Luiz - Fotolia

Manage Learn to apply best practices and optimize your operations.

3 SD-WAN cloud connectivity options to explore

Enterprises can connect their SD-WAN infrastructure to cloud providers' platforms using three methods: back-to-back access, private PoP connections and internet VPN.

Connecting software-defined WAN infrastructure to Microsoft Azure, AWS and Google Cloud requires close attention to a number of factors -- among them connection methods, link performance and security. While standard access options exist, almost all leading SD-WAN vendors offer some type of cloud integration into their platforms, whether it's using back-to-back access, connecting to a private point of presence or employing an internet VPN.

Traditionally, enterprises use VPNs to connect to their cloud providers; all the leading cloud providers use virtual WAN technology that includes both encryption and firewall capabilities to ensure transmissions are secure.

In addition to VPN access, companies have traditionally relied on dedicated links, via Layer 3 MPLS or Layer 2 Virtual Private LAN Service (VPLS). While MPLS and VPLS architectures are fairly simple and standard, SD-WAN offers more sophisticated and comprehensive capabilities.

Benefits of SD-WAN cloud connectivity

By now, SD-WAN's benefits are well known -- among them traffic prioritization, security, and automatic provisioning and deployment -- and these benefits extend to SD-WAN cloud access. But how companies tailor their SD-WAN cloud connections largely depends upon the vendor they select.

Certain cloud providers have true integration with SD-WAN vendors. When this is the case, the result is a service built with both VPN tunneling and security in mind, which creates a WAN with almost seamless connectivity between the enterprise and the cloud. In addition to connecting hosts to your cloud provider of choice, SD-WAN vendors with cloud integration offer a number of other benefits, including local point of presence (PoP) preference -- to ensure the best possible performance -- and comprehensive reporting of cloud usage and analysis of any detrimental factors, such as packet loss or increased latency.

Access to PoPs is distributed across hundreds of countries and multiple ISP peering arrangements. In order to manage and effectively take advantage of the scale, SD-WAN vendors have essentially built themselves into cloud platforms at various levels depending on the architecture. They achieve this by creating back-to-back connectivity within Azure, AWS and Google Cloud data center locations, using dedicated gateways on each end of the connection.

How your SD-WAN connects to your cloud provider is largely governed by the capability of your existing WAN design.

While some organizations opt for private-based connections, using the internet and SD-WAN opens up the whole suite of access methods, including 4G, broadband and internet leased lines. With technologies that include dynamic application-aware routing and cloud link steering with path conditioning enabled by SD-WAN, many organizations are adopting public cloud rather than private when connecting to the resource.

Options to connect SD-WAN to Azure, AWS and Google Cloud

How your SD-WAN connects to your cloud provider is largely governed by the capability of your existing WAN design. To that end, the first point to keep in mind is how your WAN provider integrates its infrastructure within the cloud provider's data centers -- both nationally and globally.

Back-to-back access. With this option, cloud providers and SD-WAN vendors partner to provide customers with dedicated gateways that reside on premises and terminate in the cloud environment. If the cloud provider has back-to-back access available, provisioning is much easier because tail circuits aren't required.

Private PoP connection. SD-WAN vendors with private backbones can offer optimized traffic paths to each cloud provider. Performance can be enhanced further if a VPN is connected to the SD-WAN vendor's gateway prior to terminating at the cloud provider's resource. Using this type of connection means VPN traffic travels on the local internet, while hop-to-hop traffic is transmitted through the SD-WAN vendor's private backbone.

Internet VPN. In this scenario, the SD-WAN design includes an internet VPN that tunnels to the cloud provider. Accessing Azure, AWS and Google Cloud over internet VPN reduces the time needed to connect users to their services versus MPLS and VPLS, which can take up to 90 working days to install.

This was last published in August 2020

Dig Deeper on Software-defined WAN (SD-WAN)

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

SearchUnifiedCommunications

SearchMobileComputing

SearchDataCenter

SearchITChannel

Close