Cloud connect explained

IP connect, cloud connect, direct connect, dedicated interconnect, direct link, fast connect …... What does it all mean?!?

HomeGuidesCloud connect explained

Market Pulse

Join thousands of your peers from companies like IBM, Intel, General Motors and Sony today.

Introduction to cloud connectivity

Many network service providers (NSP's) have a range of options when it comes to cloud connectivity, though a lack of industry standards and confusing terminology can make things difficult to understand.

Do you know the difference between IP connect, cloud connect, direct connect, dedicated interconnect, direct link and fast connect? Is there a difference?

We enlisted the help of (ok, so we hassled, bugged and bribed) our best and brightest cloud architects, network engineers and product managers to help you cut through the noise and avoid the confusion.

Market Pulse

Join thousands of your peers from companies like IBM, Intel, General Motors and Sony today.

The history of cloud connect

Not so long ago, the only option available to connect to a Cloud Service Provider (CSP) was over the public Internet. However, with the rapid shift to cloud computing, customers quickly began to demand more - better security, lower latency, higher throughputs and increased reliability.

CSPs soon realised better end-to-end cloud performance wasn't going to be possible using the public Internet. They also understood that they didn’t have the expertise or the infrastructure to manage interconnectivity between dozens of network service providers and colocation racks in their own data centres.

CSPs also quickly realised the answer was in the hundreds of carrier neutral data centres spread all over the world, also known as Internet Exchange Points (or IXPs). All network service providers were already present at these locations, so CSPs could extend their backbone connectivity to meet them there. This provided the potential for a direct physical link between the network service provider network and the cloud service provider network (known as a cross-connect), bypassing the regular Internet and providing a pseudo-private network. This interconnectivity, known as private peering, enabled direct, end-to-end connectivity and brought with it a whole range of security, latency and performance improvements (in addition to cost efficiencies for customers moving high volumes of data from cloud environments to their locations).

Today, cloud connectivity falls into two buckets, one that relies on the public Internet, and another that uses private, dedicated connectivity. Within these 2 buckets are typically 5 different connectivity options available.

Public Internet Ethernet
Public Internet with cloud prioritisation MPLS IP VPN

We’ll walk you through 5 cloud connectivity options and explain the pros and cons of each, so that you can choose the most suitable cloud access solution for your needs.

*Click to enlarge the image

Cloud connectivity using the public internet

Arguably the cheapest and easiest way to connect to the cloud is through your standard Internet connection over the public Internet, sometimes referred to as IP access or IP transit.

Using your public Internet access is easy to set up and versatile, as accessing the cloud is just one of the many use cases for a standard Internet access connection. It provides a cost-efficient access method where you don’t have specific performance needs.

However, accessing cloud applications via the public Internet can also result in performance inconsistencies and increased security risks. Historically, the term IP transit was used to reflect situations where providers had no direct access to the destination network and needed to 'transit' over other networks and network providers.

You can think of public Internet routes like a highway - they're dynamic and shared which can result in congestion at times, and when the most direct link is not available, data is routed through the next best option, which you have no control over resulting in packet loss and increased latency (delays). Additionally, multiple hand-offs between ISPs creates instability in the connection and increased risk.

Essentially the more pops and routers involved in delivering your data to its final destination, the more points of potential failure and a wider surface area for security attacks. Despite this, the growth of cloud connectivity via public Internet has shown no sign of slowing down. The public Internet remains by far the most common way to access the cloud.

Best for single locations A best-effort service not suited for critical applications
Cost-effective for low and medium data transfer volumes Shared and dynamic routes means no performance optimisation or guaranteed performance
Suitable for most topologies (premise/wan to single cloud, premise/wan to multi-cloud) Not suitable for cloud to cloud connectivity
Use your existing business-as-usual internet connection Becomes expensive for higher data transfer rates due to per Gigabyte out billing (egress)
Easy to get up and running, no need for a dedicated circuit Exposed to security risks, such as DoS and DDoS attacks against routers and links
On demand delivery and scaling typically available The least secure connectivity option
Multiple ISPs results in more potential points of failure

The evolving path to cloud adoption

What is driving the next era of cloud? We surveyed 400 IT decision makers and C-level executives, across Europe and Asia. Get all the insights in this exclusive research.

