AWS Direct Connect and VPN Backup

Optimizing on-premises Connectivity for a Fintech Customer

REGION

United Arab Emirates

COMPANY TYPE

FinTech

INDUSTRY

Financial Services & Insurance

CLOUD SOLUTION

LinkedIn
Email
Print
Contact Bespin's Consultants ▾

THE CUSTOMER

The customer is a Fintech fast-growing financial technology company that provides real-time payment processing, fraud detection, and portfolio management services to institutional and retail clients. With a global customer base and regulatory obligations that require data sovereignty and secure, low-latency access to financial data, the Fintech relies heavily on both cloud-based services and on-premises infrastructure.

THE CHALLENGE

As part of its digital transformation, the customer adopted Amazon Web Services (AWS) to take advantage of cloud scalability, flexibility, and advanced analytics capabilities. However, due to the latency-sensitive nature of financial transactions and the need for real-time synchronization between cloud services and on-premises systems, the company faced a critical challenge: ensuring reliable, low-latency connectivity between their AWS-hosted workloads in the local region and their on-premises data centers.

Providing Secure and Reliable Connectivity to On-Premises Data Centers

The existing site-to-site VPN solution over the public internet was susceptible to network congestion, fluctuating latency, and intermittent packet loss. These issues led to increased transaction processing times and occasional service disruptions, which could not be tolerated as the only connectivity in a competitive and highly regulated financial environment. This required a solution that would guarantee predictable, high-performance connectivity while still providing a reliable fallback in case of primary link failure.

THE SOLUTION

To address these connectivity challenges, Bespin engaged with the customer to assist in collecting requirements, validating, designing, and deploying AWS Direct Connect to establish a dedicated, private connection between its on-premises data centers and its AWS Landing Zone in the region. This connection provided a consistent and low-latency network experience, bypassing the public internet and avoiding its associated uncertainties.

AWS Direct Connect was provisioned through a 1 Gbps dedicated connection with redundant physical links to ensure high availability. The company partnered with an AWS Direct Connect Partner to facilitate colocation and cross-connect setup at a Direct Connect location closest to their on-premises infrastructure.

To enhance reliability, the existing site-to-site VPN connection over the public internet was maintained as a failover backup. Using AWS Transit Gateway, 3rd party NGFW NVA and Border Gateway Protocol (BGP), dynamic routing was configured to automatically switch traffic to the VPN link in case of any interruption to the Direct Connect path.

AWS Direct Connect with VPN Over the Internet as Backup

To ensure this architecture delivered both the performance and resilience required in a fast-paced financial environment, Bespin Global designed a hybrid connectivity model that combined the deterministic performance of AWS Direct Connect with the flexibility and redundancy of a VPN backup. This approach enabled the customer to maintain stable, low-latency connectivity for real-time financial workloads while also mitigating risks associated with single-path failures. Through strategic routing, robust security controls, and active monitoring, the setup provided a seamless and secure bridge between cloud-native applications and on-premises systems, ensuring uninterrupted service delivery, compliance with regulatory requirements, and peace of mind for the customer’s network operations team. The solutions incorporated included:

Direct Connect Location: Partner facility in the same metropolitan area as the primary data center. This reduced the physical distance between the customer network and AWS infrastructure, lowering latency and simplifying logistics.

Redundancy: Dual 1 Gbps physical connections were provisioned across separate devices and fiber paths to mitigate single points of failure. Redundant Direct Connect endpoints were deployed in separate AWS Availability Zones.

Virtual Interface Configuration: transit virtual interfaces (VIFs) were established. This allowed access to AWS VPC, and extended the connectivity to different regions and other VPCs, enabling flexibility and access to resources hosted in private subnets and in different regions.

VPN Backup: The site-to-site VPN was configured using IPsec tunnels over separate internet connections with dynamic BGP routing. Route priorities ensured that the Direct Connect path was preferred unless unavailable.

