AWS, Azure, and Google Cloud: The Big Three Compared

By Henry Wagner, Chief Marketing Officer

These three top cloud providers are used daily by millions of users across the world – but what sets them apart? We take a magnifying glass to the features that matter.

For any modern business, it’s no longer a question of whether you should investigate moving your high availability IT services to the cloud; rather, it’s a matter of which clouds you should be using, which service offerings, and how to strategically deploy them to accomplish your business goals. From scalable storage of data to the compute power needed to analyze and transform data, the cloud has become a core component in the way enterprises run their business with competitive advantage in mind.

Dominating the Cloud Service Provider (CSP) market are three hyperscalers: Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP). They consume an impressive 34%, 21%, and 10% respectively of the global cloud infrastructure market (as at June 2022), which is worth a staggering $203 billion. And while they each generally share the same mission—to connect users across the globe to on-demand, “as a service” cloud consumption models—they each differ in their offerings, whether it be pricing modalities, storage capabilities, or hybrid multicloud use cases.

In this guide, we identify and assess some of the crucial criteria that you need to consider when shopping for cloud computing services from these major providers.

AWS offers over 200 fully-featured services from its global spread of data centers. Notable customers include BMW, Netflix, and Coca-Cola, but AWS serves millions of customers around the world, from start-ups to government agencies, and has been since 2006.

Azure was launched in 2010, offering more than 200 products and cloud services on its platform. Users can build, run, and manage applications across not only clouds but also on-premises, and at the edge. 95% of Fortune 500 companies trust their business with Azure. Notable customers include the NBA, American Cancer Society, and PepsiCo.

Google Cloud includes a broad suite of services accessed over the internet that help organizations go digital. Google Cloud Platform (which provides public cloud infrastructure for web-based applications) is a part of the larger Google Cloud suite. Since it first came online in 2008, some notable customers include LinkedIn, NewsCorp, Facebook, Verizon, and Twitch.

Features

While each CSP generally offers the same basic capabilities, like dedicated connections, storage, and compute, there are some variations that may make one CSP suit your needs over another, depending on your use case. Variations in offerings also mean multicloud could very well suit your enterprise: By opting for storage with AWS and computing with GCP, for example, you can avoid over-reliance on a single CSP.

The below table represents some of the key features of the highlighted CSPs, including their varying service naming:

Performance

Each of the CSPs offer varying performance speeds across their dedicated connections:

Gateways

AWS

AWS offers three native network routing services that cater to various networking needs depending on the scope and scale of your cloud infrastructure.

Transit Gateway (TGW)

AWS Transit Gateway (TGW) is a highly scalable, cloud-based network gateway that simplifies the process of connecting multiple Virtual Private Clouds (VPCs) across AWS accounts in a hub-and-spoke topology. This service allows enterprises to manage thousands of VPCs and on-premises networks from a central gateway, making it ideal for large-scale, multi-account environments. TGW’s features include:

• Centralized Routing: It acts as a central hub, consolidating VPC and on-premises connections, eliminating the need for VPC peering and reducing the complexity of managing many individual connections.
• Inter-Region Peering: Transit Gateway supports inter-region peering, allowing users to connect VPCs across different AWS regions. This feature improves latency and performance for applications that span across multiple regions.
• Enhanced Security: Transit Gateway supports traffic isolation by allowing you to configure multiple route tables and isolate traffic based on security domains, such as separating development and production environments.
• Integration with Direct Connect: TGW can integrate with AWS Direct Connect to establish high-speed, private connections between AWS environments and on-premises data centers.

Direct Connect Gateway (DGW)

AWS Direct Connect Gateway (DGW), released in 2017, is a service that enables AWS customers to connect multiple VPCs across regions to a single AWS Direct Connect connection. Unlike Transit Gateway, DGW is specifically designed to extend on-premises connectivity to multiple VPCs using a single Direct Connect link. Key features include:

• Cross-Region Connectivity: DGW allows for the attachment of VPCs from different regions to a Direct Connect connection, making it an ideal solution for companies that operate across multiple AWS regions.
• Cost Efficiency: By consolidating multiple VPCs onto a single Direct Connect link, businesses can reduce costs associated with establishing separate Direct Connect links for each region or VPC.
• Simplified On-Premises Connectivity: DGW ensures that traffic between on-premises environments and AWS remains secure and low-latency by avoiding the need for VPN connections over the internet.

