BACKGROUND IMAGE: iSTOCK/GETTY IMAGES
The essential value of the cloud is derived from an agile storage and server resource pool, and cloud networks are key to this model. Without the right network connectivity, servers and storage form no pool at all and users can't link to their applications. Organizations transitioning to the cloud must consider new kinds of network design and connectivity, as well as Quality of Service (QoS) management that will enable them to integrate private and public cloud resources and ensure optimized application performance.
Providing users application access: VPN vs. the virtual data center
Cloud computing must link workers' fixed view of their applications with a flexible vision of where and how those applications are run, and the network's job is to support that. There are two primary options for integrating cloud resource pools. One is to build a "virtual data center" by linking company data centers and public cloud resources behind a controller, which can be a software element or a load-balancing switch. That component provides user application access. The other option is to create a VPN that connects applications and users no matter where they're hosted. Both options have benefits and limitations.
Read more on cloud networks
Cloud computing network primer
Software-defined networking is not OpenFlow, companies proclaim
When a "director" controls cloud resources, all application access is mediated through that director. This can be a problem if the actual resources are widely dispersed, because some users may have a better network connection directly to the resource than they have to the controller point, and extra hops create latency and performance issues. The virtual data center model is best where cloud resources are collected in a small area, such as a metro network.
The VPN option has the advantage of making every cloud host accessible to the users (and each other) in a consistent way, but this option also has issues. First, effective use of all of the VPN and tunnel technologies available in a private network would require cloud-hosting routers in hybrid cloud applications. BGP termination, MPLS Label Edge Router (LER) functionality and other virtual-network technologies normally terminate on a router, and cloud providers are unlikely to support user-installed router hardware. There is also a potential problem with orderly failover and overflow because load balancing is not a normal attribute of VPNs. The good news is that there are emerging solutions to optimize the effectiveness of VPNs in the cloud.
Using SDN to connect cloud resources
An emerging option in connecting cloud resources is to use software defined networking (SDN), and in particular the OpenFlow protocol, to build links between a static application address and the resources on which that application might actually be hosted. This can be supported on most major switches/routers, so the strategy is likely compatible with the current data center and WAN network devices most enterprises use. Some SDN providers may offer applications and tools to facilitate this virtualization of networks. Network virtualization tools in general may be helpful in organizing the mapping of application users to resources that are assigned dynamically, as they are in the cloud.
Ensuring Quality of Experience despite user and cloud resources location
A more general question in networking cloud resources (public and private) is ensuring that Quality of Experience (QoE) for the applications doesn't vary significantly depending on which resources are assigned. A true "resource pool" for a cloud should be able to serve any set of users and applications with comparable QoE, and that means having network connections with comparable QoS for all paths among resources and also all user-to-resource connections.
VPNs can be used to link all cloud components, including users, but where cloud data centers are located in a small geography, it may be better to use VPLS or other virtual LAN services to connect the data centers into one virtual data center. That's particularly true when interprocess or storage traffic is expected to be high.
Not all cloud providers can join their cloud services onto a VPN, and not all will support VPNs from every provider. Since every private cloud commitment should be viewed as the start of a hybrid cloud relationship, it may be prudent to check with the dominant public cloud choices available, to ensure they're compatible with a VPN candidate, before signing a deal with either.