One appealing aspect of cloud computing has always been that it was supposed to reduce customer infrastructure complexity. While architecture simplicity may be attainable from an application and server perspective, providing intelligent network routing to public cloud resources remains as complicated as ever. This is especially true when working in infrastructure environments consisting of multiple virtual clouds and multiple corporate/branch office locations. Let’s look at the challenges of enterprise cloud architectures and how cloud service providers (CSPs) are partnering with SD-WAN vendors to help alleviate this burden.
The problem: increasingly complex access to cloud networks
While your cloud infrastructure may have started out as a single virtual network, it likely has grown to hundreds or thousands of segregated virtual network instances within a CSP’s infrastructure. Traditionally, a mesh of VPN tunnels was required for inter-network data flow. Obviously, partial or full-mesh architectures become exponentially more challenging as the number of virtual cloud networks grow. To assist with managing increasingly complex inter-virtual-network communications, CSPs like AWS and Microsoft created network services such as AWS Transit Gateway and Azure Transit VNET. These technologies allow network administrators to automatically route/control traffic moving between virtual networks – centralizing and automating the virtual network peering process. Additionally, connections from customer on-premises locations to the various virtual networks also became streamlined as the administrator is now only required to establish connectivity to their cloud transit gateway(s).
While these technologies certainly aid in reducing peering complexity between virtual networks inside a cloud, the architecture still leaves a lot to be desired from a customer on-premises network to cloud network perspective. Network admins are still forced to manually build VPN tunnels or direct-connect links to the transit gateways. Additionally, VPN tunnel throughput limitations often force administrators to build multiple tunnels from larger on-premises sites to these gateways. Lastly, sites that need access to resources in multiple cloud regions are still required to build separate connectivity to each cloud region which contains a separate transit gateway per region. Thus, from a customer connectivity perspective, network configuration and management take considerable time and effort to implement and provides little from a data-flow optimization perspective.
The solution: Using the cloud as a hub and spoke WAN
Instead of ending up with a tangled mess of manually-created VPN tunnels and private cloud links to connect end-users to cloud resources, wouldn't it be nice to automate this process using modern SD-WAN technologies? This is precisely what CSPs such as AWS and Microsoft are doing with their AWS Transit Gateway Connect and Azure Virtual WAN services. CSP’s are now beginning to partner with top SD-WAN platform providers to implement enterprise-grade SD-WAN into cloud transit gateways.
By integrating virtualized SD-WAN appliances within the various cloud transit gateways, SD-WAN can communicate optimal path selection routing data to and from a public cloud to a customer's private infrastructure. The SD-WAN can be used to communicate routing information between cloud regions and between customer sites. Thus, the cloud and entire corporate WAN infrastructure operate under a single SD-WAN control plane. This level of SD-WAN integration significantly simplifies the setup and management of on-premises to cloud connectivity, including dynamic routing, intelligent path selection, and data encryption. Additionally, remote site locations that require inter-region access can have their traffic backhauled through the cloud provider’s global network backbone. Thus, not only does this type of architecture simplify management, but it can also significantly improve network throughput performance between networks.
On-premises and cloud networks become fully integrated
Extending SD-WAN capabilities into infrastructure as a service (IaaS) cloud edges is really nothing new. It’s a functionality that has been around for years. What is new, however, is deploying third-party SD-WAN platforms -- not just at the cloud edge – but also throughout multiple cloud regions within an organization’s overall cloud bubble. This level of corporate-network to public cloud integration is a major technological leap forward for those that are seeking to further expand their private SD-WAN footprint into a public cloud.