Public cloud services require network access, and that is usually accomplished through the public Internet. Internet...
access is easy and inexpensive, but it's not always the most reliable, efficient or secure pathway to move data between data centers and cloud providers. To address these concerns, some public cloud providers offer direct connections based on private networks. These direct connections can increase cloud reliability -- at an added cost.
Here's a look at the pros and cons of direct connections to the public cloud, and their implications for enterprise users.
What are direct connections and how do they affect cloud reliability?
Just like any real-life road system, the public Internet has its fair share of detours, traffic jams and potholes. It's composed of countless providers and numerous backbones. Service outages and traffic contention can cause bandwidth fluctuations, add significant latency to network traffic and stop connectivity. At the same time, each part of the public network poses a potential security vulnerability that could expose business data.
A direct connection -- which replaces the public Internet connection between a user and cloud provider with a dedicated, private network -- is one answer to these challenges. Typically, a telecommunications provider offers the direct connection, but cloud providers must support the connection scheme at one or more of their data centers.
Direct connections offer several benefits. They are dedicated to one organization, so the network bandwidth and latency remain stable, increasing cloud reliability. In addition, the connection is more secure, because no other users pass traffic across that connection. The premium nature of a direct connection usually means that providers also address and resolve connectivity problems faster.
Which providers offer direct connections to the cloud?
Many major public cloud providers offer direct connections. For example, Amazon Web Services (AWS) offers Direct Connect, Microsoft Azure offers ExpressRoute and VMware provides vCloud Air Direct Connect.
Cloud providers often add or change services, so it's important to investigate your provider's offerings to determine the availability, characteristics, costs and limitations of any direct connection service. For example, VMware's vCloud Air Direct Connect for Network Exchange is currently only available at VMware's Texas facility -- though domestic U.S. vCloud Air services are currently offered from seven other U.S. locations. So, if a user is currently connected to vCloud Air's facility in Northern California, New Jersey, Virginia or other location, the Direct Connect for Network Exchange service would not be available. However, VMware noted that new locations and service providers will be added over time.
What costs and limitations are involved with direct connections?
Direct connections might increase public cloud reliability, but that benefit comes at a cost. The public cloud provider typically charges an hourly rate per-port, as well as for data transfers across the direct connection ports. For example, AWS currently lists $0.30 per hour for a 1 Gbps port, along with outbound data transfer charges ranging anywhere from $0.020 to $0.110 per gigabyte, depending on the location of the cloud facility. Pricing can change, so check your provider's port and data transfer pricing regularly.
Organizations can incur additional costs from the connectivity or network service provider, such as AT&T, Comcast, British Telecom and others. Connectivity costs vary widely depending on the provider and service area, and taxes and fees may increase the recurring monthly costs. It's important to negotiate cost-effective connectivity, but long-term agreements may be at odds with the scalable, flexible nature of cloud services. Understand what's involved with adding, changing or cancelling services later on.
An increasingly popular variation of direct connections is the cross-connect service. Cross-connect services are mainly intended to establish direct connections between a customer's data center and the customer's cage(s) in an outsourcing provider's facility. This effectively extends the customer's data center to the outsourcing provider with a high-bandwidth, low-latency and secure connection.
Public cloud providers with direct connection services may impose limitations on service features such as the number of virtual interfaces per connection, the number of active connections per region or per account and the number of routes per session. Most public cloud users won't exceed such limits, but understand any service limits and negotiate increases if necessary.
Also, evaluate the need for redundancy. A direct connection is not redundant by itself -- you'll need to establish a second connection at the same cloud provider's location. Providers like AWS will typically provision a second direct connection on a redundant router, and traffic should automatically fail over to a second link. Alternately, services like AWS can support a backup IPsec virtual private network (VPN) connection; virtual private cloud traffic fails over to a VPN, and traffic from public services, such as Amazon EC2, fail over to the Internet. Without some form of failover in place, traffic can be dropped if a single direct connection fails.
Avoid network latency in hybrid cloud
More providers offer dedicated network access
Prevent network issues with AWS