Routing and Transit Gateway: AWS Transit Gateway served as the central hub for interconnecting multiple VPCs and on-premises networks.

Security: All traffic was encrypted end-to-end. Data over Direct Connect and Internet was both encrypted and protected using strong IPsec configurations. The network architecture complied with industry standards like PCI-DSS and ISO 27001.

Use of Security Network Virtual Appliances: The customer complements the solution with third-party network virtual appliances, which enable advanced security inspection features and terminate the VPN connectivity.

Monitoring and Management: The setup was monitored using AWS CloudWatch for Direct Connect metrics, such as connection state and data throughput. Custom dashboards and alarms were created to notify network engineers of anomalies. Third-party tools like DataDog and NewRelic complement AWS-native monitoring to provide end-to-end visibility and simulate failover scenarios regularly.

THE RESULT

The implementation of AWS Direct Connect, backed by a resilient VPN failover strategy, delivered measurable outcomes that transformed the Fintech’s network performance and operational reliability. This hybrid connectivity model not only stabilized their cloud access but also empowered their infrastructure to meet the stringent demands of real-time financial services, enhancing user experience, system availability, and compliance posture, including:

1. Improved Reliability: By establishing a dedicated network path, the company eliminated disruptions caused by internet congestion and provider outages. The VPN backup ensured continued service availability in case of primary link failure.

2. Low Latency: AWS Direct Connect significantly reduces network latency compared to the public internet, improving application performance and enabling real-time data exchange crucial for financial operations.

3. Predictable Performance: With a dedicated 1 Gbps connection, the fintech company achieved consistent throughput levels, enhancing user experience and operational stability.

4. Enhanced Security: Traffic bypassed the public internet and was encrypted, ensuring compliance with strict financial regulations and data protection standards.

5. Seamless Failover: BGP, 3rd party NVAs, and AWS Transit Gateway allowed for seamless transition to the VPN link, minimizing downtime and maintaining operational continuity during maintenance or unexpected outages.

6. Operational Efficiency: The cloud team gained better visibility and control over network traffic, reducing troubleshooting time and improving overall IT responsiveness.

Key Measurable Outcomes

Since implementing AWS Direct Connect with VPN backup, the Fintech has experienced a substantial improvement in application performance and system uptime:

• 30% decrease in average latency (from ~70ms via VPN to ~50ms with Direct Connect)

• Achieved 99.99% network uptime over 12 months, aligning with business SLAs

• Zero unplanned service interruptions due to effective failover mechanisms

• 20% faster transaction processing, boosting both customer experience and throughput

• Strengthened compliance standing, meeting PCI-DSS and UAE data residency mandates.

With a secure, low-latency hybrid network now in place, the Fintech has built a strong, scalable foundation to support its mission-critical services and future growth.

About Bespin Global, an e& enterprise company:

Bespin Global established a joint venture with & enterprise, making it the largest public cloud managed and professional service provider in the Middle East. We serve as your strategic ally in the digital landscape, adeptly navigating complexities and unlocking opportunities with precision and foresight.

Our services encompass cloud migration, integration, and management, empowering businesses to scale efficiently and adapt dynamically in an ever-evolving market.

Bespin delivers the tools, expertise, and support needed to ensure a sustained future.

Bespin is committed to elevating the clients’ technological capabilities, emphasizing continuous improvement and proactive engagement. Our holistic, customer-centric approach ensures that every solution not only meets but exceeds expectations.

Bespin forges lasting partnerships and creates enduring value. It is the go-to partner for expert cloud integration and strategic guidance.

Address: The Offices 4, #138-139, One Central, Dubai World Trade Center (DWTC)
Telephone: 800 BESPIN (237746)
P.O. Box: 340729

arrow Previous Case Study Next Case Study arrow

Start the Conversation Today

Let's Talk arrow
Our experts provide support at every step, empowering you to maximize your cloud potential and stay future-ready.
Let's Talk arrow