Architecting Enterprise Connectivity to the Public Clouds
Connecting clouds is vital for organizations because data and applications increasingly reside in a mesh of public and private clouds network. And there are multiple ways to extend an enterprise network to the cloud. Organizations can interconnect to the cloud by employing an IPsec VPN or by directly extending their private network to a cloud provider. In any case, if you are an enterprise looking for adopting cloud for your applications, it is super important to start working on it from the pilot stages. The learning during the pilot stages should help in understanding the performance problems, security, network, and system management gaps, etc. In this blog of “Architecting Enterprise Connectivity to the public clouds” let’s look at three different topology methods and its considerations
Secure Cloud Connectivity using SD-WAN
Cloud access over internet connectivity is the easiest method and it brings huge design and configuration simplicity. However, one should be careful as by default the performance and security issues could be more on this. One of the best options to address security and performance issues is by using SD-WAN solutions (eg: VMware VeloCloud, Cisco Viptela, etc). This allows managing both the branch and primary and cloud sites with a centralized controller. This also gives broader flexibility includes circuit diversity and resiliency and results in better multi-cloud management and protection.
This decentralized model usually, uses the internet for cloud communication. Organizations usually start with this model because it is the fastest to implement. It is even simpler if a meshed IPsec solution from SD-WAN is already in place. There is no direct connect or express route connectivity considered in in this model.
And also to note, several mechanisms, such as encryption, WAN acceleration, and DDOS prevention services, can be used to counter the major inhibitors when using the Internet. This includes, but not limited usually, security, performance, and reliability issues. Furthermore, the main challenge is the compliance and regulatory rules remain a hindrance to the adoption of the Internet. And to note, traditionally the guarantee of the performance, availability, and stability was done by carriers based offering.
Direct WAN to public cloud connectivity using MPLS
In this model, the MPLS providers provision connectivity to the public such as AWS and Azure. So adding cloud connectivity for the existing MPLS/WAN user is relatively simple. In effect the service provider is providing private MPLS line from data centers that offer direct cloud access using direct connect (AWS) or Express route (Azure). The HA capability and costing is very much depends on the service provider. Mostly the providers are offering built-in redundancy (primary and backup link) and range of bandwidth availability E.g. Etisalat in UAE providing cloud express. This could also allow adding or removing capacity as required
In short, this model relies on service providers to implement cloud connectivity. IaaS instances effectively become sites that attach to the MPLS network. The service provider manages the inter-connect all the way to the customer edge VPC or VNet. This network service provider model is the simplest and most stable way to inter-connect enterprise to the public clouds.
Colocation Hub provider-based cloud connectivity with managed SD-WAN
This is an interesting use case and makes sense when you go for a managed SD-WAN services from providers like Orixcom. The scenarios involve extending your WAN to the cloud by creating a PoP connection within a co-location-hub provider (eg: Equinix or CoreSite). This is by doing SD-WAN or IPsec network to the co-location provider and from there to the public cloud providers. If the colocation hubs are carrier-neutral, then they can also provide low-cost, high-bandwidth, carrier redundant connectivity
An organization using the colocation-hub model establishes a presence in one or more colocation hubs to establish and manage interconnect themselves. This colocation-hub model provides greater flexibility than the other models but also requires more organization efforts and skills.
Summary & Next Steps
The above use cases are some of the primary options when you are architecting enterprise connectivity to the public clouds. However also to note, based on once specific scenarios you could have your SD-WAN solution running-over internet and MPLS connections and doing traffic load-sharing over it to the cloud providers. And to summarize, the cloud site for an enterprise with a hybrid approach should be considered as an on-prem extension where the cloud could act as another DC or DR for your extended/hosted applications.
For more information on various architecture, including clouds and related discussion please refer to the data center networking & security section. Happy Learning