Introduction to cloud connectivity
Many network service providers (NSP's) have a range of options when it comes to cloud connectivity, though a lack of industry standards and confusing terminology can make things difficult to understand.
Do you know the difference between IP connect, cloud connect, direct connect, dedicated interconnect, direct link and fast connect? Is there a difference?
We enlisted the help of (ok, so we hassled, bugged and bribed) our best and brightest cloud architects, network engineers and product managers to help you cut through the noise and avoid the confusion.
The history of cloud connect
Not so long ago, the only option available to connect to a Cloud Service Provider (CSP) was over the public Internet. However, with the rapid shift to cloud computing, customers quickly began to demand more - better security, lower latency, higher throughputs and increased reliability.
CSPs soon realised better end-to-end cloud performance wasn't going to be possible using the public Internet. They also understood that they didn’t have the expertise or the infrastructure to manage interconnectivity between dozens of network service providers and colocation racks in their own data centres.
CSPs also quickly realised the answer was in the hundreds of carrier neutral data centres spread all over the world, also known as Internet Exchange Points (or IXPs). All network service providers were already present at these locations, so CSPs could extend their backbone connectivity to meet them there. This provided the potential for a direct physical link between the network service provider network and the cloud service provider network (known as a cross-connect), bypassing the regular Internet and providing a pseudo-private network. This interconnectivity, known as private peering, enabled direct, end-to-end connectivity and brought with it a whole range of security, latency and performance improvements (in addition to cost efficiencies for customers moving high volumes of data from cloud environments to their locations).
Today, cloud connectivity falls into two buckets, one that relies on the public Internet, and another that uses private, dedicated connectivity. Within these 2 buckets are typically 5 different connectivity options available.
|Public Internet with cloud prioritisation||MPLS IP VPN|
We’ll walk you through 5 cloud connectivity options and explain the pros and cons of each, so that you can choose the most suitable cloud access solution for your needs.
*Click to enlarge the image
Cloud connectivity using the public internet
Arguably the cheapest and easiest way to connect to the cloud is through your standard Internet connection over the public Internet, sometimes referred to as IP access or IP transit.
Using your public Internet access is easy to set up and versatile, as accessing the cloud is just one of the many use cases for a standard Internet access connection. It provides a cost-efficient access method where you don’t have specific performance needs.
However, accessing cloud applications via the public Internet can also result in performance inconsistencies and increased security risks. Historically, the term IP transit was used to reflect situations where providers had no direct access to the destination network and needed to 'transit' over other networks and network providers.
You can think of public Internet routes like a highway - they're dynamic and shared which can result in congestion at times, and when the most direct link is not available, data is routed through the next best option, which you have no control over resulting in packet loss and increased latency (delays). Additionally, multiple hand-offs between ISPs creates instability in the connection and increased risk.
Essentially the more pops and routers involved in delivering your data to its final destination, the more points of potential failure and a wider surface area for security attacks. Despite this, the growth of cloud connectivity via public Internet has shown no sign of slowing down. The public Internet remains by far the most common way to access the cloud.
|Best for single locations||A best-effort service not suited for critical applications|
|Cost-effective for low and medium data transfer volumes||Shared and dynamic routes means no performance optimisation or guaranteed performance|
|Suitable for most topologies (premise/wan to single cloud, premise/wan to multi-cloud)||Not suitable for cloud to cloud connectivity|
|Use your existing business-as-usual internet connection||Becomes expensive for higher data transfer rates due to per Gigabyte out billing (egress)|
|Easy to get up and running, no need for a dedicated circuit||Exposed to security risks, such as DoS and DDoS attacks against routers and links|
|On demand delivery and scaling typically available||The least secure connectivity option|
|Multiple ISPs results in more potential points of failure|
The new cloud research report is here.
What is driving the next era of cloud? We surveyed 400 IT decision-makers across Europe and Asia. Get all the insights you need, in this exclusive research.
Cloud connectivity using public internet and cloud prioritisation
Internet connectivity with cloud prioritisation enables you to dynamically reserve a portion of your normal Internet bandwidth for select cloud applications. Traffic prioritisation is effective for both incoming and outgoing traffic enabling a consistent, SLA-backed user experience specifically for your traffic to the cloud.
Cloud prioritisation is offered by network service providers that have direct peering services with cloud providers, such as Microsoft. For example, Microsoft Azure Peering Services (MAPS for short) enables end-users direct access to Microsoft cloud services through certified network providers.
