AWS Network Manager Global Network: A Deep Dive in AWS Resources & Best Practices to Adopt
Managing multi-cloud and hybrid network infrastructure has become increasingly complex as organizations scale their operations across multiple AWS regions and on-premises environments. According to recent industry research, 92% of enterprises now operate multi-cloud strategies, with the average organization using 2.6 different cloud providers. This complexity creates significant challenges for network visibility, troubleshooting, and management. AWS Network Manager addresses these challenges by providing a centralized approach to network management that spans across AWS and on-premises environments.
The global network landscape has evolved dramatically over the past decade. Organizations that once managed simple point-to-point connections now deal with intricate mesh networks spanning continents. A 2023 survey by the Cloud Security Alliance found that 78% of organizations struggle with network visibility across their hybrid environments, while 65% report that network troubleshooting takes 3-5 times longer in multi-cloud scenarios compared to single-cloud deployments. These statistics highlight the critical need for comprehensive network management solutions.
Real-world examples demonstrate the scale of this challenge. A multinational financial services company recently shared that their network spans 47 AWS regions, 12 on-premises data centers, and over 200 branch offices. Managing this infrastructure without centralized tools resulted in an average of 14 hours per incident for network troubleshooting, with multiple teams involved in each resolution. Similarly, a global e-commerce platform reported that their network complexity led to 23% of their infrastructure team's time being spent on network-related issues rather than innovation.
The AWS Network Manager Global Network emerges as a solution to these pervasive challenges. By providing a single pane of glass for network management, it enables organizations to reduce operational overhead, improve troubleshooting efficiency, and maintain better visibility across their distributed infrastructure. This service integrates seamlessly with existing AWS networking services and provides the foundation for comprehensive network observability and management. For organizations looking to understand how their network infrastructure maps across services, exploring network resource relationships provides valuable insights into these complex interconnections.
In this blog post we will learn about what Network Manager Global Network is, how you can configure and work with it using Terraform, and learn about the best practices for this service.
What is Network Manager Global Network?
Network Manager Global Network is AWS's comprehensive network management service that provides centralized visibility, monitoring, and management capabilities for your global network infrastructure. It serves as the foundational layer for AWS Network Manager, enabling organizations to create a unified view of their network topology that spans across AWS regions, on-premises data centers, and branch offices.
The service operates on a hierarchical model where the global network acts as the top-level container for all network resources and relationships. This container approach allows you to organize and manage complex network topologies while maintaining clear visibility into how different components interconnect. Think of it as creating a digital twin of your entire network infrastructure, providing real-time insights into network performance, connectivity, and health across all locations.
Understanding the global network concept requires recognizing that modern enterprise networks are no longer confined to single locations or providers. Today's networks are distributed ecosystems that must seamlessly connect AWS resources, on-premises infrastructure, and remote locations. The global network provides the framework for managing these distributed components as a cohesive unit, enabling consistent policies, monitoring, and troubleshooting across the entire infrastructure. Organizations implementing complex network architectures often begin by establishing network manager sites to represent their physical locations within the global network structure.
Core Architecture and Components
The Network Manager Global Network operates through a sophisticated architecture that abstracts the complexity of distributed networking into manageable components. At its foundation, the global network serves as a logical container that houses all network resources and their relationships. This container model provides several key advantages: it enables centralized management, facilitates cross-region visibility, and allows for consistent policy application across diverse network environments.
The architecture leverages AWS's global infrastructure to provide real-time network insights and management capabilities. When you create a global network, AWS establishes a control plane that continuously monitors and maps your network topology. This control plane integrates with various AWS services including Transit Gateway, VPC, Direct Connect, and Site-to-Site VPN connections to provide comprehensive network visibility.
Resource discovery within the global network happens through automated processes that identify and map network components. The service continuously scans your AWS environment to detect changes in network topology, performance metrics, and connectivity status. This automated discovery is complemented by manual resource registration, allowing you to include on-premises devices and connections that AWS cannot automatically detect.
The global network also implements a flexible tagging and organizational structure that allows you to categorize and group network resources based on your organizational requirements. This structure supports various network management scenarios, from simple hub-and-spoke topologies to complex mesh networks spanning multiple regions and providers. For organizations with extensive transit gateway implementations, understanding transit gateway registrations becomes crucial for proper network integration and management.
Integration with AWS Networking Services
Network Manager Global Network integrates deeply with the broader AWS networking ecosystem, creating a comprehensive platform for network management. The service works seamlessly with AWS Transit Gateway, providing enhanced visibility into multi-region and multi-VPC connectivity. This integration allows you to monitor traffic flows, identify bottlenecks, and optimize routing decisions across your transit gateway infrastructure.
The integration extends to AWS Direct Connect, where the global network provides visibility into dedicated connections between your on-premises infrastructure and AWS. This visibility includes connection status, bandwidth utilization, and performance metrics that help you optimize your hybrid network performance. The service also integrates with Site-to-Site VPN connections, providing unified monitoring and management of encrypted connections between your on-premises locations and AWS.
VPC-level integration provides detailed insights into your virtual network configurations, including subnet utilization, security group configurations, and routing table effectiveness. This level of integration enables you to understand how changes in one part of your network might affect other components, supporting better change management and troubleshooting processes.