However, DGW is limited to on-premises to VPC connectivity and doesn’t provide VPC-to-VPC routing, making it less versatile than TGW for large, multi-region, multi-VPC environments.

Virtual Private Gateway (VGW)

The Virtual Private Gateway (VGW) is AWS’s original network gateway solution, and it provides secure connectivity between AWS VPCs and on-premises environments. VGW is a fully redundant and distributed routing service, which makes it reliable for customers who need connectivity within a single AWS region. Key benefits include:

• VPC-to-On-Premises Connectivity: VGW is ideal for businesses that need to connect a small number of VPCs to their on-premises networks via a Site-to-Site VPN or Direct Connect.
• Cost-Effective for Single-Region Deployments: VGW is a good choice for businesses operating primarily in a single AWS region, as it doesn’t have the multi-region or inter-region connectivity features found in TGW or DGW.
• Limited Scope: Unlike DGW and TGW, VGW doesn’t provide connectivity across multiple regions or VPCs. It’s more suited for basic, single-region, VPC-to-on-premises use cases.

All three routing services — VGW, DGW, and TGW—are designed to fit different use cases. For instance, VGW might be ideal for cost-conscious businesses needing basic VPC-to-on-premises connectivity within a single region. On the other hand, DGW provides cross-region connectivity for multiple VPCs connected to an on-premises environment via Direct Connect. Lastly, TGW offers the most comprehensive set of features, including centralized routing, inter-region peering, and enhanced security, making it the best option for enterprises with complex, multi-region cloud architectures.

Azure

Azure Virtual Network (VNet) is the foundational service for building customer networks in Azure. A VNet creates a private, isolated space within Azure, allowing businesses to securely manage their cloud infrastructure and deploy resources in a virtualized environment. It acts as a networking layer that facilitates communication between your Azure resources, on-premises infrastructure, and other cloud networks, making it central to building scalable and secure cloud architectures.

Key Features of Azure VNet

• Network Isolation and Segmentation:
  VNet offers strong isolation capabilities, allowing you to completely segment your cloud environment. Each VNet functions as a dedicated, private network space in Azure, isolated from other VNets or external networks unless explicitly configured for communication. This isolation enhances security by limiting the exposure of resources to only authorized users or services.

• VNet Peering:
  Azure’s VNet peering feature allows you to connect two or more VNets, either within the same region or across different regions, using private IP addresses. VNet peering enables seamless communication between VNets while maintaining isolation from the public internet. It ensures low-latency, high-bandwidth network connectivity between VNets, which is ideal for workloads that require integration across different environments or regions.

• VNet-to-On-Premises Connectivity:
  VNet enables secure and reliable communication between your Azure resources and on-premises infrastructure. This connectivity is typically established through a Site-to-Site VPN or Azure ExpressRoute, allowing data to be transferred between on-premises locations and Azure over private, encrypted channels. By leveraging these options, businesses can extend their internal network to Azure, creating a hybrid cloud environment where on-premises systems and cloud resources can seamlessly interact.

• Azure VPN Gateway:
  If you need to connect VNets to each other or to on-premises networks, Azure’s VPN Gateway can help. This service lets you set up secure, encrypted tunnels over the public internet or via a Site-to-Site VPN, connecting Azure VNets with other VNets or on-premises networks. It offers flexibility for businesses that need secure remote connectivity to Azure resources but don’t necessarily need the higher bandwidth and lower latency offered by private connections such as ExpressRoute.

Key Use Cases for Azure VNet

• Hybrid Cloud Architectures:
  Azure VNet’s ability to connect on-premises networks with Azure resources through ExpressRoute or VPN Gateway makes it an ideal solution for hybrid cloud deployments. Organizations can easily integrate their existing on-premises infrastructure with cloud resources, ensuring business continuity while taking advantage of Azure’s scalability and flexibility.

