This topic describes how to build a hybrid cloud by connecting a data center to a virtual private cloud (VPC). You can connect a data center to a VPC through a VPN gateway, an Express Connect circuit, or Smart Access Gateway (SAG).

Overview

You can establish private connections between a data center and an Alibaba Cloud VPC to build a hybrid cloud. You can connect your on-premises IT infrastructure to Alibaba Cloud. This way, you can manage workload spikes and improve application stability by using cloud resources of Alibaba Cloud, such as compute, storage, network, and Content Delivery Network (CDN) resources.

You can connect a data center to a VPC through a VPN gateway, an Express Connect circuit, or SAG. You can also use Cloud Enterprise Network (CEN) to connect networks around the world.

Solutions

Solution Description
VPN gateways

You can use VPN gateways to establish IPsec-VPN connections between your data centers and VPCs. By default, VPN gateways support the active-active mode where two VPN gateways are used. In this mode, the system automatically performs a failover when one VPN gateway is not working as expected.

IPsec-VPN connections are established over the Internet. Therefore, the network latency and availability are based on the Internet. If you do not require low network latency, we recommend that you use VPN gateways.

For more information, see Connect on-premises data centers to VPC networks.

Express Connect circuits

You can use an Express Connect circuit provided by an Internet service provider (ISP) to connect your data center to an Alibaba Cloud access point. You can also apply for dedicated Express Connect circuits.

Connections over Express Connect circuits provide low network latency and high bandwidth. We recommend that you use Express Connect circuits if you require low network latency.

For more information, see Create a dedicated connection over an Express Connect circuit.

SAG

SAG is a one-stop solution for connecting private networks to Alibaba Cloud. You can use SAG to connect private networks to Alibaba Cloud over the Internet. The connections established by SAG are secure and reliable.

SAG is easy to use and cost-effective. To connect multiple on-premises branch sites to Alibaba Cloud, we recommend that you use SAG.

For more information, see Deploy an SAG device in inline mode.

Standby Express Connect circuits

You can establish high-quality and reliable connection between your data center and Alibaba Cloud by using standby Express Connect circuits. You can use up to four Express Connect circuits to achieve equal-cost multi-path routing (ECMP).

For more information, see Create redundant connections with load-balancing routing.

Active/standby connection

You can use an Express Connect circuit and a Cloud Enterprise Network (CEN) instance to connect a data center to VPCs in different regions.

For more information, see Create active/standby physical connections.

Express Connect circuits and standby connections
  • After you connect your data center to Alibaba Cloud over an Express Connect circuit, you can use SAG to establish a standby connection. This ensures the high availability of your hybrid cloud.

    For more information, see Use SAG to set up standby network connections (leased line connected to Layer 3 switch).

  • After you connect your data center to Alibaba Cloud over an Express Connect circuit, you can use a VPN gateway to establish a standby IPsec-VPN connection. This ensures the high availability of your hybrid cloud.