Use Internet2 SiteID

Already have an Internet2 SiteID?
Sign in here.

Internet2 SiteID

Amazon Web Services


Cloud computing requires a multifaceted solution that addresses connectivity, identity, compliance, a contracting framework, and a community of practice to engage when questions arise. Internet2’s Peer Exchange and Cloud Connect options address common connectivity needs, and its NET+ program works to address the other dimensions in ways expressly tailored to the needs of higher education. More details on these services as well as how to leverage these efforts can be found on their respective tab.

Eligible Subscribers:
U.S. Higher Education institutions; or Internet2 Higher Education Members, Affiliates, or Federal Affiliates.
University of Virginia
Sara Jeanes

The Internet2 community’s NET+ AWS service provides a better path for institutions to speed adoption of AWS and remove many of the barriers that have stood in the way of enterprise deployment. NET+ AWS, offers enhanced standards-based enterprise agreements, extremely favorable custom R&E based terms, ease of user account provisioning with central controls and critical R&E technology integrations. Further, data transfers to and from the AWS cloud have been substantially improved and include data transport waivers that allow scholars and scientists to scale their work and push limits with computing and analysis.

NET+ AWS offers:

  • Enterprise agreements providing optimized terms and protections including a community negotiated Business Associate Agreement (BAA) 
  • Simple and efficient enterprise control framework to ease user and department account provisioning while maintaining central control
  • Substantial improvements to data transfer and access with no costs for inbound data plus data egress fee waiver
  • Seamless single sign-on with campus credentials via Internet2’s InCommon Federation, serving nearly 10 million individuals across R&E
  • A direct AWS/Internet2 Network connection providing members with advanced capabilities for direct data transfer to the AWS cloud
  • Successful completion of the peer-driven NET+ Service Validation process adhering to community security, accessibility and performance standards
  • Discount thresholds automatically provided to all participating institutions based on total community volume
  • Additional discounts based on total number of campuses participating

A group of five Internet2 Member campuses, along with Internet2 and DLT, have worked together to create an Amazon Web Services program specifically tailored to the needs of the non-profit research and education community. 

Visit the DLT Overview site for further review.

The Internet2 NET+ Amazon Web Services was developed by a group of five universities through the NET+ Service Validation process and has additional enhancements to support enterprise usage and broad adoption across campus. This NET+ program provides significant technical and procurement benefits, and enables campuses to leverage AWS using a best in-class offering.

Features included:

  • A community negotiated Business Associate Agreement (BAA) for HIPAA workloads containing patient health information (PHI)
  • Increasing discounts of 3-5%, based on community usage
  • Detailed and granular billing with a variety of payment options provides visibility to campus AWS usage
  • 100Gb/s of privately peered capacity to the Internet2 Network
  • Use InCommon credentials the DLT Portal to request and transfer AWS accounts
  • Professional services and training available

Find out how the community is using this service by visiting the Cloud Wiki

cloud connect
Amazon Web Services (AWS) Direct Connect
Layer 3 routed access to Amazon via direct peering with these providers. Consider using the Internet2 Peer Exchange (I2PX) when accessing cloud providers if your applications don’t require your campus private network to be extended into the cloud. Additionally, if your application requires network layer encryption implemented with VPN tunneling, the I2PX can provide multiple high capacity paths for your tunnels into these cloud providers.

Amazon AWS Direct Connect

Internet2 Peer Exchange

The Internet2 Peer Exchange (I2PX) provides Layer 3 routed access to Amazon via direct peering with these providers. Consider using the I2PX when accessing cloud providers if your applications don’t require your campus private network to be extended into the cloud. Additionally, if your application requires network layer encryption implemented with VPN tunneling, the I2PX can provide multiple high capacity paths for your tunnels into these cloud providers.

I2PX is also eligible for the data egress fee waiver!