Once in place, your cloud traffic stays completely on your providers network, bypassing the public Internet and avoiding any other intermediary ISPs.
Colt has direct interconnection infrastructure with Microsoft, in 21 locations across Europe and Asia, enabling cloud prioritisation for Microsoft Teams, Office 365, Azure, or any other Microsoft SaaS application. This ensures traffic destined for these services takes the shortest possible path, ensuring the lowest possible latency.
Cloud prioritisation combines the benefits of optimised routing and direct peering infrastructure with traffic prioritisation over the last mile, between the customer router and provider edge.
|An add-on to standard Internet access services||Offerings are dependent on your connectivity and cloud providers|
|Consistent and guaranteed SLA-backed performance to the closest peering point||Layer 3 access only|
|Dynamically reserved bandwidth for cloud applications||No dedicated connection|
|Works for both incoming and outgoing bandwidth|
|Optimised routing selects the shortest path to the cloud network edge|
|Avoids network contention and unpredictable routing changes|
|30 millisecond Round Trip Delay (RTD)|
|Traffic congestion control *|
* only available from some MAPS providers
Direct Ethernet cloud connect
Dedicated connectivity through Ethernet connectivity services is the fastest and safest route for cloud connectivity, and the first of the Internet-bypass solutions. It is the result of service providers, like Amazon, Microsoft, Google, Oracle and IBM working together with network service providers to enhance end-to-end cloud connectivity and automation capabilities - without touching the Internet. End-users are probably already familiar with the names of these CSP’s direct interconnect programmes - like AWS Direct Connect, Microsoft ExpressRoute and Google Cloud Interconnect - that enable end-to-end secure connectivity through a Network Service Provider towards the customer location.
Direct Ethernet connectivity to the cloud renders performance, quality of service and security problems obsolete. It's provided by cloud on-ramps at data centres where the cloud service provider is present. This connects your premises or facilities through a NSP to the cloud provider via a dedicated layer 2 link.
Direct cloud connectivity provides the secure, high performance, end-to-end connectivity needed to run critical applications that can't be rivalled when only using the Internet. Cloud Service Providers typically charge data transfer fees - which are different when connecting to the Cloud through direct Ethernet connectivity vs. through the Internet, so direct connectivity can be particularly cost-effective if you are likely to be transporting large amounts of data out from your cloud environment (known as 'egress') towards your location.
|Supports all topologies (Premise to cloud, premise to multi-cloud and cloud to cloud)||Only suitable for a single site (not multisite/WAN connectivity)|
|Bandwidth services upto 100Gbps available||Requires a dedicated circuit|
|Bandwidth is fully dedicated and guaranteed end-to-end||Customer to handle BGP peering|
|On demand delivery and scaling typically available||By default a layer 2 service, some NSP’s provide managed router (L3)|
|End to end connectivity SLA with deterministic latency and performance|
|Very suited and cost efficient for higher data transfer - due to lower price per Gigabyte (egress) out billing vs through the Internet|
|Not subject to DDOS attacks as traffic bypasses the public Internet|
Receive our bi-weekly collection of the biggest stories from the world of technology & telecoms.
MPLS IP VPN cloud connect
Integrating cloud connectivity into a MPLS IP VPN (also known as IP VPN cloud connect or virtual WAN technology) is a scalable and cost-effective way to access cloud services. MPLS IP-VPN provides direct, high bandwidth and secure cloud
connectivity into the Cloud Service Providers. It's suited to customers that require secure access to the cloud across multiple sites and traditionally has been a common way businesses connect to cloud providers.
IP VPN cloud connect is in general a layer 3 solution where cloud access is integrated into a private wide area network (WAN), meaning there's no need to redesign large corporate networks. Providing cloud connectivity into an IP VPN is generally a secure and cost-effective solution, where the different customer locations in the IP-VPN share the connectivity to access their resources in the cloud.
Though not a private connection, the encryption capabilities provide the security benefits of a private connection but over the public Internet.
