This blog is in partnership with Azure experts at our sister company ClearCloud.
UKFast clients often ask us how they can make use of more than one cloud solution. Whether it’s merging aspects of eCloud with their on-premise environment, or utilising both our eCloud® range and the tools offered by AWS and Azure.
Whatever the scenario, it requires secure communication between the two environments. So, how do you achieve this?
There are several ways to configure a secure connection between cloud providers. Here are the three most common.
A site-to-site (S2S) VPN is one of the most common ways to connect your cloud environments. S2S VPNs are used when you have multiple systems at each location that need to communicate with each other. This type of VPN works by adding routes and ACLs to the firewall/VPN gateway device, which control the traffic flow between sites.
For example, to connect to Azure from your on-premise solution, an Azure VPN Gateway on the ‘Basic’ tier allows you to have up to 10 S2S connections. However, it is not zone redundant. A zone redundant S2S Gateway (VpnGw1AZ) will cost you more but gives up to 30 S2S connections and up to 650Mbps. This is typically the preferred option.
Why? Well, a zone-redundant S2S VPN can sustain the loss of an entire data centre without you losing your connection. Plus, as the configuration for S2S VPNs is on a gateway device, they’re pretty reliable and aren’t affected by any machine reboots.
ExpressRoute from Microsoft Azure is aimed at large enterprises (think an MPLS connection between multiple sites). It allows you to extend your on-premise network into another cloud via a private connection, facilitated by a connectivity provider.
You can get far more bandwidth with ExpressRoute than any other connection between sites (up to 10Gbps). But you do pay for that link and for the peered connection too.
It is worth noting that the ExpressRoute comes with an express price tag. So, if you’ve not got the cash to invest then this one probably isn’t going to be for you. However, if you have multiple sites, and the size of your wallet matches the size of the data link you require, then this is definitely something to consider.
A local data gateway is a tool offered by Azure for communication from on-premise to Azure. It’s used for connectivity to databases or platform as a service (PaaS) offerings on Azure.
To set up, just download the client and install it onto an on-premise server. This then allows you to securely connect to resources over HTTPS. For example, you may have a database on an on-premise server and want to allow Azure Logic Apps or Analysis Services to connect to that database.
Although this is limited in which resources it can be used for, it is a pretty nifty tool – mainly because you don’t need to open any inbound ports on your on-premise firewall. Just a couple of outbound ports will need to be opened (data connection is over port 443, which is likely already open on your firewall if you’re able to browse the internet).
Let’s just run through which options would apply to which scenario.
S2S VPN: If you want to connect a bunch of servers from one site to a bunch of servers at another site then S2S is the way to go.
ExpressRoute: To connect multiple sites and obtain a large dedicated connection then take a look at ExpressRoute.
Local data gateway: If you just want to use tools in Azure like Logic Apps or Analysis Services to connect to an on-premise database, then a local data gateway is the tool you want.
There are so many use cases for having a multi-cloud environment like the above and so it’s a good idea to familiarise yourself with the different ways you can connect between them.
What’s your multi-cloud strategy? Whether you’re merging on-premise with a hosted solution, eCloud with Azure or AWS, UKFast is here to make multi-cloud a breeze.