidth provider can support cloud usage
- Is your contract flexible to bill on usage or are you locked into a linear speed and price?
- Is it virtual or physical port(s) you are connecting to?
- Negotiate 12 month or Month to Month terms if possible
- Don’t be afraid to go outside your traditional telecom carrier
AWS FinOps Cloud Networking Costs
As a practioners, you should understand the different methods to connect in this example with AWS. If your cloud teams “want” a 10G connection but does not have the application traffic to support it, this will help you work on an alternative (lower bandwidth) option.
In the Dedicated Direction Connection, there are three main components to understand, plan and then reallocate costs back into the business: Port Hours, Data Transfer Out (DTO) and Capacity. At Macronet Services, we call this CP+DTO calculation. First let’s define how the CP+DTO calculation covers a dedicated connection.
What is Capacity? Capacity is the highest rate that data can be routed through a network connection which can vary from megabits per second (Mbps) or gigabit per second (Gbps).
What are Port hours? Port Hours is a measurement of the time a port is provisioned for direct connection within your environment. An important item to note, this calculation continues to occur even if you are not routing data through your port, you are still charged.
What is DTO? DTO is the total network traffic that routes from Direct Connect to a destination outside of AWS. This will certainly fluctuate and can be difficult to reduce since lowering traffic volumes would mean requests leaving a destination for your business would be impacted. The good news here, AWS does not charge for any data transferred into your environment, only when it departs.
How to calculate the CP+DTO equation
Below is a fictional example of a customer who requires (2) dedicated ports each with a 1Gbps port capacity for AWS East and West. Assuming the cloud team left the port on/live for an entire month
Capacity & Port
DTO
CP+DTO = ($438 + $4217.46) = $4,655.46 in a 1 Month Window
An important note here, no matter how much traffic you push on an hourly basis, you are charged a Port Hours Rate for having the circuit established to your Direct Connect On Ramp.
However, we are not finished with the total calculation for the month as we still need to factor in the outside connection for direct connect, typically offered by a carrier. If you decide on a telecom carrier connection for example, such as a private line or internet VPN, you must factor those costs into your final allocations. Many FinOps teams forget this piece because it is subtle and varies by vendor or connection method (VPN, ZeroTrust, SDWAN, MPLS etc.)
Let’s review your network requirements and put a matrix together to support your FinOps crawl stage so you can run this later.