Today’s organizations use an extensive array of IT resources to perform their daily functions. Historically, it was common practice to host these resources in an on-premises data center or a colocation facility. Over the years, technology has evolved, and many companies developed a common network framework that connects on-premises and cloud resources. To avoid costly mistakes in the implementation of a hybrid network, focus on avoiding major mistakes within the three most important factors of the design phase.
The cloud network industry breakdown
A common network is required to connect companies' on-premises and cloud resources. The coexistence of on-premises and cloud resources results in a hybrid cloud, and the common network connecting them is referred to as a hybrid network. With the increased adoption of cloud computing, IT resources are delivered and consumed from cloud service providers over the hybrid network connection. A common network is required to connect on-premises and cloud resources.
There are challenges associated with implementing these network resources for any company. These challenges can be potentially problematic in ways that can prove costly and time-consuming. The most common factors to consider when setting up a company hybrid network are scalability, connectivity models, and reliability.
Mistake number one: lack of scalability
Scalability refers to the size of the solution the organization requires from its hybrid network. While considering the scalability factor, it’s important to possess a clear picture of the bandwidth, latency, traffic flow, and application involved that the network would support.
Best practices for scalability include:
- Design an effective traffic engineering solution,
- Evaluate and select the best possible IP routing selection, and
- Summarize the routes advertised to cloud and on-premises.
It’s critical that organizations leverage the capabilities of cloud wide-area network (WAN), which helps build, manage, and monitor a global network that connects resources running across cloud and on-premises networks.
Mistake number two: lack of connectivity models
Connectivity models relate to the communication pattern between on-premises and cloud resources. The proper connectivity models solve important problems regarding privacy and communication issues. To reduce pairing requests and establish multiple routes of communication, carefully consider the pros and cons between connectivity models like AWS Direct Connect, Azure Express Route, or Google Dedicated Interconnect.
It is crucial to establish multiple higher bandwidth virtual private network (VPN) tunnels with equal-cost multi-path (ECMP) routing. This helps organizations connect multiple sites with border gateway protocol (BGP) routing. Recently, one prominent survey firm completed a setup of AWS Direct Connect with one gigabits per second (Gbps) bandwidth. The setup had to span multiple regions and multiple on-premises data centers. Initially, it involved a direct connect with virtual private gateways to individual virtual private clouds. It was discovered during the peak migration that the provisioned port speed was not sufficient to handle peak loads. In order to overcome this limitation, the port speed was increased to 10 Gbps, and an AWS Direct Connect gateway along with ECMP on transit gateway was established. (See figure.)
Mistake number three: lack of reliability
Reliability refers to minimizing the effects of a single failing component within a hybrid network. It ensures the application can meet the service-level agreements (SLA) and dependably perform its functions. Another key aspect of reliability is regulating the failure detection time by setting up a dead peer detection (DPD) for VPN connections and bidirectional forward detection (BFD) for express routes or direct connect.
Protecting a company’s network includes taking a precise approach to the design or migration to the hybrid network. It makes sense to create a clear SLA to discover the company’s necessary connectivity type with a cloud architect and subsequently determine the metrics by which the architect’s service is measured. A well-written, documented SLA provides both distinct expectations of service and protects the company if any service levels are not achieved.
It is also important to ensure proper security on the hybrid network. This can be accomplished by:
- Inspecting network metrics with tools such as Azure Network Watcher, Traffic Analytics, or Network Performance Monitor,
- Adding networking firewalls with Azure Firewall, AWS Network Firewalls, or Palo-Alto Network Appliance, and
- Handling hybrid domain name system (DNS) properly with the help of DNS resolvers and private DNS.
Long-term solutions for companies and customers alike
Though there is no one-size-fits-all approach to hybrid networking, working with a cloud architect is of the utmost importance to ensure the quality of design in an organization’s hybrid network. By asking the right questions when migrating to or designing a hybrid network, companies not only maximize their chances of success but also ensure privacy and efficiency, all while avoiding costly mistakes. With scalability, connectivity, and reliability in mind during the network design phase, companies can safeguard security without sacrificing convenience to their clients, ensuring long-term customer convenience in a customer service-centric world.
Sathish Krishnan is a senior cloud architect for Amazon Web Services.