Most cloud-adopting organizations use a hybrid architecture, involving both on-premises and public cloud resources. There are myriad approaches to and strategies for deploying a hybrid architecture, but they all have two characteristics in common. On one hand, users need connectivity between on-premises and public cloud resources. On the other, they must consider the rise in networking costs, which have transformed from a marginal factor in public cloud-only architectures to a significant component of companies’ business models.
Hybrid Cloud Connectivity Options
Now that we understand the nuances of public and private cloud connectivity economics, let’s dive deeper into these a few models of hybrid cloud connectivity. For simplicity, we will refer to the data transfer pricing models offered by Amazon.
Internet-Based Approach to Hybrid Cloud Connectivity
The most trivial solution for data transfer is using the public internet. However, we must consider the risks of using it. The first is that the internet is a best-effort network, which means that connection speed isn’t stable or guaranteed. Routing of the data isn’t fixed, and varying latency (jitter) can be introduced, making this connectivity option unsuitable for some applications. The second risk is to privacy and security. Data flowing over the internet is not secure and can be tracked, intercepted, stolen, or even replaced by malicious data.
Internet + VPN Approach
To “upgrade” the first option, users can connect their public and private cloud resources using the internet, but they apply an IPsec-based VPN connection between the clouds. This strategy encrypts the data and makes the connection more secure and resistant to taps and attacks. However, it doesn’t solve the performance issues (speed and latency) that are typical of the internet.
Direct Connection Approach
An alternative to using the public internet is to use a private, direct connection to the cloud provider, enabled by third-party partners. These provide a dedicated connection from the customer’s premises, either directly to the customers’ respective public cloud regions, or to one of the third party’s intermediate points-of-presence (PoPs), which have a direct connection to the relevant cloud regions. A direct connection mitigates both the performance and security risks of using the internet and provides a secure, guaranteed speed, fixed-latency connection for hybrid architecture. It is, in fact, an extension of the on-prem LAN to the customer’s network on the public cloud. Strangely, Amazon does not provide an SLA for these connections.
Pricing for direct connections is also a mix of per-hour and per-gigabyte charges. Amazon, for example, charges a per-hour fee for a dedicated speed port to its Direct Connect service.
Pricing of the AWS Direct Connect:
The price of AWS Direct Connect depends on the connection speed. Pricing starts at $0.03 per hour for a 50Mbps connection, rising incrementally to $0.30 per hour for a 1Gbps connection, and $2.25 per hour for a 10Gbps connection.
Data transfer charges are lower than those for internet connectivity and are not tiered. They are either $0.02 or $0.03 per gigabyte for outbound traffic, depending on the PoP. Inbound traffic is free.
NetApp Cloud Volumes Service uses a direct connection to establish the communication between your on-premises data center and an AWS data center. It provides a secure, guaranteed speed, fixed-latency connection for hybrid architecture.
Infrastructure and Connectivity Before and After the Cloud
Cloud migration, in itself, changes the volume and nature of traffic flow within and outside of a corporate network. It also has an impact on users’ security risk mitigation best practices.
Before the Cloud
Most networking infrastructure investments were spent on ensuring available, reliable, and performant connectivity to on-premises datacenters. For many organizations, internet connectivity was not critical for internal business operations. Network boundaries were primary defenses against security breaches.
After the Cloud
With newly migrated productivity and IT workloads running in the cloud, infrastructure investments shift from on-premises data centers to internet connectivity, which is now critical for internal business operations. Federated connectivity shifts security strategy, weighting it toward protecting identities and data as they flow through the network and the various points of connectivity to cloud services.