Read My Lips – It’s the Network!
You more ‘experienced’ US based readers will recognize that title as a blended adaptation of two memorable political quotes from the 80’s. But the product truly reflects my view of the most important aspect of hybrid architectures of on-premises and cloud-based IT infrastructures. Reliable, secure, and performant network connectivity between your on-premises data center and a cloud Infrastructure as a Service (IaaS) tenant is essential for true commercial operations in your business.
There are many ways for a business to utilize IaaS resources. And many of those can be done with basic Internet connectivity across firewalls. Simple, self-contained websites, truly isolated test and development efforts, training and technology experience labs are some examples. However, using IaaS resources as true extensions of your on-premises datacenter is a hybrid configuration analogous to two private enterprise data centers in separate locations that you own and operate and interconnect via private network circuits. When one of those locations is an IaaS tenant like AWS and Azure, that’s a hybrid cloud-based and on-premises model. The IaaS tenant relieves the enterprise of the associated ownership and infrastructure operations, and usually makes it exceptionally fast and easy to ramp and deploy new services.
When the network link between the cloud and the premises is high bandwidth and highly available, the most benefit can be realized from all the options and capabilities in the IaaS tenant. The enterprise can rapidly provision and configure VMs in the cloud that can appear to be on-lan for the users on-premises. Scale up and scale-down become ‘soft’ transactions dramatically reducing time to provision, and completely eliminating power, environment, and space requirements in the on-premises datacenter.
The typical configuration involves a private ‘space’ in the IaaS tenant – in AWS that’s called a Virtual Private Cloud (VPC). The Enterprise then needs to establish Virtual Private Network (VPN) connectivity between the VPC and the on-premises LAN via public carrier Internet links. The higher the bandwidth on those links, the better the overall experience will be. There should also be more than one link involved, and the links should be with different providers. Network routing should be configured to treat the links as redundant and provide for automatic failover should an active link fail. Ideally, cable paths to the premises from the different providers should be as physically disparate as possible. (So when the backhoe mistakenly cuts the Cogswell fiber in the front of the building, your secondary path on the Spacely fiber out the back of the building is still in service!)
In this configuration the IaaS resources appear as true network peers with all of the Enterprise LAN hosts and clients. The Enterprise has complete control of the TCP/IP addressing scheme and can even position Windows Active Directory Controllers in the IaaS tenant. And there are many more options and features readily available with this construct.
When using cloud-based IaaS services in a hybrid model with on-premises Enterprise assets, connectivity is King. Read my lips – it’s the Network!