Community Blog Cloud Enterprise Network (CEN): A Secure, Global Private Network

Cloud Enterprise Network (CEN): A Secure, Global Private Network

Cloud Enterprise Network (CEN) serves as a secure, global private network that provides high performance and low latency within Alibaba Cloud.

Best Practices for Building Secure Global Networks (Internal and External)

Cloud Enterprise Network (CEN) is a stable, global private network that connects Alibaba Cloud network products in different regions.

Global Connection and Comprehensive Protection

One of the major challenges to cybersecurity comes from access between networks in different regions. When connecting Alibaba Cloud network products in different regions, Cloud Enterprise Network (CEN) serves as a secure, global private network that provides high performance and low latency within Alibaba Cloud. By using CEN, you can establish private network connections between Virtual Private Cloud (VPC) networks in different regions, or between VPC networks and on-premises data centers. CEN supports automatic route distribution and learning, which speeds up network convergence, improves the quality and security of cross-network communications, and interconnects all network resources. With these benefits, CEN can help you build an extended enterprise-level network with cross-network communication capabilities. As the basic component for enterprise connectivity, CEN provides outstanding security. By using typical access control policies combined with cloud services such as Cloud Firewall and PrivateZone, CEN provides enterprises with comprehensive security protection.

Private Network Isolation

As a cloud network, CEN first builds channels for private network intercommunication. Cloud enterprise networks built through CEN are fully private networks that do not need to expose public network entries. This significantly reduces their vulnerability to attacks from public networks, greatly decreasing security risks. You can define strict access control policies and customize rules to permit or deny specific traffic flows. Then, you can apply these access control policies to instances to achieve trusted communication. By implementing routing policies, you can filter route information and modify route attributes. This allows you to define cloud network intercommunication capabilities and configure a wide range of route control capabilities.

Encrypted Transmission

CEN access links support encrypted transmission to minimize the risks posed by intermediate links. The cloud network uses Smart Access Gateway (SAG) and establishes private encrypted channels between Alibaba Cloud access points. By rigorously preventing replay attacks and periodically updating keys, this ensures that user traffic is not tampered with or listened to on public network transmission paths. Cloud Firewall allows you to implement access control, traffic analysis, and post-event auditing in scenarios that require intercommunication over public networks and cross-VPC access.

Prevention of DNS Hijacking and Domain Name Pollution

PrivateZone is a private DNS resolution and management service based on Alibaba Cloud VPC environments. By accessing PrivateZone through CEN, you can prevent your business DNS from being exposed to a public network. This helps prevent DNS hijacking and domain name pollution.

Prevention of DNS Hijacking

Create a Multi-CIDR Block VPN with IKEv1 in a Multi-Network CEN in Alibaba Cloud

Alibaba Cloud provides VPN Gateway as a service which can be used to connect your on-premise data centre. Office or personal device to connect to Alibaba Cloud VPC. To connect a data centre/office network to Alibaba Cloud VPC, you can use IKEv1 or IKEv2 protocols and configure an IPSec connection. However, IKEv1 protocol by default does not support multiple CIDR block selection. The IKEv1 protocol only support a single CIDR block as local traffic selector and a single CIDR block for remote traffic selector. This is a limitation of the protocol itself.

In Alibaba Cloud, we provide the recommendation to use IKEv2 protocol for a better support of multi-CIDR block scenario. However, there are many clients(enterprises) who already use IKEv1 for their VPN requirement and are not in a position to change to IKEv2 protocol when they want to connect different networks in different geographies using Alibaba Cloud CEN and last mile connectivity with VPN.

This document will provide a solution to multi-CIDR block issue faced by many clients in setting up a multi-CIDR-block VPN using the IKEv1 Protocol as part of the CEN. This can help connect different sites using IKEv1 IPSec VPN gateway and use within a single CEN instance.

Related Products

Cloud Enterprise Network

A global network for rapidly building a distributed business system and hybrid cloud to help users create a network with enterprise level-scalability and the communication capabilities of a cloud network

Cloud Enterprise Network provides a hybrid and distributed global network ideal for enterprise users with high demand on network coverage. With its stable transmission and next-generation network environment, the network provides high transmission speed and low latency for end-users.

Cloud Enterprise Network can be used to facilitate communication between VPC to VPC and VPC to IDC. Routing information in CEN can be learned and distributed automatically, which allows CEN to achieve fast routing convergence and improved network quality and security.

Virtual Private Cloud

VPC helps you build an isolated network environment based on Alibaba Cloud including customizing the IP address range, network segment, route table, and gateway. In addition, you can connect VPC and a traditional IDC through a leased line, VPN, or GRE to provide hybrid cloud services.

Related Documentation

Benefits of Cloud Enterprise Network

This topic describes the benefits of Cloud Enterprise Network (CEN).

  1. Worldwide connection
  2. Low latency and high speed
  3. Nearest access and shortest path
  4. Connection resilience and disaster recovery
  5. Systematic management

Scenarios of Cloud Enterprise Network

This topic describes the usage scenarios of Cloud Enterprise Network (CEN). You can use CEN to connect network resources across the globe.

  1. Network interconnection in the same region
  2. Network interconnection in different regions
0 0 0
Share on

Alibaba Clouder

2,605 posts | 744 followers

You may also like