This topic describes how to connect an on-premises data center to a Virtual Private Cloud (VPC) network to build a hybrid cloud. You can connect an on-premises data center to a VPC network through VPN Gateway, leased lines of Express Connect, or Smart Access Gateway (SAG).

Overview

You can establish private connections between an on-premises data center and an Alibaba Cloud VPC network to build a hybrid cloud. Then, you can connect your on-premises IT infrastructure to Alibaba Cloud. In this way, you can manage workload spikes and improve application stability by using resources of Alibaba Cloud, such as computing, storage, network, and Content Delivery Network (CDN) resources.

You can connect an on-premises data center to a VPC network through VPN Gateway, leased lines of Express Connect, or SAG. You can also use Cloud Enterprise Network (CEN) to connect to your global network resources.

Solutions

Solution Description
VPN Gateway

You can use VPN Gateway to establish IPsec VPN connections between your on-premises data centers and VPC networks. The hot-standby architecture of VPN Gateway ensures automatic failovers within a few seconds.

VPN connections are established over the Internet. The latency and availability of your VPN connections depend on the quality of the Internet. If you do not require low network latency, we recommend that you use VPN Gateway.

For more information, see Establish a connection between a VPC and an on-premises data center.

Leased lines

You can use a leased line provided by an Internet Service Provider (ISP) to establish a physical connection between your on-premises data center and an Alibaba Cloud access point. Express Connect allows you to connect to Alibaba Cloud by applying for an exclusive physical connection in the Express Connect console.

Physical connections offer high network quality and large bandwidth. We recommend that you choose physical connections if your priority is high network quality.

For more information, see Create a dedicated physical connection.

Redundant physical connections

You can use redundant physical connections to connect your on-premises data center to a VPC network. Redundant physical connections provide high-quality and high-reliability internal communication between on-premises data centers and Alibaba Cloud VPC networks. You can use up to four physical connections to achieve equal-cost multi-path routing (ECMP).

For more information, see Create active/standby physical connections.

Smart Access Gateway

Smart Access Gateway is an all-in-one solution for connecting your workloads to Alibaba Cloud. Smart Access Gateway allows enterprises to connect to the nearest access points of VPC networks through encrypted connections over the Internet. It provides more intelligent, reliable, and secure connections to the cloud.

SAG is easy to use and cost-effective. We recommend that you use Smart Access Gateway if you need to connect multiple local branch sites to Alibaba Cloud.

For more information, see Deploy an SAG device in inline mode.

Active/standby connections over Border Gateway Protocol (BGP)

You can use a leased line and a Cloud Enterprise Network (CEN) instance to connect an on-premises data center to VPC networks in different regions.

For more information, see Connect an on-premises data center to Alibaba Cloud by using BGP active/standby links.

Leased line + Smart Access Gateway

After you connect your on-premises data center to Alibaba Cloud, you can use Smart Access Gateway to establish a standby connection. This ensures the high availability of your hybrid cloud.

For more information, see Use SAG to set up standby network connections (leased line connected to a local Internet-facing device).