Cloud Connect

Using your regional's infrastructure in conjunction with the Internet2 Network, you can reach cloud resources, including Amazon AWS Direct Connect The robust regional and national networks allow access to these cloud providers available in the locations on the map (please see below). Depending on your preference, you can implement either a Layer 2 or Layer 3 solution. In addition, you will need to subscribe to the cloud provider's service.

Amazon AWS Direct Connect Service Locations

Connecting to Amazon AWS Direct Connect

Internet2 offers both a layer 2 and a layer 3 connectivity option.

Layer 2 Amazon AWS Direct Connect Connection

The layer 2 option consists of layer 2 VLANs connecting the campus routers to routers inside the Amazon AWS cloud. The campus and Amazon exchange routes via BGP.

Layer 3 Amazon AWS Direct Connect Connection

With the layer 3 option, Internet2 creates an L3VPN unique for each campus. The L3VPN BGP peers with Amazon AWS and the campus, in turn, BGP peers with the L3VPN. The regional network, if any, passes the VLANs through between the campus and Internet2. One advantage of this option will be discussed further below.

Additional Layer 3 Connectivity

Another advantage of the Layer 3 option is the possibility of connecting to other Amazon AWS regions and other cloud service providers. In this case, the Internet2 L3VPN peers with the additional sites/providers and the campus simply continues to peer with the L3VPN over the existing VLANs. Doing this with Layer 2 would require possibly many additional VLANs connecting the campus to provider routers.

Using Cloud Connect Portal

To learn how to use the Cloud Connect Portal, see the video here.

Presentations - Webinars

  • A conversation with Emory's Jimmy Kincaid on using VPNs instead of Direct Connect
    • "With the recent announcements from Internet2 about their Cloud Connect program, the “When Direct Connect?” vs. “When VPN?” has been the subject of vigorous discussion in the cloud community.  Emory University has constructed an impressive environment to automate the provisioning and use of AWS by their research community. As part of their extensive research, testing and configuration, Emory decided to use VPNs for these accounts over AWS Direct Connect at this time. Jimmy Kincaid did the analysis for Emory and has graciously agreed to join us for a call to explain his findings and explain how they made their decision and implemented it." 
      Bob Flynn, Manager of Cloud Technology Support, Indiana University
    • Link to the presentation
  • Webinar by Yale: Hybrid approach to cloud resources
    • "Yale University had the need to reduce seven data centers on campus to two primary facilities and establish disaster recovery for critical services. With the availability of cloud resources, Yale was able to provide a comprehensive plan for consolidation of onsite resources and make available multiple cloud providers. Providing a hybrid approach with on premise Data Centers and extending to cloud providers, Yale is able to offer its community availability for disaster recovery, scalability of onsite resources, and self-service resources such as servers and storage. Attendees to this session will learn the challenges and opportunities of considering hybrid cloud options."
      Louis Tiseo, Director, Cloud Technologies, Yale University
    • Link to the presentation


sign up

To subscribe to NET+ Amazon Web Services by DLT:

  1. Fill out the Application and review the Service Fee Schedule
    • Legal Name and Internet2 membership status for your organization
    • Lead Contact
    • Accounts Payable Contact
    • Application Submitter
  2. Review and Execute the Participation Agreement and Schedule with the Internet2 Team

    The Participation Agreement and Schedule will be sent to the "Application Submitter" electronically for execution and can be forwarded to the official signatory if necessary. The Participation Agreement and Schedule are executed with Internet2.

  3. Review and Execute the Enterprise Customer Agreement with the DLT Solutions Team

    A review copy of the Enterprise Customer Agreement can be provided by DLT after submitting the Application. The Enterprise Customer Agreement is executed with DLT.

After completing your Enterprise Customer Agreement, don't forget to check out the community Cloud Architecture Wiki for ideas on implementing Amazon Web Services. 

NOTE: Internet2 uses electronic signatures for legal contracts, unless state law mandates otherwise.

For information about using Cloud Connect to access Amazon AWS Direct Connect please contact


Find out how the community is using the NET+ AWS offering by visiting the Cloud Wiki!

For program updates, see the NET+ AWS Community page.