The service also supports custom integrations through APIs and SDKs, allowing you to incorporate on-premises network devices and third-party networking solutions into your global network view. This extensibility ensures that your network management solution can evolve with your infrastructure requirements. Organizations managing complex connectivity patterns often leverage network manager connections to define and monitor the pathways between different network components.
Strategic Importance and Business Value
The Network Manager Global Network delivers strategic value by transforming how organizations approach network management in an increasingly complex multi-cloud world. Research from Gartner indicates that organizations with centralized network management capabilities reduce their network-related operational costs by an average of 34% while improving incident resolution times by 42%. These improvements stem from the elimination of tool sprawl, reduction in manual processes, and enhanced visibility into network performance.
Enhanced Operational Efficiency
Network Manager Global Network significantly improves operational efficiency by providing a centralized platform for network management activities. Instead of managing network infrastructure through multiple tools and interfaces, teams can access comprehensive network information from a single dashboard. This consolidation reduces the time required for common network management tasks, from routine monitoring to complex troubleshooting scenarios.
The service enables proactive network management through automated monitoring and alerting capabilities. Organizations can establish baseline performance metrics and receive notifications when network conditions deviate from expected norms. This proactive approach prevents many network issues from escalating into service disruptions, reducing the overall impact on business operations.
Real-world implementations demonstrate significant operational improvements. A healthcare organization reported reducing their network troubleshooting time from an average of 6 hours to 1.5 hours after implementing Network Manager Global Network. The improvement came from having immediate access to network topology information and performance metrics, eliminating the need to piece together information from multiple sources.
Improved Security and Compliance
Centralized network management enhances security posture by providing comprehensive visibility into network traffic flows and connectivity patterns. This visibility enables organizations to identify unusual traffic patterns, detect potential security threats, and ensure compliance with network security policies. The service provides detailed logging and monitoring capabilities that support security auditing and forensic analysis requirements.
The global network supports compliance efforts by providing detailed documentation of network configurations and changes. This documentation capability is particularly valuable for organizations in regulated industries that must demonstrate compliance with various standards and regulations. The service automatically tracks network changes and provides audit trails that support compliance reporting requirements.
Cost Optimization and Resource Management
Network Manager Global Network helps organizations optimize their network-related costs through improved visibility into resource utilization and performance. By understanding how network resources are being used, organizations can identify opportunities to right-size their network infrastructure, eliminate redundant connections, and optimize traffic routing for cost efficiency.
The service provides insights into bandwidth utilization patterns across different network connections, enabling data-driven decisions about network capacity planning. Organizations can identify underutilized connections and redistribute traffic to optimize costs while maintaining performance requirements. This optimization capability becomes particularly valuable as network infrastructure scales and complexity increases.
Key Features and Capabilities
Comprehensive Network Topology Visualization
Network Manager Global Network provides sophisticated topology visualization capabilities that transform complex network architectures into intuitive visual representations. These visualizations display real-time network topology, showing how different components connect and interact across your global infrastructure. The topology maps are interactive, allowing you to drill down into specific network segments and understand detailed connectivity patterns.
The visualization capabilities extend beyond simple connectivity diagrams to include performance overlays, health status indicators, and traffic flow representations. This multi-layered approach provides immediate insights into network performance and helps identify potential issues before they impact operations. Organizations can customize these visualizations to focus on specific aspects of their network infrastructure that are most relevant to their operational needs.
Real-time Network Monitoring and Alerting
The service provides comprehensive real-time monitoring capabilities that track network performance metrics, connectivity status, and health indicators across your global network. This monitoring includes bandwidth utilization, latency measurements, packet loss statistics, and connection availability metrics. The monitoring system operates continuously, providing up-to-date information about network conditions.
Alerting capabilities enable proactive network management by notifying teams when network conditions exceed predefined thresholds or when connectivity issues occur. These alerts can be customized based on organizational requirements and integrated with existing incident management systems. The alerting system supports various notification methods and can be configured to escalate issues based on severity and response time requirements.
Automated Network Discovery and Mapping
Network Manager Global Network automatically discovers and maps AWS network resources, creating comprehensive inventories of your network infrastructure. This automated discovery process continuously scans your AWS environment to identify new resources, detect changes in existing configurations, and update network topology information. The discovery process works across regions and accounts, providing a unified view of your distributed network infrastructure.
The automated mapping capabilities extend to relationship discovery, where the service identifies how different network components interconnect and depend on each other. This relationship mapping is crucial for understanding the impact of potential changes and for effective troubleshooting. The system maintains historical information about network topology changes, enabling trend analysis and capacity planning activities.
Network Performance Analytics
The service provides sophisticated analytics capabilities that help organizations understand network performance patterns and identify optimization opportunities. These analytics include traffic flow analysis, performance trending, and capacity utilization reporting. The analytics engine can identify patterns in network behavior that may indicate potential issues or optimization opportunities.
Performance analytics support both historical analysis and predictive capabilities, helping organizations understand how their network performance has evolved over time and what trends might indicate future requirements. This analytical capability supports data-driven decision making for network capacity planning, routing optimization, and infrastructure investments.