• Secure Network Isolation:
  With VNet, businesses can securely segment their network by placing resources into different subnets, assigning Network Security Groups (NSGs), and configuring custom routing. This is especially useful for enterprises needing to maintain strict security controls and compliance.

• Multi-Tier Applications:
  VNets allow organizations to build multi-tier applications by placing the front-end, middle-tier, and back-end components into separate subnets. Traffic between these tiers can be securely managed with NSGs and Azure Firewall, allowing fine-grained control over which resources can communicate with each other.

• VNet Peering for Global Applications:
  When running workloads across multiple Azure regions, VNet peering offers a cost-effective and performance-optimized solution to ensure these workloads can communicate. With global VNet peering, organizations can connect VNets across different Azure regions, allowing for global application deployment and disaster recovery planning.

Enhanced Connectivity with ExpressRoute

For businesses requiring more secure and reliable connectivity, Azure’s ExpressRoute offers a private, dedicated network connection between your on-premises data centers and Azure. Unlike public internet connections, ExpressRoute ensures higher bandwidth, lower latency, and more predictable performance. ExpressRoute is particularly beneficial for organizations transferring large amounts of data or running latency-sensitive applications in Azure.

GCP

Google Cloud Router plays a pivotal role in establishing dynamic routing between your Google Cloud Platform (GCP) Virtual Private Cloud (VPC) and peer networks. This dynamic routing is enabled through the use of Border Gateway Protocol (BGP), which allows seamless, automated route exchange and ensures that your network can easily adapt to changes in IP addressing or topology.

Cloud Router is essential for businesses looking to build flexible, scalable, and interconnected networks in GCP, whether for hybrid cloud, multicloud, or VPC-to-VPC connectivity.

Key Features of Google Cloud Router

• Dynamic Route Exchange with BGP:
  Cloud Router leverages BGP, a standard routing protocol, to dynamically exchange routes between your GCP VPC and your on-premises or peer network. Unlike static routing, which requires manual configuration of IP routes, BGP allows routes to be learned and updated automatically as networks change. This is crucial for environments that need to scale or change rapidly, as it minimizes manual intervention and reduces the risk of routing errors.

• Seamless Hybrid Cloud Connectivity:
  Cloud Router enables GCP customers to securely extend their on-premises network into the cloud. Using BGP, Cloud Router can automatically exchange routes between your on-premises environment and your VPC, facilitating a smooth, scalable hybrid cloud setup. This allows you to manage workloads that span both your private data centers and GCP, ensuring they can communicate effectively with minimal latency.

• Multicloud and VPC Peering:
  In addition to hybrid cloud setups, Cloud Router supports multicloud architectures and VPC-to-VPC connectivity. For businesses using multiple cloud service providers, Cloud Router can exchange routes between GCP and other cloud platforms (such as AWS or Azure), enabling direct multicloud communication. Similarly, it facilitates dynamic routing between VPCs in GCP, allowing for flexible network design across various regions or projects.

• IP Address Learning and Sharing:
  One of Cloud Router’s key capabilities is the ability to dynamically learn new IP address ranges within your VPC and share them with connected networks. This ensures that all changes to your VPC’s IP addressing, such as the addition of new subnets, are automatically propagated to the peered network. This real-time sharing simplifies network management, particularly in complex, rapidly evolving environments where manual updates would be time-consuming and prone to errors.

Key Use Cases for Google Cloud Router

• Dynamic Hybrid Cloud Deployments:
  For enterprises building hybrid cloud environments, Cloud Router ensures that connectivity between on-premises data centers and GCP remains efficient and up-to-date. Using BGP, Cloud Router ensures that your on-premises network dynamically learns about all the subnets in your VPC, simplifying the management of route changes and minimizing downtime.

• Multicloud Connectivity:
  Businesses adopting a multicloud strategy can use Cloud Router to create seamless routing between GCP and other cloud providers. By enabling dynamic route sharing between different clouds, Cloud Router helps ensure that workloads can communicate without needing to route through a central on-premises hub, reducing latency and enhancing performance.

