Nauman Munir
Back to Projects
Case StudySaaSInfrastructure as Code

Boosting Hybrid Cloud Performance with AWS Site-to-Site VPN + Global Accelerator

Enhanced hybrid cloud performance for a global SaaS provider using AWS Site-to-Site VPN with Global Accelerator, reducing latency by 30–50% and ensuring SLA compliance.

5 min read
4 weeks
Boosting Hybrid Cloud Performance with AWS Site-to-Site VPN + Global Accelerator

Technologies

AWS Site-to-Site VPN (Accelerated Mode)AWS Global AcceleratorAWS Transit Gateway (TGW)IPSec with NAT TraversalBorder Gateway Protocol (BGP)CloudWatch & VPN Telemetryap-southeast-1, eu-central-1, us-east-1 Regions

Challenges

Inconsistent PerformanceGlobal Latency IssuesVGW LimitationsSLA Risks

Solutions

Performance OptimizationHigh AvailabilityScalabilityCentralized Monitoring

Key Results

30–50% reduction in latency across regions

latency reduction

Near-zero packet loss and jitter with fault-tolerant connectivity

availability achievement

Future-proof architecture supporting hundreds of VPCs

scalability improvement

Centralized monitoring and reduced operational overhead

operational efficiency

Restored sub-200ms response SLA for real-time reporting

sla compliance

Boosting Hybrid Cloud Performance with AWS Site-to-Site VPN + Global Accelerator

AMJ Cloud Technologies partnered with a global SaaS provider to enhance their hybrid cloud performance using AWS Site-to-Site VPN with Global Accelerator. This case study demonstrates how we reduced latency, improved availability, and ensured SLA compliance for their real-time reporting systems.

Situation

The client, a SaaS provider headquartered in Frankfurt with branch offices across North America and Asia, relied on AWS to host customer data analytics and compliance platforms. These platforms required low latency and high availability, particularly for real-time reporting systems used by financial institutions. While the client had implemented AWS Site-to-Site VPN for secure connectivity between their on-premises data centers and AWS VPCs, they experienced performance inconsistencies—high latency, packet loss, and jitter—due to reliance on public Internet routes, especially during peak hours.

Task

Our team was tasked with designing a solution to meet the following objectives:

  • Improve performance by reducing latency, packet loss, and jitter across three AWS regions (Frankfurt, N. Virginia, and Singapore).
  • Ensure consistent global connectivity for branch offices in distant geographies.
  • Overcome limitations of the existing Virtual Private Gateway (VGW)-based VPN setup.
  • Restore compliance with customer SLAs, particularly sub-200ms response times for real-time reporting.
  • Maintain security and scalability while minimizing operational overhead.

The project was executed by a team of cloud architects and network engineers over a four-week timeline.

Action

To achieve these objectives, we redesigned the client’s hybrid connectivity architecture by integrating AWS Global Accelerator and AWS Transit Gateway with their Site-to-Site VPN, focusing on performance, availability, and scalability:

  1. Transitioned from VGW to Transit Gateway:

    • Replaced the existing Virtual Private Gateway (VGW)-based VPN setup with an AWS Transit Gateway (TGW) to enable accelerated VPN support.
    • Re-associated the client’s VPCs in all target regions (Frankfurt, N. Virginia, Singapore) with the Transit Gateway.

  2. Created New Accelerated VPN Connections:

    • Provisioned new Site-to-Site VPN connections with acceleration enabled for each on-premises site.
    • Utilized AWS Global Accelerator edge locations to assign new VPN tunnel endpoints, optimizing traffic routing over AWS’s global network.

  3. Customer Gateway Update:

    • Reconfigured the client’s Palo Alto appliances as the Customer Gateway (CGW) with the new accelerated VPN endpoint IPs.
    • Enabled NAT Traversal and verified IKE re-keying policies to ensure secure and persistent tunnel uptime.

  4. Routing Optimization:

    • Reconfigured Border Gateway Protocol (BGP) on each CGW to dynamically advertise and learn routes through the Transit Gateway.
    • Enabled failover and improved routing resilience across all three AWS regions.

  5. Observability Enhancements:

    • Integrated AWS CloudWatch metrics and Accelerated VPN telemetry to provide real-time visibility into tunnel health, latency, and packet loss.
    • Centralized monitoring to reduce operational overhead and improve troubleshooting.

  6. Testing and Validation:

    • Conducted performance tests to measure latency, packet loss, and jitter improvements across regions.
    • Simulated failover scenarios to confirm high availability and fault tolerance during maintenance or outages.

The team collaborated with the client to monitor metrics during rollout and fine-tuned configurations to optimize performance and reliability.

Result

The AWS Site-to-Site VPN with Global Accelerator implementation delivered significant outcomes:

  • 30–50% Reduction in Latency Across Regions: Remote branches experienced significantly lower latency, with packet loss and jitter reduced to near-zero levels during peak traffic.
  • Near-Zero Packet Loss and Jitter with Fault-Tolerant Connectivity: AWS’s global network ensured consistent, reliable performance, with redundant tunnels providing zero downtime during maintenance events.
  • Future-Proof Architecture Supporting Hundreds of VPCs: Transit Gateway adoption enabled scalability for additional VPCs, on-premises sites, and future Direct Connect integration.
  • Centralized Monitoring and Reduced Operational Overhead: Unified tunnel health metrics, re-keying logs, and route propagation insights simplified network management.
  • Restored Sub-200ms Response SLA for Real-Time Reporting: Stabilized application performance, restored customer confidence, and prevented SLA penalties.
  • Operational Simplicity: Quick implementation with minimal disruption.

This solution has become a reference for AMJ Cloud Technologies’ hybrid cloud performance projects, showcasing our expertise in AWS networking and performance optimization.

Technologies Used

  • AWS Site-to-Site VPN (Accelerated Mode): Provided secure, high-performance connectivity.
  • AWS Global Accelerator: Optimized traffic routing over AWS’s global network.
  • AWS Transit Gateway (TGW): Enabled scalable, centralized connectivity.
  • IPSec with NAT Traversal: Secured data in transit.
  • Border Gateway Protocol (BGP): Managed dynamic routing and failover.
  • CloudWatch & VPN Telemetry: Monitored performance and health.
  • ap-southeast-1, eu-central-1, us-east-1 Regions: Supported global operations.

Key Use Cases

This architecture is suitable for:

  • Global SaaS providers with latency-sensitive workloads across multiple regions.
  • Organizations needing secure, high-performance hybrid connectivity without dedicated infrastructure.
  • Enterprises seeking scalable, future-proof solutions for hybrid cloud expansion.

Ready to boost your hybrid cloud performance? Contact us to explore how AMJ Cloud Technologies can help.

Key Takeaways

This case study highlights the impact of AWS Site-to-Site VPN with Global Accelerator in enhancing hybrid cloud performance for a global SaaS provider. By leveraging AWS’s global network and Transit Gateway, we reduced latency, improved availability, and ensured SLA compliance. AMJ Cloud Technologies is dedicated to delivering practical cloud solutions for performance-driven hybrid architectures.

Architectural Diagram

Need a Similar Solution?

I can help you design and implement similar cloud infrastructure and DevOps solutions for your organization.

Let's Discuss Your ProjectView More Projects