adam's notes

Cloud Connectivity Options

Cloud connectivity is the mechanism by which clients connect to whatever infrastructure, platform, or software that the tenant has configured in the cloud.

  • multiple connectivity scenarios:
    • Permitting secure access to the cloud for individual hosts or users
    • Connecting on-premises networks with cloud infrastructure
    • Connecting cloud infrastructure established in different geographical regions
    • Creating multicloud infrastructure using different cloud providers

Internet/VPN

A virtual private network (VPN) solution means that the tenant configures a VPN gateway for the VPC.

  • can establish a connection to this VPN gateway using either
    • a client-to-site model
    • a site-to-site model
      • used to connect cloud instances to an on-premises network or to another provider’s cloud
      • Within the cloud, a virtual customer gateway is configured to represent the public IP address and security properties of the on-premises site
  • advantages
    • cost-effective
    • straightforward to setup
  • disadvantages
    • connection running over the Internet can suffer from poor performance
      • latency and bandwidth throttling
      • so not used for mission-critical or high-volume application

Direct Connect/Colocation

  • colocation within a datacenter offers a higher bandwidth solution by providing a direct connect or private link
  • establishes infrastructure:
    • within a datacenter supported by the cloud provider
    • or provisions a direct connect link from their enterprise network to the datacenter
      • datacenter installs a cross-connect cable or VLAN between the customer and the cloud provider
        • establishing a low-latency, high-bandwidth secure link
      • preferred for organizations which have a more centralized operation
        • connection to the cloud can be from the main HQ
        • company’s own enterprise network is used to allow branch locations access

Transit Gateways

  • Connectivity can be configured:
    • between VPCs in the same account or with VPCs belonging to different accounts
    • between VPCs and on-premises networks
  • Configuring additional VPCs rather than subnets within a VPC,
    • allows for a greater degree of segmentation between instances
  • complex network might split segments between different VPCs across different cloud accounts for performance or compliance reasons
  • VPCs can be interconnected using peering relationships and connected with on-premises networks using VPN gateways
    • one-to-one VPC peering relationship
    • can quickly become difficult to manage
      • if each VPC must interconnect in a mesh-like structure
  • transit gateway is a simpler means of managing these interconnections
    • is a virtual router that handles routing between the subnets in each attached VPC and any attached VPN gateways

Graph View

Backlinks