The same problems as public Internet remain, including performance issues from inefficient routing, network attacks and congested connections. Additionally the data packets required for VPN connectivity are often larger than normal and often have to be broken down before forwarding on. This process, known as fragmentation and reassembly, can increase CPU and bandwidth overhead.
|Very suitable for integration in existing and new MPLS IP-VPN networks||MPLS only, no Internet Branch sites|
|Highly secure, part of private IP-VPN||Layer 3 connectivity|
|No need to redesign large corporate networks||Dedicated connection required|
|Fully integrated in IP-VPN (any-to-any), avoids the need to backhaul traffic||Can increase latency – depends on where branch sites are located|
|Cost-effective as multiple locations on the IP-VPN share the connectivity toward the cloud|
|Support different topologies: Single Cloud, Multi-Cloud and Cloud-to-Cloud|
SD WAN cloud connect
SD WAN (sometimes called SDWAN, SD WAN Cloud Access or SD WAN Multi-Cloud) can connect your software-defined WAN infrastructure to multiple cloud service providers (such as AWS, Microsoft Azure and Google Cloud) to enable direct, high performance and secure multi-cloud connectivity. Each branch office benefits from seamless end-to-end connectivity to your public cloud providers.
For cost-effective, direct connectivity into multiple cloud environments, SD WAN is likely the optimal solution.
SD WAN offers sophisticated and comprehensive connectivity capabilities, with features including prioritisation, optimisation, security, analytics, automated provisioning and deployment. It brings together a single cohesive view of the enterprise network, tying together WAN sites, IaaS/SaaS cloud, and branch site connectivity, typically all within a single online portal. Coupled with on-demand capabilities such as zero touch site provisioning and real-time bandwidth upgrades, SD WAN is an extremely powerful solution.
Prior to SD WAN, traffic was typically backhauled to a central site or regional hub where a physical hardware stack provided functionality that was cost prohibitive to deploy at satellite sites (such as security and analytics). SD WAN now enables this functionality to be deployed in software on a common hardware platform. These software stacks comprise of various software functions that can be dynamically loaded and deployed in a modular fashion with a range of functionality, including:
- Networking & routing
- Traffic optimisation
- Remote access
- and more
By tying together WAN sites and cloud infrastructure SD WAN can deliver end-to-end security, performance and visibility.
Building on MPLS IP VPN above, SD WAN offers private connectivity into multiple cloud providers in a single solution, combined with end-to-end performance backed by a SLA, end-to end security, and end-to-end analytics.
|The best way to manage multi-cloud infrastructures (MPLS and Internet branch sites)||Can require significant network changes and redesign to leverage all the benefits|
|Completely avoids the need to backhaul traffic from a brand site to a CSP or data centre||Newer services such as on demand capabilities may be limited|
|Bandwidth is fully dedicated and guaranteed end-to-end||Check support for your specific cloud provider (CSP) requirements|
|Automatic provisioning and deployment||Check support and roadmap for features and functionality such as such as application optimisation, analytics, SASE and more|
|Dynamic path selection - intelligent and dynamic routing to the best available path||Can increase latency – depends on where branch sites are located|
|Additional security features like FW/NAT to support the CSP public domain|
|End-to-end visibility and management of the entire enterprise network|
|Supports all topologies - WAN to cloud, WAN to multi-cloud and cloud to Cloud|
|Supports also Internet only branch sites connecting directly to CSP through SD-WAN|
Questions to ask your cloud connect provider
There is no ‘one-size-fits-all’ solution for enterprises as they connect to the cloud, here are some things to consider.
Top 10 questions and considerations to ensure you remain future-proofed by a new provider:
- What level of partnership do you have with the major cloud providers?
- How many public cloud points of presence do you have?
- How many data centres are currently connected to your network?
- How many offices are currently connected to your network?
- Do you provide on demand capabilities via a self-serve software portal?
- Are you data centre and cloud service provider neutral?
- Who owns your fibre network - is it privately owned or leased from a 3rd party?
- Do you provide end-to-end connectivity, including the last mile?
- Do you provide guaranteed SLAs including for latency, packet loss and throughput?
- What bandwidths are supported for cloud connectivity?
The evolving path to cloud adoption
What is driving the next era of cloud? We surveyed 400 IT decision-makers across Europe and Asia. Get all the insights you need, in this exclusive research.
With thanks to - Stuart Brameld (Marketing Manager), Marc Heijnen (Product Marketing & Management, Cloud Connectivity Services), Mohit Manral (Product Manager, SD WAN), Yusaku Tanaka (Product Manager, IP Access).
Version 1.1, updated 17th May 2021