Network Interconnection - Different Methods to Connect to Alibaba Cloud in a Corporate Environment

By Vincent Siu, Alibaba Cloud Certified Expert - Cloud Computing

Introduction

I have a number of years of helping clients connect to the cloud or migrate resources to the cloud. Regardless of the scale of the projects, there is a moment when I must consider how to implement the connection most effectively. Since I am talking about a corporate environment, I don’t count the remote desktop or VPN software on a desktop computer as a solution.

My Solutions and Experiences

I show my solutions below. I explain the difficulty from my experience and gut feeling. I believe you would agree that every project is different.

Method Name	Provider	Major Protocol or Technology	Best Scenario	Cost (from 1 to 3)	Difficulty (from 1 to 3)
Site to Site IPSec VPN	Self (by customer premises equipment)	IPSec VPN	Connection between IDC and VPC; bandwidth is limited	1	2
Smart Access Gateway	Alibaba Cloud	SD-WAN	Flexible, but incline to end users	2	1
Express Connect	Local ISP	BGP	Connection between IDC and VPC; guaranteed bandwidth	2	3
Cloud Enterprise Network (CEN)	Alibaba Cloud	Multi	Connection among VPC within Alibaba Cloud	3	3

Discussing the Details

The first method is a Site to Site IPSec VPN. This is a universal connection method for all cloud platforms. As long as you have an NGFW, such as FortiGate 80F (here, we call it customer premises equipment or CPE), you can build an IPSec VPN tunnel by yourself. Generally speaking, each cloud provider and the CPE manufacturer would have detailed instructions. In my experience, this is the most cost-effective method to connect your site or Internet Data Center (IDC) because you already have the CPE. This link shows the step-by-step for reference.

The next method is Alibaba Cloud Smart Access Gateway (SAG). In my opinion, it is a no-brainer if you are a fan of Alibaba Cloud. You can connect private networks to Alibaba Cloud through SAG in a secure, intelligent, and reliable way. There are three service types: SAG CPE, SAG vCPE, and SAG app.

SAG CPE is a hardware solution. It is very similar to the first solution, tailor-made for Alibaba Cloud. There are two models: SAG-100WM and SAG-1000. The only difference is the capability. SAG-100WM is suitable for small branch offices and stores, and SAG-1000 is suitable for data centers and large branch offices.

SAG vCPE is a software solution. Since it is an image, you can deploy it on data center servers, Edge Node Service (ENS) instances, Alibaba Cloud instances, and other cloud vendors’ instances. After you deploy the image on your host, the host serves as a virtual CPE device. Please refer to this link for details.

The SAG app is ideal for connecting terminals to Alibaba Cloud. You can install it on terminals (such as computers and mobile devices). The SAG app supports the following operating systems: Windows (Windows 7 SP1 and later), macOS (10.11.1 and later), Android (5.0 to 10.0), and iOS (12.0 and later). I don’t count it as a major method because it inclines to end users. However, as a sub-category under SAG, it is a nice feature offered by Alibaba Cloud.

Express Connect is the third method I recommend to clients who need guaranteed bandwidth and a stable connection because it is a dedicated leased line, usually in the form of an Ethernet cable with an RJ45 connector provided by your ISP. You have your own say in terms of bandwidth. You can choose the ISP that you trust the most. This is the most reliable and flexible method because you have control. You need a strong networking background when you configure the BGP and firewall rules with different subnets on your firewall. In my experience, your ISP may not fully understand your network topology. Please refer to this link for details.

Cloud Enterprise Network (CEN) is the fourth method. It allows you to connect VPCs in different regions to each other. You can attach VPCs to CEN as needed to enable inter-region communication to build a full-mesh network on top of the Alibaba Cloud global transmission network. As a result, it is the best solution for corporate customers who need to share resources among different regions within Alibaba Cloud. Please refer to this link for details.

Conclusion

When discussing cloud deployment, there is always time to mention Network Interconnection. Different methods may apply based on the cost, scale, and resources. Hopefully, the table above can help you to choose the right tool.

I am thinking about writing a series about Building a Home Hybrid Cloud on a Budget. I believe cloud computing is the future, but for now, we still have most stuff locally on-premises. This will be an experimental journey to discover how to connect on-premises machines to Alibaba Cloud (via a private tunnel) on a budget. My objective is to finish it within a short time frame while making it affordable to an ordinary person. I believe this would be an alternative method when we need to interconnect to cloud platforms.