This topic describes how to connect an on-premises data center to a virtual private cloud (VPC) network to build a hybrid cloud. You can connect an on-premises data center to a VPC network through VPN Gateway, leased lines of Express Connect, or Smart Access Gateway (SAG).
You can establish private connections between an on-premises data center and an Alibaba Cloud VPC network to build a hybrid cloud. You can connect your on-premises IT infrastructure to Alibaba Cloud. In this way, you can manage workload spikes and improve application stability by using cloud resources of Alibaba Cloud, such as computing, storage, network, and Content Delivery Network (CDN) resources.
You can connect an on-premises data center to a VPC network through VPN Gateway, leased lines of Express Connect, or SAG. You can also use Cloud Enterprise Network (CEN) to connect to your global network resources.
You can use VPN Gateway to establish IPsec VPN connections between your on-premises data centers and VPC networks. The hot-standby architecture of VPN Gateway ensures automatic failovers in seconds.
VPN connections are established over the Internet. The latency and availability of your VPN connections depend on the quality of the Internet. If you do not require low network latency, we recommend that you use VPN Gateway.
For more information, see Connect on-premises data centers to VPC networks.
You can use a leased line provided by an Internet Service Provider (ISP) to establish a physical connection between your data center and an Alibaba Cloud access point. Express Connect allows you to connect to Alibaba Cloud by applying for an exclusive physical connection in the Express Connect console.
Physical connections offer high network quality and large bandwidth. If you require high network quality, we recommend that you choose physical connections.
For more information, see Create a dedicated connection over an Express Connect circuit.
|Redundant physical connections||
You can use redundant physical connections to connect your on-premises data center to a VPC network. Redundant physical connections provide high-quality and high-reliability internal communication between on-premises data centers and Alibaba Cloud VPC networks. You can use up to four physical connections to achieve equal-cost multi-path routing (ECMP).
For more information, see Create active/standby physical connections.
|Smart Access Gateway||
Smart Access Gateway provides an end-to-end cloud deployment solution. SAG allows enterprises to connect to the nearest access points of VPC networks through encrypted connections over the Internet. SAG provides more intelligent, reliable, and secure connections to the cloud.
SAG is easy to use and cost-effective. To connect multiple local branch sites to Alibaba Cloud, we recommend that you use SAG.
For more information, see Deploy an SAG device in inline mode.
|Active/standby connections over Border Gateway Protocol (BGP)||
You can use a leased line and a Cloud Enterprise Network (CEN) instance to connect an on-premises data center to VPC networks in different regions.
For more information, see Connect an on-premises data center to Alibaba Cloud by using BGP active/standby links.
|Leased line + Smart Access Gateway||
After you connect your on-premises data center to Alibaba Cloud, you can use SAG to establish a standby connection. This ensures the high availability of your hybrid cloud.
For more information, see Use SAG to set up standby network connections (leased line connected to Layer 3 switch).