Cloud computing quickly becomes the preferred method to host ever-changing workloads. It enables them to react faster to external changes, scale up their infrastructure resources to boost their operations as well as reduce costs. Despite all the proposed benefits, many businesses still maintain on-premise data centers for various reasons, such as data sovereignty, compliance, and legacy applications. To bridge the gap between “full public cloud all the way” and the traditional data center, companies get the option to use a so-called hybrid cloud. All three major cloud providers offer options to connect an on-premise data center to their cloud platforms. In this article, we will explore options and considerations to connect your on-premise data center to the cloud. Besides these, we’ll also cover practical use cases and methods from a practical point of view.
Use Case 1: VPN Connectivity
One of the most common ways to connect an on-premise data center to the cloud is to use a Virtual Private Network (VPN) connection. Azure, AWS, and Google Cloud all offer VPN-based solutions. A VPN connection establishes a “secure channel” between infrastructure resources and applications. It is fairly easy and straightforward to set up for a limited number of devices/workloads. However, managing and scaling the connections becomes more complex over time as demand increases. The costs to set up a VPN connection are reasonable for companies of any size since you do not require the setup of a dedicated connection such as AWS Direct Connect or Azure Express Route. When implementing a site-to-site VPN, you only need to pay for infrastructure resources such as VPN gateway services and data transfer.
Example use cases
The following use cases benefit from a site-to-site VPN connection:
- Hosting a CRM system in the public cloud while keeping more sensitive workloads in the on-premise data center.
- Expand the usage of VMS such as “build agents” in CICD tools or “worker nodes” in Kubernetes Clusters in the cloud while keeping the main configuration aspects on-premise.
- Make use of modern messaging systems in the cloud such as Azure Message Queue which integrates with applications that run on-premise.
Pros and cons
Since VPN connections offer a secure connection over the regular internet, there is no need to configure a dedicated and costly connection. This makes it a cost-effective option for small to medium workloads. Those workloads should not demand high-performance throughput and massive amounts of data to be sent back and forth since a VPN connection is not the best solution to handle these. Data-intensive workloads may encounter performance bottlenecks or unwanted latency, so keep this in mind when setting up your desired solution.
Above mentioned considerations may lead to complex configuration and management-related issues as well as security vulnerabilities. This is especially true if network operators and administrators do not have sufficient knowledge and experience with this kind of connection.
Use case 2: a direct connection
In contrast to the VPN connection type described earlier, you also have the option to establish a private link between your data center and the network of the cloud provider of choice. AWS offers DirectConnect, Azure it’s ExpressRoute and Google Cloud offer Dedicated Interconnect as their secure and high-bandwidth-based solution. Traffic flows over a dedicated network that only you use. This is separated from the public internet.
Often, the initial costs are higher than a VPN-based connection which is only suitable for a limited amount of workloads. A direct connection requires specific hardware and software and personnel with specialized skills. This makes it a moderate to highly difficult solution to set up. In the long run, a direct connection can be more cost-effective compared to a site-to-site VPN connection, especially with ongoing data transfers and the bandwidth it requires.
Example use cases
Organizations and applications that benefit from this solution are:
- Large organizations with a lot of critical workloads such as financial institutions that handle a large number of transactions.
- Companies that run webshops in the public cloud whereas their inventory management systems are still on-premises. This way they have an option to display real-time stock information as well as benefit from scalable web shops that can handle peak traffic during busy periods such as black Friday.
Pros and cons
Critical applications that require ultra-low latency connections between the on-premises data center and the public cloud benefit from this solution since this is a private connection that guarantees a solid and fixed bandwidth that is not negatively impacted by the traffic on the public internet. Furthermore, his type of connection makes it more secure. Despite the proposed benefits, you might underestimate the initial investment and encounter higher costs for ongoing maintenance and management also due to specialized hardware and setup. Besides these aspects, organizations tend to “over-provision” their setup which leads to cost increases.
Use case 3: Software-Defined Wide Area Network
Our last use-case is called “SD-WAN” (Software-Defined Wide Area Network). This is a technological solution to optimize and manage network traffic between on-premise data centers and the public cloud. It uses intelligent routing to direct traffic efficiently.
AWS offers Transit Gateway (Connect) as their SD-WAN solution of choice, whereas Azure offers Azure Virtual WAN. Google Cloud offers SD-WAN in their Network Connectivity Center to bridge the gap between different branch offices and the Virtual Private Cloud network counterparts in their platform.
Companies choose this type of solution to route traffic intelligently and efficiently. It can save costs in terms of consumed bandwidth and the maintenance of multiple separate connections such as needed for site-to-site VPN.
Example use cases
Some common example use cases help to determine if SD-WAN is the solution of your choice:
- Connecting multiple on-premise offices with a single cloud-based collaboration tool such as document-sharing solutions that enable sharing across different locations.
- Video conferencing solutions that use a fixed set of application types and of which the usage can roughly be predicted over the week.
Pros and Cons
Network management is considered one of the most prominent benefits since the costs for this activity are recurring every now and then. Cloud applications benefit from improved performance and offer a smooth user experience. Especially since outgoing traffic is expensive and cloud providers use a “pay-per-use” model, you save a lot of costs when utilizing SD WAN-based solutions which streamline traffic management.
As with private connection, SD WAN-based solutions also require specific hardware and software as well as specialized skills which are in high demand. Sometimes the configuration can be complex which can lead to inefficiencies in terms of the Quality of Service. Forgetting to monitor and change this aspect as needed leads to decreased service and higher costs. To fully benefit from SD WAN you need to have a solid understanding of application traffic patterns. This can be challenging given the high number of diverse workloads in a large organization.
Check out the following links to respectful tutorials that focus on the methods and technologies that the most popular cloud providers offer. These help you understand and implement AWS Direct Connect, AWS Transit Gateway, Azure Site-to-Site VPN, and Google Cloud Interconnect effectively.
- AWS Direct connect tutorial (official AWS Documentation).
- AWS Blog post with hands-on examples about AWS Transit Gateway
- Azure site-to-site VPN with Azure VPN Gateway official documentation
- Official Google Cloud Interconnect Tutorial
For sure there are many blog posts, articles, and tutorials. Always be sure to check out the latest official documentation to see if the contents are still recent.
As seen in this article, there are several methods to connect your on-premises data center to the public cloud provider of your choice. Azure, AWS, and Google Cloud involve a range of methods, each with its own set of use cases, difficulty levels, financial considerations, and associated pros and cons. The choice of method should align with your organization’s specific requirements and long-term cloud strategy. It’s crucial to carefully plan and implement these connections to ensure data security, optimal performance, and cost-effectiveness across all of your workloads. Regularly review and update your connectivity strategy as your business evolves, and be sure to seek expert guidance when needed.