• VPC Peering with Dynamic Routing:
  When connecting multiple VPCs within GCP, Cloud Router simplifies the routing process by automating the sharing of routes. Whether you’re connecting VPCs across different regions or projects, Cloud Router provides the flexibility to scale your network without manually updating static routes.

Integration with Google Cloud Interconnect

When used in conjunction with Google Cloud Interconnect, Cloud Router enhances the performance and reliability of your network. Cloud Interconnect provides high-bandwidth, low-latency private connectivity between your on-premises network and GCP, and Cloud Router automates the exchange of routes between these networks. This integration is ideal for businesses with large data transfers, latency-sensitive applications, or those requiring a private, secure connection to GCP.

Google’s Cloud Router provides the flexibility and scalability required for modern, dynamic network environments. Whether connecting on-premises data centers, enabling multicloud communication, or linking multiple GCP VPCs, Cloud Router’s use of BGP ensures seamless, automated route management, helping businesses maintain optimal network performance and minimize administrative overhead.

Computing

Virtual Machines (VMs), commonly referred to as “instances,” are used in servers for various purposes, and act as the “motor that practically runs every aspect of our modern life.”

AWS

AWS offers computing through its EC2. These are highly customizable: Users can expand storage, add additional network interfaces, add resiliency leveraging Availability Zones, and more. AWS allows you to only pay for the capability you use, and offers different types of instances including on-demand, spot, and reserve, which can all benefit different use cases.

Azure

Azure’s compute solution is its Virtual Machines (VMs). This provides users with tools like Cloud Services and Resource Manager to help with cloud application deployment and Azure Autoscaling.

GCP

Compute Engine VMs deliver configurable virtual machines running in Google’s data centers. These are customizable to your needs and can be created quickly, and host a lot of storage space.

Below are the various billing models on offer from each of the leading CSPs:

Security

There are three key factors that are important to consider when evaluating the security of cloud vendors: physical security (protecting enterprise data centers), technical security (monitoring network traffic and fixing vulnerabilities), and data access (controlling who has access to which data, and encryption functionality). Depending on your enterprise size and needs, you may need tighter protection in some areas, while look to save costs in other areas on measures you don’t need.

AWS

AWS shares its security products and features in this whitepaper. AWS provides security-specific tools and features across network security, configuration management, access control, and data security. In addition, AWS provides monitoring and logging tools to provide visibility into what is happening in your cloud environment.

AWS provides several security capabilities and services to increase privacy and control network access. These include:

• Network firewalls built into Amazon VPC, which let you create private networks and control and monitor access to your multiple instances or applications;
• Connectivity options that enable private, or dedicated, connections from your office or on-premises environment;
• DDoS (distributed denial-of-service) mitigation technologies that apply at layer 3 or 4 as well as layer 7 of your network, which can be applied as part of content delivery strategies; and
• Automatic encryption of all traffic on the AWS global and regional networks between AWS secured facilities.

Azure

Microsoft offers two key security solutions:

• Microsoft Sentinel — this is a “scalable, cloud-native, security information and event management (SIEM), security orchestration, automation, and response (SOAR)” solution. Sentinel provides users with enhanced visibility over the network through security analytics and threat intelligence, as well as proactive hunting and threat response.
• Microsoft Defender for Cloud — Defender helps your enterprise prevent, detect, and respond to threats with increased visibility and control over your Azure workspace. Through integrated security across your Azure cloud applications, it helps detect threats that might otherwise go unnoticed.

GCP

GCP’s infrastructure security whitepaper goes into detail describing the layers of security measures, starting with hardware and ending with operational security. Some of the components include:

• Custom hardware and software in data centers, as well as a strict hardware disposal policy;
• Global IP network that minimizes the number of hops across the public internet (which can be prone to cyberattacks); and
• Security monitoring that is focused on the movements and behavior of internal network traffic.

Pricing

Deciphering the costs for cloud services can be a daunting task, especially when CSPs differ in their pricing models, also varying by solution. This section provides a high-level overview of the charges you can expect to be billed as an enterprise customer. As a note, you should always verify pricing using the various cloud provider website links provided and work with your cloud provider representative to fully understand the pricing for your particular solution.

