How to choose the right multi-cloud connectivity solution
By Alex Hawkes|25 July, 2022
There are a variety of different connectivity models available to enterprises as they embark further on their cloud journey. In this blog, we take a look at which model could suit your business best...
More clouds, more connections
Multi-cloud connectivity requirements show no signs of slowing up. According to recent research from cloud management specialist Virtana, over three quarters (78%) of UK and US organisations have already deployed workloads in more than three public clouds.
Furthermore, 51% anticipate they will add at least one more public cloud instance before the end of 2022. But each separate instance brings with it connectivity requirements.
Relying on multiple different public clouds is easily done. One of the main attractions of cloud apps is that they allow employees or business functions to bypass official procurement processes for big IT deployments and find an off-the-shelf SaaS or PaaS solution that they can begin using immediately.
This kind of adoption will be scattered between the dozens or even hundreds of ‘official’ cloud-based apps available company-wide - think Office 365, or Zoom - and a number of ‘unofficial’ tools being used by pockets of employees or business functions - think Trello, or Asana.
But official or unofficial, each cloud instance needs to be accessible by the business and this raises the question of when to use private connectivity versus the public internet?
Public and private considerations
Businesses need to consider both security and performance when moving data and workloads between cloud services and the people and applications that require them.
Secure connectivity over the public internet cannot be ensured meaning private information could be compromised. Businesses accessing sensitive information in the cloud over the public internet can make for an easy target and secure HTTPS internet connections are not a guarantee for complete privacy.
For example, they can be hit by a “man-in-the-middle” attack, where vital data is intercepted by intruders using a technique to interject themselves into the communication process.
Private connectivity on the other hand provides dedicated, direct and secure connections between parties, such as between a business and a network and/or cloud provider. But it comes with cost and management overheads.
Let’s explore the different ways to connect to the cloud further:
1. Public Internet
The easiest and probably cheapest way to connect your WAN to the cloud is to use a public internet connection to a cloud service provider.
The traditional public internet is a mish mash of networks from different operators connected together and service is best effort rather than guaranteed.
When it comes to the internet, you cannot guarantee any sort of latency, jitter, or pathing whatsoever. This makes it unsuitable as a way for enterprises to connect both their private data centres and their public cloud assets. It’s also less than ideal for providing access to cloud-based apps and SaaS solutions, especially those that are mission critical.
There are two ways to connect to the cloud over the internet using a VPN. The most basic is to run a VPN tunnel from your own WAN infrastructure to the cloud service provider’s network VPN.
The other way is to use an SD-WAN within a cloud service provider’s network and connect to that using a VPN from your enterprise network location. This gives end-to-end network management capabilities but the pitfalls of running VPN tunnels over the internet still stand - scalability and complexity are problematic.
So, while the public internet is a convenient and affordable way to deliver application access to a large number of people quickly, it does not meet many requirements around security, reliability, and performance.
2. Direct cloud connectivity
Private connectivity ensures organisations benefit by segregating and isolating traffic from the public internet. In many cases private connectivity will actually be necessary in order to comply with stringent regulatory requirements, such as in financial services.
One way to connect your WAN to the cloud is to purchase private cloud ports directly from the cloud service provider. Each provider has its own flavour of direct connectivity, and of course, each is slightly different in application.
In AWS’s lexicon, AWS Direct Connect is the system for linking an internal enterprise network to an AWS Direct Connect location over a standard Ethernet cable.
In the parlance of Microsoft, direct connectivity to the Azure public cloud is carried out through Azure ExpressRoute. ExpressRoute can establish connections to Microsoft cloud services, such as Microsoft Azure and specific SaaS packages such as Microsoft 365.
In the Google terminology, you can create a Dedicated Interconnect, which requires you to physically meet Google's network in a colocation facility to reach your VPC networks.
Ultimately, using private cloud port services can provide better performance and security than the public internet because the connections are private, direct, and managed by the provider, making them less vulnerable to BGP hijacking or other security risks.
This method has its limitations when it comes to multi-cloud, because each instance requires its own separate connection which must then be managed.
3. Layer 2 Software Defined Interconnection®
This is where NaaS (Network-as-a-Service) is changing the game, transitioning unwieldy network connectivity to match the agility of the cloud with real-time deployment, the ability to scale up and down and work around various different workloads with what is effectively your own private and dedicated MPLS network.
Typical NaaS benefits include:
- An agile network infrastructure that can adapt to traffic changes from cloud adoption
- Continuous improvement of the hardware and software elements of the network
- Migration of applications to the cloud with confidence in the network’s ability to match
- Offload technical risk and maintenance to the provider and focus on core business
What makes Console Connect different is our underlying global MPLS network, which we own and operate globally.
The Console Connect network applies a layer of abstraction using Software Defined Interconnection® to allow network managers to set up and tear down dedicated connections on that network from a web interface or API.
No calls to account managers, no paperwork, no multi-year contracts, and no waiting time for trucks to roll to a data centre.
Through one interface, you can provision direct Layer 2 connections to major cloud platforms including Amazon Web Services, Microsoft Azure ExpressRoute, Google Cloud Platform and IBM Cloud from any of our growing number of data centre locations in 60+ countries.
This point-to-point Layer 2 solution requires a port at one of our 850+ Console Connect-enabled data centres.
4. Layer 3 Virtual Network
If you are looking for a way to easily connect together different cloud providers or cloud regions then you may want to consider a Layer 3 solution, like CloudRouter®.
A layer 3 interconnection shares some of the speed, latency and security benefits of a layer 2 interconnection, but can offer greater flexibility.
Console Connect’s CloudRouter®, for example, can be used to create a virtual meshed network between all your cloud instances, and then dynamically routes traffic between them.
It’s a great fit for:
- Connecting between different cloud platforms and cloud regions
- Automating data backups and recovery between clouds
- Establishing secure and fast connections to multiple SaaS providers
CloudRouter® can help businesses build a virtual network overlay to meet their multi-cloud needs in a matter of minutes, and also does this without the expense of additional racks and routers.