Integration Ecosystem
Network Manager Global Network integrates extensively with the broader AWS ecosystem, creating a comprehensive platform for network management and operations. The service connects with over 15 AWS networking services, providing unified visibility and management capabilities across your entire AWS network infrastructure.
At the time of writing there are 15+ AWS services that integrate with Network Manager Global Network in some capacity. These integrations include core networking services like Transit Gateway, VPC, and Direct Connect, as well as monitoring services like CloudWatch and operational tools like Systems Manager.
The integration with AWS Transit Gateway provides enhanced visibility into multi-region and multi-VPC connectivity patterns. This integration enables detailed monitoring of transit gateway attachments, route tables, and traffic flows across your network infrastructure. Organizations can track how traffic moves through their transit gateway infrastructure and identify opportunities for optimization.
CloudWatch integration enables comprehensive monitoring and alerting capabilities for network performance metrics. This integration allows you to create custom dashboards that combine network topology information with performance metrics, providing a unified view of network health and performance. The CloudWatch integration also supports automated remediation workflows that can respond to network issues without manual intervention.
The integration with AWS Systems Manager provides operational capabilities for network device management and configuration. This integration is particularly valuable for organizations that need to manage on-premises network devices alongside their AWS infrastructure. The Systems Manager integration enables automated configuration management and patch management for network devices that are part of your global network.
Pricing and Scale Considerations
Network Manager Global Network uses a consumption-based pricing model that charges for the number of network resources managed and the volume of network events processed. The service offers a free tier that includes management of up to 100 network resources and 1 million network events per month. This free tier provides sufficient capacity for small to medium-sized deployments and enables organizations to evaluate the service before committing to larger implementations.
The pricing model scales linearly with usage, charging additional fees for network resources beyond the free tier limits and for network events that exceed the monthly allocation. Network resources include devices, links, sites, and connections that are registered with the global network. Network events encompass topology changes, performance metrics, and status updates that the service processes.
Scale Characteristics
Network Manager Global Network supports enterprise-scale deployments with the ability to manage thousands of network resources across multiple regions and accounts. The service has been designed to handle complex network topologies with hundreds of sites, thousands of devices, and extensive interconnectivity patterns. Performance remains consistent as scale increases, with the service maintaining sub-second response times for most operations even at enterprise scale.
The service supports multi-account architectures through AWS Organizations integration, enabling centralized network management across organizational boundaries. This multi-account support includes cross-account resource sharing and unified billing, simplifying management for large organizations with complex account structures. The service also supports multi-region deployments, with the ability to manage network resources across all AWS regions from a single global network instance.
Enterprise Considerations
Enterprise deployments benefit from additional features including enhanced security controls, compliance reporting capabilities, and priority support options. The service supports integration with enterprise identity and access management systems through AWS IAM and AWS SSO, enabling fine-grained access control and audit capabilities.
Enterprise customers also have access to advanced analytics capabilities including custom reporting, trend analysis, and predictive insights. These capabilities support strategic network planning and help organizations optimize their network infrastructure for cost and performance.
Network Manager Global Network competes with traditional network management solutions from vendors like Cisco, SolarWinds, and PRTG. However, for infrastructure running on AWS this is the most integrated and comprehensive solution available. The service provides deeper integration with AWS services than third-party solutions while offering competitive pricing and performance characteristics.
The service's cloud-native architecture provides advantages in terms of scalability, reliability, and maintenance compared to traditional on-premises network management solutions. Organizations don't need to manage network management infrastructure or worry about capacity planning for their network management systems.
Managing Network Manager Global Network using Terraform
Managing Network Manager Global Network through Terraform provides infrastructure-as-code capabilities that enable consistent, repeatable deployments of network management infrastructure. The Terraform provider supports comprehensive management of global network resources, including creation, modification, and deletion of network components.
Basic Global Network Setup
Creating a basic global network serves as the foundation for all network management activities. This scenario establishes the fundamental container that will house all network resources and relationships.
# Create a global network for enterprise network management
resource "aws_networkmanager_global_network" "enterprise_network" {
description = "Enterprise global network for centralized management"
# Define the network structure and policies
tags = {
Name = "enterprise-global-network"
Environment = "production"
Owner = "network-team"
CostCenter = "infrastructure"
Project = "network-modernization"
ComplianceRequired = "true"
}
}
# Create a site to represent our primary data center
resource "aws_networkmanager_site" "primary_datacenter" {
global_network_id = aws_networkmanager_global_network.enterprise_network.id
description = "Primary data center location"
location {
latitude = "40.7128"
longitude = "-74.0060"
address = "123 Main St, New York, NY 10001"
}
tags = {
Name = "primary-datacenter"
Environment = "production"
Region = "us-east-1"
Type = "datacenter"
}
}
# Register a transit gateway with the global network
resource "aws_networkmanager_transit_gateway_registration" "main_tgw" {
global_network_id = aws_networkmanager_global_network.enterprise_network.id
transit_gateway_arn = aws_ec2_transit_gateway.main.arn
depends_on = [aws_ec2_transit_gateway.main]
}
# Create a device to represent network infrastructure
resource "aws_networkmanager_device" "core_router" {
global_network_id = aws_networkmanager_global_network.enterprise_network.id
site_id = aws_networkmanager_site.primary_datacenter.id
description = "Core router for primary datacenter"
aws_location {
zone = "us-east-1a"
subnet_arn = aws_subnet.management.arn
}
tags = {
Name = "core-router-01"
DeviceType = "router"
Vendor = "cisco"
Model = "ISR4000"
SerialNumber = "ABC123456789"
}
}
The basic setup creates a global network with associated site and device resources. The global network serves as the top-level container, while the site represents a physical location within your network infrastructure. The device registration enables monitoring and management of network equipment within the global network
Managing Network Manager Global Network using Terraform
Network Manager Global Network represents a sophisticated networking solution that requires careful configuration to handle complex multi-region and hybrid cloud architectures. The Terraform implementation involves multiple interconnected resources that work together to create a comprehensive global network topology.