Egress fees

While you can migrate as much data into a CSP as you want for free, you’ll be charged per GB of data when you migrate it out – hence egress, meaning “leaving.” These costs may run up behind-the-scenes as applications continue to extract data, and are billed in arrears. Egress fees can vary depending on the volume of data you move, as well as where you move it to (transferring data among availability zones will come at a lower cost, but moving across continents, for example, could raise your cloud bill significantly). Plus, all of these fees are charged at a higher rate when routing traffic or data via a public connection, like the internet.

Egress rates per GB (in $USD)

AWS

• 1GB-10TB — $0.09
• 10-50TB — $0.085
• 50-150TB — $0.07
• 150-500TB — $0.05
• 500+TB — Contact Amazon

Azure

• 5GB-10TB — $0.087
• 10-50TB — $0.083
• 50-150TB $0.07
• 150-500TB — $0.05
• 500+TB — Contact Microsoft

GCP

• 0-1TB — $0.12
• 1-10TB — $0.11
• 10+TB — $0.08

Dedicated connections

There are numerous benefits to using a CSP’s dedicated network connection to connect to its respective cloud rather than the public internet, similar to the benefits of using a private cloud over a public one. These include bolstered security, greater oversight and control, and more stable performance. Each CSP’s dedicated connection serves as a protected, private path for your workload to travel between your premises and the cloud.

AWS

AWS Direct Connect is the “shortest path to your AWS resources.” With Direct Connect, your network traffic remains on AWS’ global network and therefore never touches the public internet, reducing the chances of bottlenecking or latency.

Azure

Azure ExpressRoute acts similarly and allows you to create private connections between Azure data centers and your own data centers or on-premises infrastructure. Connecting via ExpressRoute can be useful for companies heavily relying on Microsoft cloud for services such as virtual compute, database service, or cloud storage, as is also the case with AWS cloud products.

With Azure ExpressRoute, you can configure both Microsoft peering (to access public resources) and private peering over the single logical layer 2 connection. Each ExpressRoute comes with two configurable circuits that are included when you order your ExpressRoute. With the standard ExpressRoute, you can connect multiple VNets within the same geographical region to a single ExpressRoute circuit and can configure a premium SKU (global reach) to allow connectivity from any VNet in the world to the same ExpressRoute circuit.

GCP

Over GCP’s Interconnect, you can only natively access private resources. If connectivity to GCP public resources (such as cloud storage) is required, you can configure private Google access for your on-premises resources. This does not include GCP’s SaaS offering, G Suite. In order to reach G Suite, you can always ride the public internet or configure peering using an IX. With the GCP Cloud Router having 1:1 mapping with a single VPC and region, the peerings (or rather VLAN attachments) are created on top of the Cloud Router. This functionality and model is similar to AWS Direct Connect and creating a virtual network interface (VIF) directly on a VGW.

Regions and availability

Each of the three leading hyperscalers also vary in their global and regional availability. This is especially important to consider for enterprises that operate across multiple regions, as well as when needing to support a distributed and remote workforce. And while each CSP defines regions and zones slightly differently, they can generally be defined by the following.

While a region refers to separate geographic areas (such as countries), availability zones are multiple, unique, and isolated locations within these regions. These availability zones may be a single or grouped selection of data centers that serve adjacent enterprises, and are “engineered to be isolated from failures in other availability zones” to ensure redundancy. Zones provide the ability to place cloud functions, such as storage, closer to various end users.

AWS was the earliest in the cloud domain market by several years, which means that they’ve had more time to establish and expand their network. So, AWS is hosting in many locations worldwide. Azure and GCP are also hosting in many, but the difference is in the number of their respective availability zones.

• AWS has 66 availability zones with 12 more on the way.
• Azure has 54 regions worldwide and is available in 140 countries.
• Google Cloud Platform has been made available in 20 regions around the world with 3 more on the way. They also have 173 network edge locations, available in over 200 countries.

