Apcela

Direct Connect To Cloud: Solving For Performance, But At What Cost?

Direct Cloud Connect

Executives embarking on the journey to becoming a digital enterprise are essentially asking IT to enable the enterprise to create new services and products and bring them to market faster. Cloud infrastructure services have been key to allowing IT to better scale services, the weak link in terms of performance and security is the network. Direct interconnection to cloud services has helped to solve some of these issues, but enterprises will eventually find that the network itself will be the pain point in transformation efforts unless new approaches to network architecture are considered.

Connecting to the cloud

In the past, the standard means of connecting to the cloud was through the public internet. This was sufficiently flexible, in as much as developers could access resources from different IaaS vendors, with Amazon Web Services and Microsoft Azure being the two more commonly used cloud service providers (CSP). When a CSP has had outages in a region (e.g., Amazon’s outage in February 2017), the outages have tended to highlight shortcomings with application deployment strategies. In this case, Amazon’s service status dashboard was unavailable, along with services from numerous other web firms. Including the use of multiple regions for application failover in a deployment strategy is certainly an important step to take. However, in most cases, the application is still dependent on the CSP's network to move data between regions. And apart from that, the enterprise network itself can still be a big unaddressed issue in terms of performance and availability.

Traditional network architecture

On the left side of the diagram below (Figure A), the enterprise has provisioned connections between branch offices and headquarters using MPLS links. Ingress and egress traffic to the internet, cloud providers and SaaS providers goes through links maintained at the headquarters.

Figure A: Diagram of remote/branch to enterprise to cloud

The diagram to the right provides an illustration of how applications are located in a variety of datacenters around the globe — and shows employees, partners, and customers, who are accessing services via mobile devices. It shouldn't be hard to see that hair pinning traffic through the enterprise datacenter is sub-optimal from a performance standpoint. Here’s why:

  • Slow response from the latency induced by extra distance packets are traversing;
  • Poor application performance, resulting in user complaints; and
  • Security risk from having traffic traverse the public internet.

Adding bandwidth doesn’t solve the performance problem by itself. Think of it as a mass transit system: engineers can add more cars to carry more passengers, but the distance the train travels hasn’t changed, and there’s a possibility that more adding more trains will result in congestion at a station along the route (which is analogous to packet congestion at network peering points).

The move to “direct” cloud connect

There is momentum building for the use of interconnection services for accessing the cloud. Equinix, a carrier-neutral multi-tenant datacenter (MTDC) provider, has built an industry-wide model for interconnection bandwidth consumption called the Global Interconnection Index (it’s fashioned after Cisco’s well regarded Visual Networking Index). The model forecasts that interconnection bandwidth between enterprises and cloud/IT service providers will grow at a CAGR of 160% through 2020 to an aggregated bandwidth capacity of 547 Tbps.

What does this mean for enterprises today? One of the solutions offered to address the performance issue with WANs and cloud is to move traffic off the public internet and onto direct, private connections. These services entail buying connectivity from a network service provider that is a partner to one of the cloud providers. The NSP has already connected with the cloud provider at a MTDC, hence the “direct connect” terminology for these services. These services are a form of interconnection, which in its most basic form is defined as that the exchange of traffic between two parties via distributed IT gear (routers and such). Among the cloud providers with offerings:

  • AWS DirectConnect
  • Microsoft ExpressRoute
  • IBM Softlayer DirectLink
  • Google Cloud Interconnect

While on the surface it would seem simple enough to choose a provider to connect the enterprise to the cloud provider, there are different technology and pricing approaches used by each CSP that might impact whether a direct link service is useful or manageable in the long run.

Table 1: CSPs and interconnection services

Cloud

Service Type

Port Fees

Egress Fees

Amazon

VLAN

Y, hourly

Y

Microsoft

BGP

Y, monthly

Y 1

Google

BGP

Y, monthly

Y 2

  1. “Unlimited” plan has higher port price per month, but includes high availability dual port configuration and no egress/outbound transfer fee
  2. Egress fee is for traffic via VLAN attachment.

Both Microsoft and Google have options that allow for traffic to traverse their respective private networks, and egress the network in different regions. Google has previously offered the ability to directly peer for use of public cloud services, but has also recently offered “direct interconnection” as a service useful for those with hybrid on- and off-premise private cloud environments who wish to manage private IP addresses under RFC 1918 across both the corporate datacenter network and GCP instances without requiring a NAT device or VPN tunnel.

Challenges with direct interconnection

(1) Note that some datacenter providers have private networks between facilities on a given campus, metropolitan area, or even different cities within a country, and might reasonably be considered a competitor to a traditional telecoms or fiber optic network vendor.

Every rose has its thorn, right? With ‘direct connect’-type services, there can be a performance and security advantage over sending traffic over the public internet. And certainly, many enterprises at the early stages of cloud adoption will find them to be perfectly adequate for their needs. However, looking beyond just the consumption of IaaS, how will an enterprise solve performance and security issues for SaaS applications like Salesforce or Office 365? Next, consider that surveys from vendors such as RightScale have found that cloud users are running applications in an average of 1.8 public clouds and 2.3 private clouds; including the use of third-party, SaaS applications, the number of cloud vendors being used is typically between four to eight.

