Using AWS Outposts for Railway Operations Cloud at SBB
On October 17, 2023 our project was presented on the AWS Cloud Day Zurich 2023 by Swiss Federal Railways (SBB). It put its High Availability and Low Latency On-Premise (HALON) Cloud Platform based on AWS Outpost to display for a public audience attending the event. I was very thrilled to watch the presentation and check the crowd reactions. In this article a want to give a short sum up of the presentation, some insights from conversations on the fare and some background info on SBB.
Swiss Federal Railway and the Pubic Cloud - Some background
SBB is the largest Swiss rail & train operator with over 1.16 million daily passengers (in 2022). This means that one of eighth Swiss residents travel with SBB on a daily basis which shows the importance of SBB’s travel services to the whole country. This puts a lot of pressure on the company and railway operations (which must be cost effective as well).
SBB started its Cloud journey in 2019 with the goal of shifting significant workloads into the cloud to improve cost-effectiveness and time-to-market. Significant obviously means, that some portions will still remain on-premises. Some of those have been elaborated on during the presentation: “How to use AWS Outposts in railway operations” in which SBB concluded two main constraints for railway companies (which may apply to other industries as well):
- Availability and
- Latency.
Availability - Business Critical Railway Operations 24/7
SBB explained that must maintain abilities to plan, monitor and control train travel plans at all time to guarantee safe travels for their customers. Shifting systems providing those capabilities into the cloud introduces dependencies and connectivity concerns which do not comply with SBB’s security risk tolerance. Therefore they found that a Public Cloud would not be beneficial for those capabilities.
Latency - The sub 10 milliseconds RTT Problem for Rail Operators
SBB declared the minimization of latency as a top priority and found some major latency issues when connecting on-premise systems in Switzerland with resources in AWS region eu-central-1 (Frankfurt, Germany) which is ca. 420 kilometers away from SBB’s head quarters in Bern, Switzerland. In terms of physical feasibility this translates into minimum of 8.4 milliseconds of round-trip-time (RTT) which matches with actual measurements. Although AWS’s new region eu-central-2 (Zurich, Switzerland) might improve this equation significantly, some ~2 milliseconds of RTT will remain at minimum (assuming on-premise is in Bern at the HQ, ca. 100 kilometers from Zurich).
Since SBB does not disclose the location of its data centers we can only accept SBB’s assessment without knowledge of further details. It is safe to say that they aspire a sub 10 milliseconds RTT and that their applications work better with a latency as low as possible. This currently seems only achievable with on-premise deployments.
Considering those points it is understandable that SBB decided against a deployment of their critical rail applications in the cloud. But how about introducing the cloud into the own premises?
AWS Outpost - The Public Cloud On-Premise for SBB
So SBB made the architectural decision to keep certain rail-related workloads on premise, as said during the presentation. With AWS Outpost they were able to introduce cloud technology and migration platforms for legacy systems to cloud native architectures on their very premises. After some proof-of-concepts they verified technical requirements and the benefits of both worlds: Cloud native tools (as the AWS API, AWS CDK, AWS SDK etc.) and on-premise infrastructure. This enabled SBB meeting their availability and latency requirements.
High level architecture of SBB's HALON Cloud Platform built on AWS Outpost
This is a very interesting approach since with this solution SBB is able to manage cloud resources in the regions as well as on-premises with the same tooling. With the extra benefit of accessability to locally deployed resources on Outpost, rail related services can be maintained even if one AWS region fails. AWS Cloud Development Kit (CDK) can be used for automating deployment of infrastructure in AWS Cloud as well as AWS Outpost and AWS Lambda. This brings some versatility and can be helpful for building resilient cloud platforms repeatably.
Some technicalities to consider for rail operators and others when deploying Outpost are:
- How many? (AWS Outpost Server vs. AWS Outpost Rack…)
- Where to put it? (Needs space, power, patching/VLANs, Routes to AWS/Internet…)
- Where to attach it? (Which
AWS Account,AWS RegionandAWS Availability Zonee.g.eu-central-1b) - Local network connectivity via
AWS Outpost Local Gateway (LGW)which is unique to Outpost
It is not the first time I have worked with rail companies on integrating Edge Cloud solutions of Public Cloud providers (e.g. Azure Stack by Microsoft). Though there were different reasons as regulatory requirements regarding ownership of the hardware. But it still is the first example for planned production platform in rail based on this kind of products.
Perception of AWS Outposts commonness during conversations
In my conversations with other professionals I did not learn of any other comparable projects. I did the same observation on the AWS Cloud Day Berlin 2023 and there was not even a single talk dedicated to AWS Outpost. This is very telling and indicates that AWS Outpost is yet uncommon in German-speaking areas in Europe / DACH region. Folks on site of the AWS Cloud Day event were more surprised (out of curiosity) to learn that there is a company integrating this solution. Even more about the fact that there will be a presentation and that I was one of those lucky once integrating it. So by my observations AWS Outpost remains a very niche solution at this point in time.
However SBB has well explained how the solution is useful for their rail business, so we can be very grateful for this rare glimpse into a real world example. For more details I really recommend to listen to the presentation of SBB which might have been recorded. I will add a link to the video record as soon as it is uploaded by AWS.
Did you know that AWS provides a dedicated service API for Outpost? If you wonder how it works or how to use it programmatically with AWS SDK I recommend you to check out my corresponding blog post.
Disclaimer: All pictures have been taken by me personally. All content presented on AWS-related events and their use fall under AWS Event Term and Conditions.