You are going to be, or are already, connected to some cloud service, as this is now almost unavoidable. Most people think that the Internet is the only connection solution for these services, but the Internet is not secure unless you use a VPN connection. The Internet is just a best effort delivery service without QoS, so when you're looking for performance, the Internet doesn't always deliver it.
I met Ted Mallires, PMP of The BAZ Group, a firm providing communications technology consulting and management offerings, at a recent NEC Advantage conference. Our conversation wandered over many subjects, but we eventually focused on the cloud service connection options available today. This blog summarizes our discussion. The providers mentioned are not in any order of preference or recommendation.
Cloud Connections
There is a long list of cloud service companies that are candidates for connections. Many cloud services options to assess include AWS, Azure, HP Helion, Salesforce, Cisco, IBM, NTT, Office 365, Oracle, Google, Rackspace, CSC, and VMware. This is an incomplete and expanding list.
What you may not realize is that some of the cloud services to which you subscribe are residing on AWS, Azure, or another cloud. This is very common for software as a service. Not all of the connection services to the cloud are equal. Some offer only domestic connections, while others offer international connections. The connections that are available will also vary from connection provider to connection provider. With the growth of cloud connection services, there are more options other than the Internet. You can connect directly, or you can connect through one of the emerging direct end-to-end services that bypass the Internet.
IP Sec VPN over Internet
This is the most common and traditional approach, and how most organizations initially implement their cloud connection. All traffic should be encrypted over a VPN connection when using the public Internet. Note that the customer pays for their Internet access separately from their cloud service.
Dedicated Connections to Cloud Provider
The approach of operating over a private connection and avoiding the Internet is driven by scale, performance, and concern for security. A dedicated circuit (private line) is installed between the client/customer organization and the selected cloud provider. Customers pay for a port connection to the cloud provider's location as well as the dedicated carrier connection (wave, EPL, MPLS circuit). This is a P2P connection between the customer and their cloud provider. This connection type can deliver the security and performance desired, but it can also be expensive.
Carrier to Cloud Provider
A carrier provides the connection to multiple cloud providers (and diverse connections to those providers) in this scenario. Instead of the customer implementing private line connectivity to the cloud provider, the customer uses their carrier to access the cloud providers. The customer does not pay for dedicated circuits and ports, but does pay for the service and usage. In some cases, the carrier's cloud service is directly connected to all of the cloud providers they serve. In other cases, the carrier uses the Equinix Cloud Exchange to get to some/all of the cloud providers.
Direct End-to-End
These are cloud connections implemented by a carrier that can offer private connectivity. Connectivity is from the customer's LAN to the cloud services the carrier can reach. These connections are implemented so that there is direct connection to the data centers of the cloud service provider. This means there is no third-party network utilized like that encountered with Internet access.
Most of these connection services offer connections to the larger cloud service providers. You need to check with each of them to see what services they connect to as they may not connect to the ones that you want. The following is a list of some of the carriers that offer the fastest, most secure, and probably easiest to manage, connection to cloud services:
Hybrid Direct Connections
These cloud connection services are a mixture of direct connections to some of the cloud providers and a link to the Equinix Cloud Exchange to others. Customers need to implement a connection over one of the carriers listed below. The connection will either utilize the carrier's direct connection or be routed through the Equinix Cloud Exchange by the carrier. These options include:
Equinix Cloud Exchange
This form of cloud connection service uses a carrier's network, connecting the customer's LAN to the Equinix Cloud Exchange through the Equinix data centers. Connections are made to both domestic and international cloud services. This type of connection requires a cross connect be implemented from the carrier to the Cloud Exchange within the Equinix data center. This introduces a separate network to reach the desired cloud service provider. The value of this service is that it reaches a large number of cloud service providers, which means it may be the only connection service you will need.