Connecting your enterprise datacenter to the Cloud.



Any organization that had any type of IT infrastructure and software assets before the cloud era is now talking about cloud. The overwhelming observation being made is that many are opting for a hybrid or multi cloud approach.

Either way, enterprises have a variety of options for connecting to cloud services:

  • VPN
    Cloud services like AWS support IPSec VPN tunnels – a familiar technology for most enterprise IT teams. But these tunnels can run into problems with resiliency and throughput and have limited flexibility.

    Organizations can get a direct circuit to use between their data centers and the cloud service provider. While this is simpler than public peering to route with your private network,  enterprise will need to perform engineering to ensure traffic is handled the way it prefers, since these service providers tend to do things and call things their own way.

  • PEERING

    1. Private peering

      AWS Virtual Private Cloud (VPC) supports 100 routes/prefixes; Azure private peering supports 4,000 or 10,000 prefixes, depending on service tier; and Google Cloud supports 100 routes/prefixes. Organizations should check the documentation regularly as these Service providers change features constantly.AWS Direct Connect and Microsoft Express Route are example of private peering options.

      AWS also offer a simple VPC peering for connecting multiple VPCs even across different AWS accounts:
      https://docs.aws.amazon.com/vpc/latest/peering/what-is-vpc-peering.html

    2. Public peering

      Some cloud services only support public IP addressing, often requiring some complex routing configurations. This involves using a direct circuit, but IP services have to be routed, so you will almost always need to have NAT.

      Currently, for public peering, AWS VPC supports 100 routes/prefixes; Azure public peering is deprecated as of this writing, and Google Cloud supports 100 routes/prefixes.

      To connect to AWS public endpoints, such as an Amazon Elastic Compute Cloud (Amazon EC2) or Amazon Simple Storage Service (Amazon S3), with dedicated network performance, use a public virtual interface.

      A public virtual interface allows you to connect to all AWS public IP spaces globally. Direct Connect customers in any Direct Connect location can create public virtual interfaces to receive Amazon’s global IP routes, and they can access publicly routable Amazon services in any AWS Regions.

      Microsoft now offers something called "Microsoft Peering" that connect enterprises directly to Microsoft Cloud or their SaaS offering.
      https://docs.microsoft.com/en-us/azure/expressroute/expressroute-circuit-peerings

  • MPLS (Multi-Purpose Label Switching)

    For a theoretical understanding of MPLS, a good read can be found here:
    https://www.networkworld.com/article/2297171/network-security-mpls-explained.html


    Most MPLS providers offer cloud connectivity services, however, there are routing and security limitations with this option, and you really need to understand the traffic you're going to send across this connection.  You need to clearly evaluate the frequency and volume of data you will be sending through the MPLS nodes. They are like a mold, and organizations therefore have fewer traffic engineering options if they choose an MPLS provider for cloud connectivity. 

    AWS offers network connectivity over mpls:
    https://aws.amazon.com/answers/networking/aws-network-connectivity-over-mpls/

    Most AWS Direct Connect partners with MPLS services also offer options for connecting their MPLS network to AWS. These are usually turnkey service offerings that leverage vendor infrastructure to quickly establish connectivity between AWS and a customer’s MPLS network.

    If you are an AWS customer and require a high level of network configuration control, flexibility, and scalability, then you need to colocate dedicated MPLS devices in an AWS Direct Connect location. This option minimizes dependencies on an MPLS provider for change control activities and offers the highest level of control over network configuration to accommodate changing requirements.

  • Co-location provider (Enterprise datacenter moved to a cloud-connected location renter)

    An enterprise could also install equipment at a co-location facility for cloud connectivity. This option requires a significant equipment investment, but instead of having a circuit to each cloud provider, an enterprise can have one large circuit from their infrastructure to the co-location facility. Companies can add security services and software-defined WAN gear in order to have regional connectivity.
    Gartner predicts that "by 2025, 80 percent of enterprises will migrate entirely away from their on-premises data centers. They will follow the current trend of moving workloads to colocation, hosting and the cloud, leading them to shut down their traditional data centers."
    The Co-location provider will usually setup the AWS Direct Connect or Microsoft Express Route connection for its customers.

Comments

Popular posts from this blog

Why can't Microsoft install IIS on Window Operating Systems by default?

Exam 70-487: Accessing Data - How to choose the Appropriate Data Access Technology - Entity Framework?

Exam 70-487: Accessing Data - How to choose the Appropriate Data Access Technology - Azure Cosmos DB?