Connectivity in a cloud based world – do you have a single point of failure?

Recently I have been curious about how businesses are connecting to cloud service providers such as Microsoft Azure and AWS.  Like you, I am overwhelmed with cloud marketing initiatives from vendors that expound on the virtues of migrating to the cloud, hybrid IT, and cloud-first messaging – to name a few.  There is a lot of information readily available about consuming cloud infrastructure, platforms, and services.  It occurs to me that how we connect our businesses and users to the cloud is an equally important design consideration on any company’s journey to the cloud.

Many cloud services can be accessed over public internet connections.  Consider the ubiquity of email services that Microsoft Office 365 Exchange Online affords.  Historically, IT Administrators would perform all manner of network gymnastics to grant remote user access to email servers.  Today, the modern workplace demands seamless access to mission-critical applications and services (like email) at any time from any place.  Microsoft Office 365 Exchange Online is an example of a cloud service that has been purpose-built to be accessed securely and reliably via the Internet and deliver against the demands of the modern workplace.

While shifting business applications and IT services to the cloud and away from expensive on-premise infrastructure, the corporate connection to the internet can become a single point of failure.  Highly available business internet solutions such as redundant ISPs (and capable edge firewalls) or SD-WAN connectivity solutions become much more relevant in an always-on environment.  Business continuity demands that internet connectivity from the head office and branch offices be as resilient as possible in hybrid cloud IT designs.

In their hybrid cloud designs, companies consider the deployment of business-critical applications that span on-premise equipment and cloud infrastructure, perhaps from a provider like Microsoft Azure or AWS.  Of key consideration in the hybrid cloud design is how to broker the connection between the business’ on-premise network and the cloud service provider.  As you would expect, there are a multitude of design elements and requirements to consider. Along with fundamental similarities, there are also nuanced differences between connectivity models of the larger cloud services vendors. For the purposes of this discussion, I dug deeper into the Microsoft Azure and Office 365 connectivity options. Network experts will recognize that this is a high-level overview and things can get much more involved.

The connectivity option that is most commonly initially considered is a site-to-site VPN, or what Microsoft calls Azure VPN Gateway.  The Azure VPN connects your on-premises networks to Azure through site-to-site VPNs in a similar way that you set up and connect to a remote branch office. The connectivity is secure and uses the industry-standard protocols Internet Protocol Security (IPsec) and Internet Key Exchange (IKE).  This is usually suitable for initial testing and perhaps for some less critical use cases.

Understanding that the internet does not guarantee the metrics for crucial business-critical applications, Microsoft offers a private connectivity model called ExpressRoute.  Microsoft Azure ExpressRoute lets you extend your on-premises networks into the Microsoft cloud over a private connection facilitated by a connectivity provider. With ExpressRoute, you can establish “private” connections to Microsoft cloud services, such as Microsoft Azure, Office 365, and Dynamics 365.

Connectivity can be from an any-to-any (IP VPN) network, a point-to-point Ethernet network, or a virtual cross-connection through a connectivity provider at a co-location facility such as the Cloud Connect service offered by Cologix. ExpressRoute connections do not go over the public Internet. This allows ExpressRoute connections to offer more reliability, faster speeds, lower latencies, and higher security than typical connections over the Internet.

The specific use cases and associated requirements will drive the decision around what cloud connectivity model is most appropriate.  With private connectivity options, the hybrid cloud network design and placement of ExpressRoute links in the topology become very important considerations.  Additionally, businesses will want to evaluate the kind of on-premise equipment that is provisioned to facilitate the secure routing and private connectivity to their cloud services.  Some vendors, like Cisco, have released validated design documents in support of this kind of connectivity.

I’ve only just scratched the surface in this blog with some of the options and considerations for an optimized data path to the cloud from your business.  I work with a great team of experts at Compugen who enjoy collaborating with our customers to arrive at the best solutions for your business.   Some of my peers and I have started to develop a service offering for a Cloud Services Connectivity Assessment that we hope turns into a vital planning step to include in your journey to the cloud. If you are interested in discussing how your business is connecting to the cloud, reach out – and let’s chat.

Leave a Reply

Your email address will not be published. Required fields are marked *