Basic Global Network Setup
The foundation of any Network Manager implementation starts with creating the global network itself, which serves as the central management point for all network resources.
# Create a global network for centralized network management
resource "aws_networkmanager_global_network" "corporate_network" {
description = "Corporate global network spanning multiple regions and on-premises locations"
# Tags for proper resource identification and cost allocation
tags = {
Name = "CorporateGlobalNetwork"
Environment = "production"
Owner = "network-engineering"
Project = "global-connectivity"
CostCenter = "infrastructure"
}
}
# Create a site representing our primary data center
resource "aws_networkmanager_site" "primary_datacenter" {
global_network_id = aws_networkmanager_global_network.corporate_network.id
description = "Primary corporate data center in Virginia"
# Physical location details for the site
location {
address = "123 Corporate Way, Arlington, VA 22201"
latitude = "38.8816"
longitude = "-77.0910"
}
tags = {
Name = "PrimaryDataCenter"
Location = "Virginia"
Type = "primary"
}
}
# Create a device representing core network equipment
resource "aws_networkmanager_device" "core_router" {
global_network_id = aws_networkmanager_global_network.corporate_network.id
site_id = aws_networkmanager_site.primary_datacenter.id
description = "Core router for primary data center"
# Device specifications and vendor information
model = "Cisco ASR 9000"
serial_number = "FOC2134L2K5"
type = "router"
vendor = "cisco"
# Physical location within the site
location {
address = "Rack 15, Floor 2, Building A"
latitude = "38.8816"
longitude = "-77.0910"
}
tags = {
Name = "CoreRouter01"
DeviceType = "router"
Criticality = "high"
MaintenanceWindow = "sunday-02:00-06:00"
}
}
This configuration establishes the fundamental structure where the global network acts as the container for all network resources. The site represents physical locations, while devices represent the actual network equipment deployed at those locations.
Transit Gateway Integration
A critical aspect of Network Manager Global Network is its integration with AWS Transit Gateways, which enables centralized routing and connectivity management across multiple VPCs and on-premises networks.
# Create transit gateway for regional connectivity
resource "aws_ec2_transit_gateway" "primary_tgw" {
description = "Primary transit gateway for Network Manager integration"
default_route_table_association = "enable"
default_route_table_propagation = "enable"
dns_support = "enable"
vpn_ecmp_support = "enable"
tags = {
Name = "PrimaryTransitGateway"
NetworkManager = "managed"
}
}
# Register the transit gateway with the global network
resource "aws_networkmanager_transit_gateway_registration" "primary_registration" {
global_network_id = aws_networkmanager_global_network.corporate_network.id
transit_gateway_arn = aws_ec2_transit_gateway.primary_tgw.arn
# Wait for the global network to be fully created before registration
depends_on = [
aws_networkmanager_global_network.corporate_network
]
}
# Create VPC attachment to transit gateway
resource "aws_ec2_transit_gateway_vpc_attachment" "production_vpc" {
subnet_ids = [aws_subnet.production_subnet_1.id, aws_subnet.production_subnet_2.id]
transit_gateway_id = aws_ec2_transit_gateway.primary_tgw.id
vpc_id = aws_vpc.production_vpc.id
# Enable DNS support for cross-VPC resolution
dns_support = "enable"
tags = {
Name = "ProductionVPCAttachment"
}
}
# Connect peer for SD-WAN integration
resource "aws_networkmanager_connect_peer" "sdwan_peer" {
connect_attachment_id = aws_ec2_transit_gateway_connect.sdwan_connect.id
peer_address = "10.0.100.1"
bgp_asn = 65000
inside_cidr_blocks = ["169.254.100.0/29"]
tags = {
Name = "SDWANConnectPeer"
Type = "sd-wan"
}
}
# Associate the connect peer with the global network
resource "aws_networkmanager_connect_peer_association" "sdwan_association" {
global_network_id = aws_networkmanager_global_network.corporate_network.id
connect_peer_id = aws_networkmanager_connect_peer.sdwan_peer.id
device_id = aws_networkmanager_device.core_router.id
link_id = aws_networkmanager_link.primary_link.id
depends_on = [
aws_networkmanager_connect_peer.sdwan_peer
]
}
The transit gateway registration establishes the connection between AWS's native networking services and the Network Manager framework. This integration allows for comprehensive monitoring and management of traffic flows across your entire network infrastructure.
