Connectivity models

Most recommended model due to practicality and resilience.

Each data plane has at least 2 fixed output IPs. These IPs can/should be used for customer-side firewall controls.

To further enhance security, an mTLS strategy can be used between the gateways and the backend.

Cost already included in standard offers.

It is not possible to access backends without externalization through a proxy or similar technology.

Model with private access.

Shared responsibility.

The SLA is different for VPN environments, given the high incidence of problems.

Higher cost of configuration, maintenance and troubleshooting.

Each data plane can be connected to up to 4 networks, limited to 8190 IPs.

Currently, BGP is not supported.

Stability and resilience.

Simplified setup.

Offer available only to customers whose backend is also allocated on AWS.

Each data plane can be connected to up to 4 networks, limited to 8190 IPs.

Possibility to access backends through a private link.

No need to use VPN.

Greater communication flexibility between VPCs.

Within AWS limits, regarding Transit Gateway and connectivity, essential points are adjustable.

For more information, see the AWS Transit Gateway Limits documentation.

Customer must share AWS Transit Gateway using their Sensedia account.

Need to create routes on the Sensedia side and on the client side.

The AWS billing fee happens on both sides (Customer and Sensedia), as AWS charges per VPC attached to the AWS Transit Gateway, and it happens on both sides.

Each data plane can receive up to 5 unique AWS Transit Gateway attachments.

AWS Transit Gateway limits also apply.

Possibility to access backends through a private link.

Cost.

Shared responsibility model between Sensedia, customer and link provider.

Each data plane can be connected to up to 4 networks, limited to 8190 IPs.

Facilitates communication between components on AWS.

Ensures private access with high resiliency.

For more information, see official AWS documentation.

Requires exposure through NLB on the customer side.

As per the AWS documentation, it is possible to use a name with a custom domain (<service>.customer.com.br, for example) in the endpoint service. This name is considered private because AWS registers it in a DNS zone local to the VPCs connected to the endpoint service.

The advantage is being able to consolidate the service exposure under a unique name for different service consumers.

For customers wishing to use this functionality, it is necessary to enable and validate the endpoint service to use the selected name. Once configured, the customer must open a ticket with Sensedia support, requesting the activation of the private DNS name and providing the relevant endpoint service information.

Up to 4 VPC endpoints (powered by AWS Private link) are supported per data plane.