Cloud connectivity using public internet and cloud prioritisation

Internet connectivity with cloud prioritisation enables you to dynamically reserve a portion of your normal Internet bandwidth for select cloud applications. Traffic prioritisation is effective for both incoming and outgoing traffic enabling a consistent, SLA-backed user experience specifically for your traffic to the cloud.

Cloud prioritisation is offered by network service providers that have direct peering services with cloud providers, such as Microsoft. For example, Microsoft Azure Peering Services (MAPS for short) enables end-users direct access to Microsoft cloud services through certified network providers.

Once in place, your cloud traffic stays completely on your providers network, bypassing the public Internet and avoiding any other intermediary ISPs.

Colt has direct interconnection infrastructure with Microsoft, in 21 locations across Europe and Asia, enabling cloud prioritisation for Microsoft Teams, Office 365, Azure, or any other Microsoft SaaS application. This ensures traffic destined for these services takes the shortest possible path, ensuring the lowest possible latency.

Cloud prioritisation combines the benefits of optimised routing and direct peering infrastructure with traffic prioritisation over the last mile, between the customer router and provider edge.

An add-on to standard Internet access services Offerings are dependent on your connectivity and cloud providers
Consistent and guaranteed SLA-backed performance to the closest peering point Layer 3 access only
Dynamically reserved bandwidth for cloud applications No dedicated connection
Works for both incoming and outgoing bandwidth
Optimised routing selects the shortest path to the cloud network edge
Avoids network contention and unpredictable routing changes
30 millisecond Round Trip Delay (RTD)
Traffic congestion control *

* only available from some MAPS providers

Direct Ethernet cloud connect

Dedicated connectivity through Ethernet connectivity services is the fastest and safest route for cloud connectivity, and the first of the Internet-bypass solutions. It is the result of service providers, like Amazon, Microsoft, Google, Oracle and IBM working together with network service providers to enhance end-to-end cloud connectivity and automation capabilities - without touching the Internet. End-users are probably already familiar with the names of these CSP’s direct interconnect programmes - like AWS Direct Connect, Microsoft ExpressRoute and Google Cloud Interconnect - that enable end-to-end secure connectivity through a Network Service Provider towards the customer location.

Direct Ethernet connectivity to the cloud renders performance, quality of service and security problems obsolete. It's provided by cloud on-ramps at data centres where the cloud service provider is present. This connects your premises or facilities through a NSP to the cloud provider via a dedicated layer 2 link.

Direct cloud connectivity provides the secure, high performance, end-to-end connectivity needed to run critical applications that can't be rivalled when only using the Internet. Cloud Service Providers typically charge data transfer fees - which are different when connecting to the Cloud through direct Ethernet connectivity vs. through the Internet, so direct connectivity can be particularly cost-effective if you are likely to be transporting large amounts of data out from your cloud environment (known as 'egress') towards your location.

Supports all topologies (Premise to cloud, premise to multi-cloud and cloud to cloud) Only suitable for a single site (not multisite/WAN connectivity)
Bandwidth services upto 100Gbps available Requires a dedicated circuit
Bandwidth is fully dedicated and guaranteed end-to-end Customer to handle BGP peering
On demand delivery and scaling typically available By default a layer 2 service, some NSP’s provide managed router (L3)
End to end connectivity SLA with deterministic latency and performance
Very suited and cost efficient for higher data transfer - due to lower price per Gigabyte (egress) out billing vs through the Internet
Not subject to DDOS attacks as traffic bypasses the public Internet

The evolving path to cloud adoption

What is driving the next era of cloud? We surveyed 400 IT decision makers and C-level executives, across Europe and Asia. Get all the insights in this exclusive research.

MPLS IP VPN cloud connect

Integrating cloud connectivity into an IP-VPN (also known as IP-VPN cloud connect or MPLS-WAN technology) is a scalable and cost-effective way to access cloud services.

MPLS IP-VPN provides direct, high bandwidth and secure cloud
connectivity to Cloud Service Providers. It's suited to customers that require secure access to the cloud across multiple sites and has traditionally been a common way for businesses connect to cloud providers.

The cloud connection is directly integrated into the IP VPN, so that it is completely private, with no reliance on the Internet. The cloud locations are integrated into the private WAN and effectively seen as another site (or sites) on the IP-VPN, meaning there is no need to redesign large corporate networks. Different customer locations in the IP-VPN then share the connectivity to access their resources in the cloud.