It should soon be apparent then that a one-to-one connection with each cloud vendor is hard to scale from a cost or operational perspective. Typical WAN topologies & architectures are rigid and static-if a business is already global and set on expanding further into Europe or Asia, what is the cost and time spent setting up links to all of my cloud providers, and how will I manage contracts with multiple NSPs in those regions? From an operational perspective, enterprises should also ask:

  • Do you have the staff to manage and monitor the networks?
  • Is the latency/QoS meeting my user’s needs, including mobile users?
  • Is availability better? Do I have redundant links to cloud services?

A brief look at direct interconnection services shows that there are performance and security benefits for enterprises — if they have a minimal number of cloud vendors and a static user base. But as discussed, this isn’t likely to be the case for many companies, especially those with a mobile workforce and a global presence.

For those companies, new approaches to network architecture need to be considered. In our next article, we’ll talk about SD-WAN being a key to creating services that allow for a distributed network architecture-an approach that will address these challenges. In our next article, we will examine in more detail what this architecture looks like, what additional elements should be added, and what considerations should be made in build versus buy decisions.

By Mark Casey, CEO, Apcela

Mark Casey

Mark Casey, Apcela’s President and CEO, is a progressive leader intensely focused on leveraging emerging technologies and his deep knowledge of the global telecom and IT markets to deliver top results for clients, associates and stakeholders.

Mark’s experience and reputation is built on a successful track record of over 25 years in the communications industry delivering results for industry heavyweights including AT&T and Verizon. Mark joined railroad operator CSX in 2001 to lead CSX Fiber Networks supporting large carriers with complex network optimization. In 2005, Mark led the acquisition of FiberSource,® the core intellectual property among other assets of CSXFN, to form the nucleus of CFN Services.

Mark holds a BBA from the University of Massachusetts at Amherst and an MBA from American University.

View Website
What Skills Do I Need to Become a Data Scientist?

What Skills Do I Need to Become a Data Scientist?

Becoming a Data Scientist Leveraging the use of big data, as an insight-generating engine, has driven the demand for data scientists at enterprise-level, across all industry verticals. Whether it is to refine the process of ...
20 Leading Cloud CMS Wordpress Alternatives

20 Leading Cloud CMS WordPress Alternatives

Cloud CMS Wordpress Alternatives Content management systems (CMS) have grown exponentially in recent years. Their number and features have exploded. There are now dozens of cloud CMS Wordpress alternatives for startups and small business. CMS is ...
Over 100 New Ransomware Families Discovered Last Year

Over 100 New Ransomware Families Discovered Last Year

100 New Ransomware Families The world in 2016 sees a rapid rise of ransomware attacks that are increasingly targeting specific businesses and entire industries. A report by David Balaban for privacy-pc.com shows that ransomware attacks ...
Google classroom

Getting ready for Europe’s new data protection rules

Europe’s New Data Protection Rules Next May, Europe’s new General Data Protection Regulation (GDPR) comes into force, replacing the 1995 EU Data Protection Directive. It ushers in a new era, unifying data protection rules across ...
Data as a Service

Data as a Service: 5 Strategies to Transition How You Access Data

Data as a Service Information wants to be free — at least that’s the saying. And like any good saying, you can read it in one of two ways. First, information seeks to be out ...

CLOUDBUZZ NEWS

Security in the Cloud—A Little Known Advantage, Actually

Security in the Cloud—A Little Known Advantage, Actually

Okay, I’ll go ahead and say it: Public cloud infrastructures are more secure, and the security is more cost-effective, than the majority of on-premises data centers. That should get the blood flowing. With the word ...
Oracle Blockchain Cloud Service and Financial Services Enable Next-Gen Blockchain Innovators

Oracle Blockchain Cloud Service and Financial Services Enable Next-Gen Blockchain Innovators

Students Tackle Real Problems and Succeed in Blockchain Challenge In an effort to accelerate blockchain innovation in Financial Services and other industries, Oracle recently joined academia and banking industry leaders as part of the Carolina Fintech ...
Oracle Buys DataScience.com

Oracle Buys DataScience.com

Adds Leading Data Science Platform to the Oracle Cloud, Enabling Customers to Fully Utilize Machine Learning Oracle today announced that it has signed an agreement to acquire DataScience.com, whose platform centralizes data science tools, projects ...
The Lighter Side Of The Cloud - F96qL#5
The Lighter Side Of The Cloud - iPatch
The Lighter Side Of The Cloud - Turmoil
The Lighter Side Of The Cloud - The Apple Watch
The Lighter Side Of The Cloud - Techwear
The Lighter Side Of The Cloud - The Backup Reminder
The Lighter Side Of The Cloud - Playing It Safe
The Lighter Side Of The Cloud - Checking It Twice
The Ligther Side Of The Cloud - Speed Browsing