Link and Connection Management
Network Manager uses links and connections to model the physical and logical connectivity between network components. These abstractions help in understanding network topology and troubleshooting connectivity issues.
# Create a link representing the connection between sites
resource "aws_networkmanager_link" "primary_link" {
global_network_id = aws_networkmanager_global_network.corporate_network.id
site_id = aws_networkmanager_site.primary_datacenter.id
description = "Primary fiber link to AWS Direct Connect"
# Link specifications for bandwidth and performance
bandwidth {
upload_speed = 10000 # 10 Gbps
download_speed = 10000 # 10 Gbps
}
provider = "Level3"
type = "broadband"
tags = {
Name = "PrimaryDirectConnectLink"
Bandwidth = "10Gbps"
Provider = "Level3"
Redundancy = "primary"
}
}
# Create a secondary link for redundancy
resource "aws_networkmanager_link" "secondary_link" {
global_network_id = aws_networkmanager_global_network.corporate_network.id
site_id = aws_networkmanager_site.primary_datacenter.id
description = "Secondary fiber link for redundancy"
bandwidth {
upload_speed = 1000 # 1 Gbps
download_speed = 1000 # 1 Gbps
}
provider = "Verizon"
type = "broadband"
tags = {
Name = "SecondaryDirectConnectLink"
Bandwidth = "1Gbps"
Provider = "Verizon"
Redundancy = "secondary"
}
}
# Create a connection between devices
resource "aws_networkmanager_connection" "router_connection" {
global_network_id = aws_networkmanager_global_network.corporate_network.id
device_id = aws_networkmanager_device.core_router.id
connected_device_id = aws_networkmanager_device.edge_router.id
link_id = aws_networkmanager_link.primary_link.id
description = "Connection between core and edge routers"
tags = {
Name = "CoreToEdgeConnection"
Type = "internal"
}
}
# Edge router at the site boundary
resource "aws_networkmanager_device" "edge_router" {
global_network_id = aws_networkmanager_global_network.corporate_network.id
site_id = aws_networkmanager_site.primary_datacenter.id
description = "Edge router for external connectivity"
model = "Cisco ASR 1000"
serial_number = "FOC2134L2K6"
type = "router"
vendor = "cisco"
location {
address = "Rack 20, Floor 1, Building A"
latitude = "38.8816"
longitude = "-77.0910"
}
tags = {
Name = "EdgeRouter01"
DeviceType = "router"
Role = "edge"
Criticality = "high"
}
}
This configuration creates the logical network topology within Network Manager, defining how different network components connect and communicate. The links represent the physical connectivity options, while connections define the logical relationships between network devices.
Multi-Region Global Network Architecture
For organizations operating across multiple AWS regions, Network Manager Global Network provides centralized visibility and management capabilities that span regional boundaries.
# Secondary region setup
resource "aws_networkmanager_site" "west_coast_datacenter" {
global_network_id = aws_networkmanager_global_network.corporate_network.id
description = "West coast data center in California"
location {
address = "456 Innovation Drive, San Francisco, CA 94105"
latitude = "37.7749"
longitude = "-122.4194"
}
tags = {
Name = "WestCoastDataCenter"
Location = "California"
Type = "secondary"
}
}
# Transit gateway in the west coast region
resource "aws_ec2_transit_gateway" "west_coast_tgw" {
provider = aws.west_coast
description = "West coast transit gateway for global network"
default_route_table_association = "enable"
default_route_table_propagation = "enable"
dns_support = "enable"
tags = {
Name = "WestCoastTransitGateway"
NetworkManager = "managed"
}
}
# Register west coast transit gateway
resource "aws_networkmanager_transit_gateway_registration" "west_coast_registration" {
global_network_id = aws_networkmanager_global_network.corporate_network.id
transit_gateway_arn = aws_ec2_transit_gateway.west_coast_tgw.arn
}
# Create inter-region peering connection
resource "aws_ec2_transit_gateway_peering_attachment" "cross_region_peering" {
peer_account_id = data.aws_caller_identity.current.account_id
peer_region = "us-west-2"
peer_transit_gateway_id = aws_ec2_transit_gateway.west_coast_tgw.id
transit_gateway_id = aws_ec2_transit_gateway.primary_tgw.id
tags = {
Name = "CrossRegionPeering"
Type = "inter-region"
}
}
# Customer gateway for on-premises connectivity
resource "aws_customer_gateway" "corporate_gateway" {
bgp_asn = 65000
ip_address = "203.0.113.1"
type = "ipsec.1"
tags = {
Name = "CorporateCustomerGateway"
}
}
# VPN connection for hybrid connectivity
resource "aws_vpn_connection" "corporate_vpn" {
customer_gateway_id = aws_customer_gateway.corporate_gateway.id
transit_gateway_id = aws_ec2_transit_gateway.primary_tgw.id
type = "ipsec.1"
static_routes_only = false
tags = {
Name = "CorporateVPNConnection"
}
}
This multi-region setup demonstrates how Network Manager Global Network can provide unified management across geographically distributed infrastructure. The peering connections and VPN tunnels create a cohesive network fabric that can be monitored and managed from a single control plane.