Very suitable for integration in existing and new MPLS IP-VPN networks MPLS only, no Internet Branch sites
Highly secure, part of private IP-VPN Layer 3 connectivity
No need to redesign large corporate networks Dedicated connection required
Fully integrated in IP-VPN (any-to-any), avoids the need to backhaul traffic Can increase latency – depends on where branch sites are located
Cost-effective as multiple locations on the IP-VPN share the connectivity toward the cloud
Support different topologies: Single Cloud, Multi-Cloud and Cloud-to-Cloud

SD WAN cloud connect

SD WAN (sometimes called SDWAN, SD WAN Cloud Access or SD WAN Multi-Cloud) can connect your software-defined WAN infrastructure to multiple cloud service providers (such as AWS, Microsoft Azure and Google Cloud) to enable direct, high performance and secure multi-cloud connectivity. Each branch office benefits from seamless end-to-end connectivity to your public cloud providers.

For cost-effective, direct connectivity into multiple cloud environments, SD WAN is likely the optimal solution.

SD WAN offers sophisticated and comprehensive connectivity capabilities, with features including prioritisation, optimisation, security, analytics, automated provisioning and deployment. It brings together a single cohesive view of the enterprise network, tying together WAN sites, IaaS/SaaS cloud, and branch site connectivity, typically all within a single online portal. Coupled with on-demand capabilities such as zero touch site provisioning and real-time bandwidth upgrades, SD WAN is an extremely powerful solution.

Prior to SD WAN, traffic was typically backhauled to a central site or regional hub where a physical hardware stack provided functionality that was cost prohibitive to deploy at satellite sites (such as security and analytics). SD WAN now enables this functionality to be deployed in software on a common hardware platform. These software stacks comprise of various software functions that can be dynamically loaded and deployed in a modular fashion with a range of functionality, including:

  • Networking & routing
  • Analytics
  • Security
  • Traffic optimisation
  • Remote access
  • and more

By tying together WAN sites and cloud infrastructure SD WAN can deliver end-to-end security, performance and visibility.

Building on MPLS IP VPN above, SD WAN offers private connectivity into multiple cloud providers in a single solution, combined with end-to-end performance backed by a SLA, end-to end security, and end-to-end analytics.

The best way to manage multi-cloud infrastructures (MPLS and Internet branch sites) Can require significant network changes and redesign to leverage all the benefits
Completely avoids the need to backhaul traffic from a brand site to a CSP or data centre Newer services such as on demand capabilities may be limited
Bandwidth is fully dedicated and guaranteed end-to-end Check support for your specific cloud provider (CSP) requirements
Automatic provisioning and deployment Check support and roadmap for features and functionality such as such as application optimisation, analytics, SASE and more
Dynamic path selection - intelligent and dynamic routing to the best available path Can increase latency – depends on where branch sites are located
Additional security features like FW/NAT to support the CSP public domain
End-to-end visibility and management of the entire enterprise network
Supports all topologies - WAN to cloud, WAN to multi-cloud and cloud to Cloud
Supports also Internet only branch sites connecting directly to CSP through SD-WAN

Questions to ask your cloud connect provider

There is no ‘one-size-fits-all’ solution for enterprises as they connect to the cloud, here are some things to consider.

Top 10 questions and considerations to ensure you remain future-proofed by a new provider:

  1. What level of partnership do you have with the major cloud providers?
  2. How many public cloud points of presence do you have?
  3. How many data centres are currently connected to your network?
  4. How many offices are currently connected to your network?
  5. Do you provide on demand capabilities via a self-serve software portal?
  6. Are you data centre and cloud service provider neutral?
  7. Who owns your fibre network - is it privately owned or leased from a 3rd party?
  8. Do you provide end-to-end connectivity, including the last mile?
  9. Do you provide guaranteed SLAs including for latency, packet loss and throughput?
  10. What bandwidths are supported for cloud connectivity?

The evolving path to cloud adoption

What is driving the next era of cloud? We surveyed 400 IT decision makers and C-level executives, across Europe and Asia. Get all the insights in this exclusive research.

Looking for some help or advice? click here to chat with our team or view our cloud connect products.

With thanks to - Stuart Brameld (Marketing Manager), Marc Heijnen (Product Marketing & Management, Cloud Connectivity Services), Mohit Manral (Product Manager, SD WAN), Yusaku Tanaka (Product Manager, IP Access).

Version 1.1, updated 17th May 2021