The average enterprise now has more enterprise workloads (56%) sourced in external clouds than in their own data centers, according to a Nemertes 2019 Cybersecurity Research Study. Other studies show that on average, companies are using or experimenting with nearly five different public and private clouds. Clearly, the scales are tipping firmly in favor of multi-cloud environments (IaaS, PaaS, SaaS).
While the majority of enterprises have moved IT infrastructure to virtualized platforms, they’re now transitioning to fully managed virtualized applications and cloud service platforms from providers like Amazon Web Services (AWS), Microsoft Azure, Google, or IBM. In making that shift, most IT executives confront application performance challenges. This article is designed to explore those issues, discussing how direct cloud connections serve as a solution. Keep reading to understand the two types of direct cloud connections and tips for how to choose between them.
When connecting to cloud services like Azure and AWS, most IT leaders are left pondering important network considerations, key among them is this question:
Is the public Internet good enough to support cloud services?
While the public Internet has become the default option for cloud service connectivity, it’s not the most reliable option. The Internet is typically called a “best effort” service because it comes without any service level agreements or guarantees around performance. Internet links have significantly higher packet loss and latency than private network solutions and much higher variability in loss and latency. Decision makers must also weigh the security, risk, and compliance implications of using the Internet as a core WAN channel.
When enterprises have their business-critical applications running in the cloud, the Internet can be too risky to support cloud access. With the requirements for more reliability, availability, and responsiveness, IT leaders are often searching for alternate connectivity options.
This is where direct connections or direct cloud interconnects come into play.
Direct connections to cloud service providers (CSPs) like Azure and AWS help simplify migration, providing application performance improvements. Specifically, two options allow an enterprise to avoid the public Internet for its strategic cloud systems: Direct Cloud Connects (DCC), and WAN-Cloud Exchanges (WAN-CX). Here’s what you need to know about them.
DCCs offer a direct, physical link between a customer-controlled router network and a cloud service-provider-controlled router network. The customer pays the cloud provider to allow the connection. The customer is able to send traffic directly into the service provider’s cloud. The connection can be at layer 2 (Ethernet) or layer 3 (IP). The DCC implementation delivers extremely low latency, loss, and jitter, and typically are high-capacity.
DCC Architecture: Image courtesy of Nemertes Research
WAN-CX solutions introduce a layer of indirection to the DCC scenario, but don’t let that deter you just yet. With these, the customer does not connect physically to the CSP. Instead, the customer connects to an exchange router. The exchange’s routers are connected to multiple CSPs. The customer enables virtual links (of various sizes) to the CSPs of interest, usually through an online portal and in real time. In addition, WAN-CX destinations can also include SaaS destinations, offering direct connections to Microsoft Office 365, Salesforce, and hundreds of other popular apps.
WAN-CX Architecture: Image courtesy of Nemertes Research
Here are the benefits of using the exchange over the DCC:
WAN-CX solutions are everywhere today–nearly every network services provider has an offering. So, it’s easy to think they’re all the same. If you pursue WAN-CX, look at the quality of service delivered. Remember that the layer of indirection inside the DCC solution is really a network service that carries your traffic to the CSP environment, and that service can come with varying degrees of service quality.
One key differentiating factor is cloud service level agreements (cloud SLAs). Some WAN-CX solutions include cloud SLAs that guarantee the network performance as the traffic travels to the CSP environment. Beyond just offering the direct connection itself, these providers wrap the service with a performance promise. To clarify, this is NOT an agreement between you (the customer) and the CSP–it’s between you and the network service provider offering the exchange. Masergy’s cloud SLA is one example. Masergy’s service includes a cloud SLA with the following guarantees:
Why would you want this? Cloud SLAs help enterprises ensure a consistent and high-quality service. When the network carrying your traffic to the CSP is a global software-defined network designed with consistent architectural standards, that means customers gain a more stable, dependable, and unchanging service experience. When app users are scattered across many locations across the world, that can make a difference in ensuring operational consistency and global service continuity.
With the rise of multi-cloud environments, it may come as no surprise that both DCC and WAN-CX exchanges have high potential for growth. In a 2018-2019 WAN Economics and SD-WAN Research Study by Nemertes, an aggregate 45% of participants either had a DCC implemented or were planning to implement one in 2018-2019 (see graphic). Another 38.5% were evaluating a DCC. In fact, many respondents established more than one direct connection, frequently to both Azure and AWS. This was in part to balance services as well as a reflection of the ongoing division between “All Microsoft” developers and “Non-Microsoft” customers. In the same study, an aggregate 35.3% of participants either had a WAN-CX implemented or were planning to implement one in 2018-2019 (see graphic). Another 42.1% were evaluating a WAN-CX.
Images courtesy of Nemertes Research
With as many enterprises shopping these services as they are implementing them, the uptake is certain to rise. Gartner and other analyst firms agree, anticipating the adoption of direct connections will increase over the next few years. These data points serve as a call to action for IT leaders to understand how direct connections function, so they can lead their organizations in creating a cloud-based IT strategy that ensures the lowest cost alongside the best performance.
How can you partition networks to avoid complexity? Here’s how Masergy advises IT leaders when it comes to segmenting networks for security purposes.
Here we explore the SASE plans companies are making and the difficult questions they address along the way.
CASB is essential in a world where the cloud and remote work dominate. Here we examine use cases for it and how it fits into the SASE model.