How does your wide area network (WAN) intersect cloud services? For nearly all enterprises, “cloud computing” means...
supplementing—rather than replacing—internal IT resources with public cloud computing services. That tight bonding of internal IT and the cloud often means not just connecting to the cloud, but actually adding the cloud as an equal partner in the enterprise WAN. There are three distinct information flows involved:
- Worker access.
- Exchange of data between the cloud and the data center.
- Sharing of applications and application components.
How these flows play in your own cloud computing application will determine your best technology and connection choice. Where this direct WAN integration of cloud services isn’t possible or cost effective, an Internet option is discussed in my next article: How to integrate your WAN with Internet cloud services.
Most companies that need a specific communications service-level agreement (SLA) for their cloud connection say the reason is the level of integration between cloud hosting and their data center. Where workers depend on both cloud and data center resources, those resources should be equivalent, supported with equivalent connections and SLAs. Those SLAs will have to be determined based on cloud service quality and your own needs, and you’ll need to ensure that your means of connecting cloud services to your enterprise WAN doesn’t compromise availability or performance.
The first question to be answered is just how much additional reliability or availability can be guaranteed by a private VPN or connection to the cloud. Remember that the SLA for a cloud application is derived both from the SLA for the network connection and the SLA for the cloud services. If your cloud service offers little more than best efforts, for example, spending more for a reliable and available network connection to it wastes money. The stronger your cloud service SLA, the stronger the SLA for the connection to the cloud should be.
There is a potential problem with any form of VPN, VLAN or private-circuit connection to a cloud provider; it creates a dependency on the cloud site to which the connection is made. If your cloud provider is connected to your WAN, that site and the associated connection equipment will have to be operational in order for your cloud service to be available. Even if there are redundant data center facilities available to run your application, a failure of facilities at your point of connection may take your cloud service down. Most enterprise-scale cloud providers will have multiple Internet connections though, so shoddy cloud connections may tip the scales in favor of using the Internet for cloud service connection.
In most cases, enterprises find that the SLA available for private WAN service connections to the cloud are comparable across the technology options. That means that picking a specific WAN connection technology is likely to be based on cost. In nearly every case,that means that a “private” or “enterprise” VPN based on MPLS will be the least costly choice, but where the cloud connection will be made entirely within a single metro area, VLAN or VPLS services may be less expensive and offer better performance. Enterprises report that these two services are also the most likely to be supported by cloud providers. Start your search for WAN integration with VPNs or VLANs, even if you don’t have either service currently. They’ll likely be easier to integrate and less costly.
The optimum way to integrate a cloud service via your enterprise WAN will depend on the relationship between the cloud resources and data center resources. If your cloud applications are directly accessed by the user, then the cloud will have to appear on your WAN as another of your enterprise data centers. Your goal is then to mimic how a regional data center, for example, attaches to and uses your enterprise WAN. If the cloud is used to offload work during peak periods or backup data center resources, then cloud resources would appear as alternative servers and/or storage inside your data center. In the first example, you are almost certainly going to use IP-layer connectivity, which is what a VPN provides. In the second example, you will need to explore your data center network options to determine whether you network your servers/storage at the IP or Ethernet level. If VPNs are the preferred connection option, the need to provide Ethernet connectivity to the cloud would mean tunneling Ethernet over your VPN, which isn’t optimum in terms of performance or efficiency. In that case, check with your data center network vendors to see if an IP-based connection option is available.
Because performance and availability improvements are the benefits of using WAN-integrated cloud services, it’s important to manage these attributes not only for the network that connects you to the cloud but also for your public cloud services. Cloud management standards are only now evolving, and you’ll probably need to manage cloud, network and your own IT assets independently and use fault-determination procedures to isolate problems to one component or another so that you can take appropriate action to restore normal operation. If you design these processes well and implement them effectively, you can maximize the benefits of integrating cloud services directly into your enterprise WAN.