Storage

Each CSP offers three tiers of storage functionality: 1. File, 2. Block, and 3. Object. While file storage organizes data into a hierarchy of files in folders, block storage groups data into arbitrarily organized, evenly sized volumes, and object storage manages data and links it to its associated metadata.

There are a handful of commonalities among the three CSPs storage solutions. They all offer:

• Versioning – a means of keeping multiple variants of an stored object in the same “bucket”;
• Encryption – transforming data files from its original plain text format to an unreadable format before being stored in the cloud;
• Fine-tuned security – this includes the ability to make files either publicly accessible or completely private; and
• Storage class tiers – users can pay more or less depending on how performant and redundant the storage class is. There are also options to reduce costs for less frequently accessed data. 

AWS — Amazon Simple Storage Service (S3)

• File storage: Amazon’s Elastic File System (EFS) is an NFS-based file system that operates on cloud and local storage. AWS provides this as either a Standard storage class or EFS IA (infrequent access).
• Block storage: Elastic Block Store works with Amazon Elastic Compute Cloud. “General purpose” SSD volumes offer a base performance of 3 IOPS (input/output operations per second)/GB. Provisioned IOPS SSD volumes support up to 64,000 IOPS and 1,000 Mbps throughput.
• Object storage: S3 is AWS’s object storage offering, with a claimed “11 nines” (99.999999999%) of data durability of objects over a given year availability.

Azure Azure Blob Storage

• File storage: Azure Files uses SMB (Server Message Block) and allows concurrent file share mounting in the cloud or on-premises. The maximum storage capacity is 4 PB, with ingress 25 Gbps and egress 50 Gbps.
• Block storage: Azure Disk provides managed disks for Azure virtual machines, with five nines availability and a maximum disk size of 65,536 GB for Ultra disk, with 160,000 down to 32,76 GB for standard disk, with 2,000 IOPS.
• Object storage: Azure Blob offers petabyte-scale object storage with 16 nines availability.

GCP — Cloud Storage

• File storage: Cloud Filestore provides NAS for Google Compute Engine, with storage offered as either standard or premium. Standard ranges from 1 TB to 10+ TB with 1000 IOPS and 180 Mbps, while premium starts at 3.5+ TB with a read throughput of 1.2 Gbps and 60,000 IOPS.
• Block storage: Persistent Disk block storage runs up to 64 TB and offers standard persistent disks, persistent SSDs, and local SSDs and NVMe storage. Write IOPS range from 15,000 to 30,000 and read IOPS from 15,000 to 100,000.
• Object storage: Google Object or blob storage provides different locations based on performance and redundancy requirements. The main storage tiers are Standard, Nearline, Coldline and Archive. GCP’s Object Lifecycle Management tool automatically moves storage to a lower-cost tier, according to user-specified rules.

How Megaport can help

Megaport makes it easy to set up multicloud connectivity to and between these leading cloud service providers. Here’s how:

1. First, provision a Virtual Cross Connect (VXC) from any global Megaport Point of Presence (PoP) into your chosen data center location.
2. Then, connect your multiple CSPs using the Megaport Network, including AWS, Microsoft Azure, Google Cloud Platform, and many others. You can connect to multiple cloud regions from a single interconnection point.
3. Alternatively, you can spin up a Megaport Cloud Router (MCR) to connect to and between clouds without the need for physical infrastructure.

With Megaport Cloud Router (MCR), you can enjoy a fast, secure, and scalable way to connect your clouds with a dedicated private connection. This means your data can move between your various cloud architectures directly, without having to stop off at a data center first (known as hairpinning), reducing latency and time as well as giving you control over your bandwidth and architecting your multicloud network for redundancy.

Without physical infrastructure, customers can leverage cloud-to-cloud networking, private peering between leading public cloud, IaaS (Infrastructure as a Service), and SaaS (Software as a Service) providers, and direct connectivity to any provider on the Megaport global Software Defined Network. Without the need for physical infrastructure, customers can spin up Virtual Cross Connects (VXCs) on demand with easy management via the Megaport Portal. This all adds up to a faster, more flexible multicloud network.

Ready to explore your cloud options? Book a demo with Megaport now.