The dependencies between these resources are carefully managed through Terraform's dependency system, ensuring that resources are created in the correct order and that all necessary prerequisites are met before dependent resources are provisioned.
Best practices for Network Manager Global Network
Network Manager Global Network implementations require careful planning and adherence to best practices to ensure optimal performance, security, and manageability across complex network topologies.
Implement Comprehensive Tagging Strategy
Why it matters: Global networks span multiple regions, accounts, and organizational boundaries. Without proper tagging, troubleshooting network issues and managing costs becomes extremely challenging.
Implementation: Establish a consistent tagging strategy that includes organizational hierarchy, technical specifications, and operational metadata.
# Validate tagging compliance across all Network Manager resources
aws networkmanager describe-global-networks --query 'GlobalNetworks[*].[GlobalNetworkId,Tags]' --output table
Create standardized tags that include network tier (core, distribution, access), geographic location, business function, and operational requirements like maintenance windows. This tagging strategy should extend to all related resources including transit gateways, VPCs, and on-premises connections.
Design for High Availability and Redundancy
Why it matters: Global networks are critical infrastructure components that support business operations across multiple locations. Single points of failure can cause widespread outages affecting multiple regions and business units.
Implementation: Implement redundant connectivity paths, diverse routing options, and failover mechanisms at every network layer.
# Configure multiple links with different providers for redundancy
resource "aws_networkmanager_link" "primary_link" {
global_network_id = aws_networkmanager_global_network.main.id
site_id = aws_networkmanager_site.datacenter.id
provider = "Level3"
bandwidth {
upload_speed = 10000
download_speed = 10000
}
tags = {
RedundancyTier = "primary"
Provider = "Level3"
}
}
resource "aws_networkmanager_link" "backup_link" {
global_network_id = aws_networkmanager_global_network.main.id
site_id = aws_networkmanager_site.datacenter.id
provider = "Verizon"
bandwidth {
upload_speed = 1000
download_speed = 1000
}
tags = {
RedundancyTier = "backup"
Provider = "Verizon"
}
}
Design your network topology with multiple paths between critical sites and ensure that transit gateways in different regions are properly peered. Implement health checks and automated failover mechanisms to maintain connectivity during outages.
Optimize Route Table Management
Why it matters: As global networks grow, route table complexity increases exponentially. Poor route management can lead to suboptimal traffic paths, increased latency, and unnecessary costs.
Implementation: Implement hierarchical routing strategies and use route aggregation to minimize routing table size while maintaining optimal traffic flow.
# Monitor route table utilization and propagation
aws ec2 describe-transit-gateway-route-tables --query 'TransitGatewayRouteTables[*].[TransitGatewayRouteTableId,State,Tags[?Key==`Name`].Value|[0]]' --output table
# Check for route conflicts and suboptimal paths
aws ec2 search-transit-gateway-routes --transit-gateway-route-table-id tgw-rtb-example --filters "Name=state,Values=active"
Regularly audit routing tables to identify opportunities for route summarization and eliminate unnecessary or conflicting routes. Use consistent naming conventions for route tables and implement automated monitoring for route propagation failures.
Implement Network Segmentation and Security Controls
Why it matters: Global networks often carry traffic for multiple business units, applications, and security zones. Without proper segmentation, a security breach in one area can compromise the entire network.
Implementation: Design network segmentation using VPC
Best practices for Network Manager Global Network
Network Manager Global Network provides centralized visibility and management across your multi-location network infrastructure. These practices will help you design, deploy, and maintain an effective global network architecture.
Use Consistent Naming and Tagging Strategies
Why it matters: With global networks spanning multiple regions, accounts, and physical locations, consistent naming helps teams quickly identify resources and understand their relationships.
Implementation: Develop a standardized naming convention that includes location, environment, and purpose identifiers. Apply consistent tags across all network resources to enable efficient filtering and cost allocation.
# Example consistent naming and tagging
aws networkmanager create-global-network \\
--description "Production Global Network - North America" \\
--tags Key=Environment,Value=Production \\
Key=Region,Value=NorthAmerica \\
Key=Owner,Value=NetworkOps \\
Key=CostCenter,Value=Infrastructure
Implement tag-based policies to ensure compliance and enable automated resource management across your global network infrastructure.
Implement Hierarchical Network Organization
Why it matters: Global networks can become complex quickly with multiple sites, devices, and connections. A hierarchical structure makes management more intuitive and reduces operational overhead.
Implementation: Organize your global network with a clear hierarchy: regions at the top level, then sites within regions, devices within sites, and connections between devices. This structure mirrors your physical network topology.
# Example hierarchical organization
resource "aws_networkmanager_global_network" "main" {
description = "Corporate Global Network"
tags = {
Environment = "Production"
Purpose = "Global-Connectivity"
}
}
resource "aws_networkmanager_site" "headquarters" {
global_network_id = aws_networkmanager_global_network.main.id
description = "Corporate Headquarters - New York"
location {
address = "123 Main St, New York, NY"
latitude = "40.7128"
longitude = "-74.0060"
}
}
resource "aws_networkmanager_site" "branch_office" {
global_network_id = aws_networkmanager_global_network.main.id
description = "Branch Office - Los Angeles"
location {
address = "456 West St, Los Angeles, CA"
latitude = "34.0522"
longitude = "-118.2437"
}
}
Create logical groupings that reflect your operational structure, making it easier for teams to understand and manage their portions of the network.
