Infrastructure · Dedicated network
Direct Line
Private cloud connectivity. Dedicated network infrastructure between your datacenter and your cloud provider. Up to 100 Gbps. Data never touches the public internet.
What Direct Line is
Direct Line is a dedicated, private network connection between your datacenter (or colocation facility) and your cloud storage provider. It replaces the public internet as the transport layer for all data uploaded by DataBridge Core.
When a DataBridge server finishes ingesting data from a storage device, it needs to move that data to your cloud bucket — S3, GCS, Azure Blob, wherever your pipeline expects it. On the public internet, that transfer competes with every other packet on the wire. With Direct Line, it runs on a path that belongs entirely to your operation.
The connection is physical. Fiber runs from your rack to the cloud provider's presence in the same facility (or via a dedicated circuit to their nearest point of presence). There's no shared backbone, no transit provider in the middle, no ISP deciding how to prioritize your traffic.
Supported providers
AWS Direct Connect
Dedicated connection to your AWS VPC. Supports 1, 10, and 100 Gbps hosted or dedicated connections. We configure the virtual interface, BGP peering, and route propagation to your S3 VPC endpoint.
Google Cloud Interconnect
Dedicated or partner interconnect to your GCP VPC. 10 Gbps and 100 Gbps dedicated, or 50 Mbps to 50 Gbps via partner. VLAN attachments configured with Cloud Router for BGP.
Azure ExpressRoute
Private peering to your Azure VNet. 1, 2, 5, 10, 50, and 100 Gbps circuits. We set up the peering, configure route filters, and validate end-to-end connectivity to your storage accounts.
Cross-connects & Private Peering
For colocation facilities with on-net cloud providers, we provision cross-connects directly within the facility. No last-mile. Lowest possible latency. Works with Equinix, CoreSite, Digital Realty, and others.
Speed tiers
Available capacity depends on your cloud provider and colocation facility. We'll recommend the right tier based on your daily data volumes and fleet size.
Why not the public internet
For a one-off 50 GB upload, the public internet is fine. For multi-terabyte daily transfers from a fleet of ingest servers, it's not.
ISP congestion
Public internet routes through shared backbone links. During peak hours, throughput drops. A 1 Gbps circuit that tests well at 2 AM might deliver 300 Mbps at 2 PM. For scheduled daily uploads of multi-terabyte datasets, that inconsistency is a dealbreaker.
Throttling and traffic shaping
ISPs and transit providers shape traffic. Sustained high-bandwidth transfers — exactly what DataBridge does — are often deprioritized. You won't see this in a speed test. You'll see it 4 hours into a 6-hour upload when throughput quietly halves.
Exposure to public traffic
Data traversing the public internet passes through routers you don't control, in facilities you've never seen, operated by companies you have no relationship with. For sensitive production data, that's an unnecessary risk.
No SLA on throughput
Your ISP guarantees bandwidth to their edge. They don't guarantee bandwidth to us-east-1 or europe-west4. The path between your facility and the cloud storage endpoint crosses multiple autonomous systems with zero throughput guarantees.
10 TB transfer comparison
Real numbers for moving 10 terabytes. The kind of volume a mid-size DataBridge deployment generates in a single day.
Theoretical best. Real-world with congestion: 12-15+ days
Assumes sustained throughput, which ISPs rarely guarantee
Consistent. Same speed at 2 PM as 2 AM
For operations measured in hundreds of terabytes per week
Security
Private VLAN isolation
Your traffic runs on a dedicated VLAN. It's not sharing bandwidth or switching fabric with other customers. The connection is logically and physically isolated.
No public IP exposure
Data moves between private address spaces. The DataBridge servers talk to cloud storage endpoints over private IPs that are never reachable from the public internet.
AES-256 encryption in transit
Even though the link is private, all data is encrypted in transit using AES-256. If someone physically tapped the fiber (unlikely, but we plan for unlikely), they'd see ciphertext.
Dedicated network path
The data follows the same physical path every time. No variable routing, no BGP hijack risk, no asymmetric paths. Predictable and auditable.
Setup process
We handle the entire provisioning process. Most Direct Line connections are live within 2-4 weeks, depending on the colocation facility and cloud provider.
Cloud provider coordination
We work with your cloud team (or act as your cloud team) to provision the connection on the provider side. AWS: create a connection in the Direct Connect console. GCP: create an interconnect attachment. Azure: create an ExpressRoute circuit.
LOA-CFA provisioning
We obtain the Letter of Authorization and Connecting Facility Assignment from the cloud provider. This document authorizes the colocation facility to establish the physical cross-connect.
Cross-connect installation
We submit the LOA-CFA to the colocation facility and coordinate the physical fiber run between your cage or rack and the cloud provider's meet-me room. Typical turnaround is 3-7 business days.
BGP peering configuration
We configure Border Gateway Protocol peering between your router and the cloud provider's edge. This includes setting ASN numbers, advertising prefixes, and establishing the routing table.
Validation and performance testing
End-to-end connectivity testing. We verify the link is up, BGP sessions are established, routes are propagating, and throughput meets the provisioned capacity. We run sustained transfer tests to confirm real-world performance.
Fallback and redundancy
Direct Line is the primary transport, but it's not the only one. For smaller deployments, or as a backup path for larger ones, we configure encrypted VPN tunnels over dedicated ISP links. Same encryption, same integrity checks — just running over a different physical path.
DataBridge Core's BackendClient has a built-in failover chain. When uploading, it tries the direct line first. If that connection is unavailable — maintenance window, fiber cut, provider outage — it falls back to the VPN tunnel. If the VPN is also down, it falls back to the public internet with full TLS encryption. The operator doesn't need to do anything. Core handles the switchover automatically and logs which path was used.
When the primary path recovers, subsequent uploads automatically route back through it. No manual intervention, no restart. The failover chain is tested during initial setup and verified monthly.
Cost structure
Direct Line involves three cost components. The cloud provider charges a monthly port fee and a per-GB data transfer rate (typically much lower than standard internet egress pricing). The colocation facility charges a one-time and/or monthly fee for the physical cross-connect. We handle all coordination, configuration, monitoring, and maintenance as part of your DataBridge service tier.
For high-volume operations, the math works heavily in your favor. AWS charges $0.09/GB for standard internet egress from us-east-1. Over Direct Connect, the same data costs $0.02/GB. At 100 TB per month, that's the difference between $9,000 and $2,000 — and that gap widens as volume increases.
The port fee and cross-connect are fixed monthly costs. The per-GB savings scale linearly with volume. For any operation moving more than a few terabytes per month, Direct Line pays for itself quickly. For operations at the scale DataBridge is designed for, it's not even close.
How Direct Line fits the platform
Direct Line is the transport layer. It doesn't know or care what's being uploaded — it just provides the pipe. DataBridge Core is the engine that pushes data through that pipe. Core handles the ingest from USB devices, generates integrity manifests, manages upload queues, and calls the cloud provider's API. Direct Line gives Core a fast, private, reliable path to make those API calls over.
From Core's perspective, the upload destination is the same whether traffic routes over Direct Line, a VPN, or the public internet. The S3 endpoint doesn't change. The GCS bucket doesn't change. What changes is the network path — and with Direct Line, that path is dedicated, consistent, and private.
Need dedicated connectivity?
Tell us about your cloud provider, colocation facility, and daily data volumes. We'll scope the right Direct Line configuration and walk you through the process.