Connecting Users to Cloud Applications

Posted by Brian Bradley on Aug 13, 2020 10:00:00 AM

While washing our hands at a sink, do we think about the source of that water… or do we just expect it to be there when we turn it on? Do we set hot, warm, or cold temperatures according to our unique comfort levels?

We have come to expect to consume unique user content on our cloud-hosted applications just like we use this public utility. Most users often don't care about where the content is sourced from and expect it to be available on-demand. Users also expect the content to be delivered rapidly and reliably.

Let's take a look at how this works across the utility of the network.

The source of our cloud application is hosted and stored in a public, private, or hybrid cloud. Many times, applications are no longer hosted in our traditional corporate co-location or data center. Instead, they are located in someone else’s data center! We have two distinct paths interconnecting to them: public Internet and private networks.

Corporations can consume cloud applications privately by peering via BGP to our corporate networks using IPSec VPN, SD-WAN, carrier hosted MPLS, and even physical interconnections with the cloud providers switches. This allows for optimum consumption of the applications internally across the network.

At the edge of the public clouds, private IP mappings are translated into public DNS and public IP addresses for reachability via the internet. Native cloud traffic inspection services, web application firewalls (WAF), and virtual cloud hosted firewalls from vendors like Cisco, Palo Alto, and Fortinet can be combined to protect and inspect this data for malicious patterns at the public cloud network edge. The application content is then load balanced to the servers or services hosting the content using cloud-native or third-party virtual appliances and then the network path is reversed to reach back to the user.

Public cloud native accelerator services such as AWS Global Accelerator or Azure Frontdoor are available to advertise Public DNS/IP mappings. There are also third-party DNS services like NS1 and Infoblox that can work both inside and outside of your network for DNS management and application acceleration. These services can use application health, admin-defined parameters, and geolocation-based information from the users’ Public IP to ingress at the cloud provider’s nearest region of your choice. Users will then ride the cloud providers less-congested and more-direct backbone to your application instead of traversing the public internet.

Cloud applications can also simultaneously connect to both the internet and corporate locations by segmenting the cloud edge into separate virtual private cloud/virtual networks (VPC/vNet), with one each for internet and corporate interconnectivity. This also allows for different access controls to be placed on cloud-hosted applications, depending on the source of the traffic. The convergence of these two distinct network edges takes place using an AWS Transit Gateway, Azure vHub, or a cloud service router (CSR) in a dedicated VPC/vNet within the public cloud that allows connection to the VPC/vNet where the application is hosted. Traffic steering via DNS can then be used to take the optimal path from your network based on cost or many other business- and technical-defined parameters.

The network path and DNS services options that we use to connect to the cloud are numerous and ever-evolving. As we progress on our cloud networking journeys, it’s important to build in secure network architectures. Getting cloud applications to feel like a utility that just works for our end users takes some advisement from those with experience, as well as rethinking and retooling of our networks.



[WHITE PAPER]
WI-FI 6: IS YOUR NETWORK READY?

Wi-Fi 6 White Paper

Every four to six years, a new type of wireless LAN technology comes out with much fanfare. Case in point: when Wi-Fi 6 came out, it was hailed as the greatest thing ever. Since every generation of wireless makes a similar claim, it can be difficult to know what truly is a significant upgrade and what is "just a little bit faster."

This white paper by Jason Boyers, Technical Solutions Engineer, ConvergeOne, provides an overview to help you to better understand Wi-Fi 6, the benefits that it offers, and whether it makes sense to migrate to it sooner than later.

DOWNLOAD THE WHITE PAPER

Topics: Cloud, Enterprise Networking