Establish Comprehensive Transit Gateway Integration
Why it matters: Transit gateways are often the backbone of modern AWS network architectures. Proper integration with Network Manager provides unified visibility across your entire infrastructure.
Implementation: Register all relevant transit gateways with your global network to ensure complete visibility. This includes transit gateways in different regions and accounts that participate in your network topology.
# Register transit gateways with global network
resource "aws_networkmanager_transit_gateway_registration" "main" {
global_network_id = aws_networkmanager_global_network.main.id
transit_gateway_arn = aws_ec2_transit_gateway.main.arn
}
resource "aws_networkmanager_transit_gateway_registration" "secondary" {
global_network_id = aws_networkmanager_global_network.main.id
transit_gateway_arn = aws_ec2_transit_gateway.secondary.arn
}
Register transit gateways early in your deployment process to ensure continuous visibility as your network grows and evolves.
Configure Granular Location Information
Why it matters: Accurate location data enables better network performance analysis, troubleshooting, and compliance reporting. It also helps with understanding latency patterns and optimizing routing decisions.
Implementation: Provide detailed location information for all sites, including precise coordinates, addresses, and availability zones. This data becomes crucial for performance analysis and network optimization.
# Configure detailed site location
aws networkmanager create-site \\
--global-network-id $GLOBAL_NETWORK_ID \\
--description "Data Center - Virginia" \\
--location Address="123 Data Center Dr, Ashburn, VA",Latitude="39.0438",Longitude="-77.4874" \\
--tags Key=Type,Value=DataCenter Key=Tier,Value=Primary
Maintain location data accuracy through regular audits and updates, especially when physical infrastructure changes occur.
Implement Network Segmentation Best Practices
Why it matters: Proper segmentation improves security, performance, and manageability by creating logical boundaries within your global network infrastructure.
Implementation: Use Network Manager's relationship mapping to document and visualize your network segmentation strategy. Create clear boundaries between production, staging, and development environments.
# Example network segmentation
resource "aws_networkmanager_device" "core_router" {
global_network_id = aws_networkmanager_global_network.main.id
site_id = aws_networkmanager_site.headquarters.id
description = "Core Router - Production Network"
type = "router"
vendor = "Cisco"
model = "ASR-9000"
tags = {
Environment = "Production"
Tier = "Core"
Function = "Routing"
}
}
Document network boundaries and access controls to ensure teams understand the segmentation strategy and can make informed decisions about connectivity.
Monitor Network Performance and Health
Why it matters: Global networks require proactive monitoring to identify performance issues, connectivity problems, and capacity constraints before they impact users.
Implementation: Leverage Network Manager's monitoring capabilities along with CloudWatch metrics to track network performance, utilization, and health across your global infrastructure.
# Enable network insights for performance monitoring
aws networkmanager start-route-analysis \\
--global-network-id $GLOBAL_NETWORK_ID \\
--source TransitGatewayAttachmentArn=$SOURCE_ATTACHMENT \\
--destination TransitGatewayAttachmentArn=$DEST_ATTACHMENT
Establish baselines for normal network performance and create alerts for deviations that could indicate problems or capacity issues.
Maintain Accurate Network Documentation
Why it matters: Global networks involve many stakeholders across different teams and locations. Comprehensive documentation ensures everyone understands the network structure and can contribute effectively to its management.
Implementation: Use Network Manager's topology visualization as a living document of your network. Combine this with detailed descriptions and metadata to create comprehensive network documentation.
# Document network components thoroughly
resource "aws_networkmanager_connection" "site_to_site" {
global_network_id = aws_networkmanager_global_network.main.id
device_id = aws_networkmanager_device.router_a.id
connected_device_id = aws_networkmanager_device.router_b.id
description = "Primary connection between HQ and Branch Office"
tags = {
ConnectionType = "Primary"
Bandwidth = "1Gbps"
Provider = "ISP-Partner"
Circuit-ID = "CKT-12345"
}
}
Regular documentation reviews ensure accuracy and help onboard new team members effectively.
Plan for Scalability and Growth
Why it matters: Global networks often grow organically, and poor planning can lead to architectural limitations that are expensive to fix later.
Implementation: Design your Network Manager structure with growth in mind. Consider future site additions, device upgrades, and connectivity requirements when establishing your initial topology.
Consider regional network patterns, anticipated bandwidth growth, and planned infrastructure changes when designing your global network structure. This forward-thinking approach prevents costly architectural changes later.
Product Integration
Network Manager Global Network integrates with 15+ AWS services to provide comprehensive network visibility and management capabilities. The service acts as a central hub for network operations, connecting with various AWS networking components to deliver unified network insights.
