Cloud Connectivity — Part I: Use Cases
The outsourcing of applications to the public cloud poses challenges for communication between users and applications, but also between applications that operate in hybrid mode, such as data stored in a data center and web applications in the cloud.
Until now, the majority of applications were operated either in-house or in a data center. As a result, the requirements for network connections have been relatively simple. These are usually done via a dedicated line and/or VPN over the Internet. The distance between the locations remains constant, and even with access from the Internet, there are typically constant response times, at least within Switzerland and Europe. Moreover, IT service providers and suppliers are "on site" and the setup of connections and VPN configurations can be carried out by "established" parties who know the network segments and security mechanisms involved.
This is not quite so trivial with the big cloud providers (AWS, Azure, Google and others). For example, one cannot place one's own routers in the cloud and in principle there is no such thing as a dedicated line to the cloud either.
User - Application
Web applications usually rely on the Internet as a network. Access to private applications is secured by IP address and other mechanisms such as authentication tokens. Desktop applications from the Cloud are also accessed via normal web protocols, such as HTTPS, via an ADC, such as Citrix NetScaler. Cloud providers usually provide sufficient bandwidth and redundancy to the Internet. For business users, it is also advisable to obtain sufficient bandwidth and an SLA with a fast response time from their Internet service provider.
Application - Application
As applications do not always use secure connections to each other and are not always insensitive in terms of response time, the connection to and from the cloud requires somewhat more attention. Of course, cloud providers also offer out-of-the-box solutions, but there is a risk when the complete spectrum of security, from the VPN connection via the firewall to network security within the cloud, is provided by the same provider. Moreover, these solutions are often cloud specific, i.e. an Azure VPN cannot simply be supplemented by an AWS VPN.
Private Line vs. Public Peering
To achieve maximum bandwidth and minimum response time, cloud service providers are offering access points in major Swiss data centers. This guarantees the availability of dedicated bandwidths. Of course, these connections also come at a price. In addition to the flat rate of up to 1,000 CHF/month, there is also a fee for data transfer. If you run your applications in the data centre of a service provider, you may also be able to connect to the cloud provider via public peering. aspectra, for example, can offer 10 GBit peerings each to AWS, Azure or Google without additional monthly costs for the customer.
«Cloud Connectivity — Part ll: Managed Network Access» is coming up soon.