Core AWS Service Integrations
The most significant integration is with AWS Transit Gateway, which enables centralized routing across multiple VPCs and on-premises networks. Through transit gateway registration, organizations can attach their transit gateways to the global network, creating a unified view of inter-regional connectivity. This integration supports advanced routing policies and traffic engineering capabilities.
AWS Direct Connect integration provides visibility into dedicated network connections between on-premises environments and AWS. The global network can monitor Direct Connect gateway associations, virtual interfaces, and connection health metrics. This integration is particularly valuable for hybrid cloud architectures requiring consistent network performance.
Amazon VPC integration allows the global network to discover and map VPC resources automatically. This includes subnets, route tables, and network ACLs, providing a comprehensive view of how VPCs interconnect within the broader network topology. The integration extends to VPC peering connections and transit gateway attachments.
Third-Party and Partner Integrations
Network Manager Global Network supports integration with various network appliances and Software-Defined WAN (SD-WAN) solutions. Through device registration, organizations can include physical and virtual network devices in their global network topology. This capability extends to:
- Cisco SD-WAN appliances
- VMware VeloCloud devices
- Silver Peak Unity EdgeConnect
- Riverbed SteelConnect
These integrations enable hybrid network management where cloud-native and traditional networking infrastructure coexist under unified monitoring and control.
Monitoring and Observability
The service integrates deeply with Amazon CloudWatch for metrics collection and alerting. Network performance metrics, including latency, packet loss, and throughput, are automatically published to CloudWatch. This integration supports custom dashboards and automated response workflows through CloudWatch alarms.
AWS Systems Manager integration provides operational insights and enables automated network management tasks. Through Systems Manager, organizations can execute maintenance procedures, configuration changes, and troubleshooting actions across their global network infrastructure.
Use Cases
Global Enterprise Network Management
Large enterprises with distributed operations across multiple regions and on-premises locations use Network Manager Global Network to maintain visibility and control over their entire network infrastructure. A multinational corporation might have data centers in North America, Europe, and Asia, connected through a combination of AWS Transit Gateways, Direct Connect links, and SD-WAN appliances.
The global network provides a single pane of glass for network operations teams to monitor traffic patterns, identify bottlenecks, and optimize routing policies. Network administrators can visualize how traffic flows between regions, track performance metrics, and quickly isolate issues that might affect business operations.
Cloud Migration and Hybrid Connectivity
Organizations migrating to AWS often maintain hybrid architectures during transition periods. Network Manager Global Network helps manage the complexity of these environments by providing visibility into both cloud and on-premises network components.
During a cloud migration, the global network can track how applications and data flows change as workloads move to AWS. This visibility enables migration teams to optimize connectivity, ensure security compliance, and maintain network performance throughout the migration process.
Multi-Cloud Network Orchestration
While primarily focused on AWS, Network Manager Global Network can provide insights into multi-cloud architectures through its integration with on-premises and third-party networking devices. Organizations using multiple cloud providers can leverage the global network to monitor and manage the network infrastructure that connects their various cloud environments.
This capability is particularly valuable for organizations with strict data residency requirements or those using best-of-breed cloud services across different providers.
Limitations
Regional Availability and Scope
Network Manager Global Network is available in limited AWS regions, which can restrict deployment options for organizations with global operations. While the service can manage networks across multiple regions, the global network itself must be created in a supported region. This limitation requires careful planning for organizations with regulatory requirements about data locality.
Device and Link Limitations
The service has specific limits on the number of devices, links, and sites that can be registered within a single global network. These quotas can impact large-scale deployments:
- Maximum of 200 devices per global network
- Maximum of 200 links per global network
- Maximum of 200 sites per global network
While these limits are suitable for most enterprise deployments, very large organizations might need to architect multiple global networks or request quota increases.
Limited Real-Time Visibility
Network Manager Global Network provides primarily near-real-time monitoring rather than true real-time visibility. Metrics and topology updates typically have a delay of several minutes, which can impact rapid incident response scenarios. For applications requiring immediate network state awareness, additional monitoring solutions might be necessary.
Integration Complexity
Setting up comprehensive network monitoring requires careful configuration of multiple AWS services and potentially third-party tools. The complexity increases significantly when integrating with existing network management systems or when migrating from other network monitoring solutions.
Conclusion
Network Manager Global Network represents a significant advancement in cloud network management, offering organizations the ability to maintain comprehensive visibility and control over their distributed network infrastructure. The service excels in providing unified network monitoring across AWS and on-premises environments, making it valuable for enterprises with hybrid cloud architectures.
The extensive integration ecosystem, supporting 15+ AWS services and numerous third-party networking solutions, enables organizations to build sophisticated network management capabilities. This integration depth makes Network Manager Global Network particularly suitable for large-scale enterprise deployments requiring centralized network operations.
However, organizations must carefully consider the service's limitations, particularly around regional availability and scalability constraints. For complex global networks approaching the service limits, architectural planning becomes critical to ensure optimal performance and compliance.
The service delivers the most value for organizations with distributed network infrastructure requiring centralized management, particularly those undergoing cloud migration or operating hybrid cloud environments. With proper planning and implementation, Network Manager Global Network can significantly improve network operations efficiency and reduce the complexity of managing modern distributed networks.