“Can I ask a stupid question?” Do you know how many times I have heard that in my over 30 years in the business? Ninety-Nine out of One Hundred times, the question is anything but stupid. Most recently this tends to come up in a follow-on call with a potential customer either hours or days after we have had our primary discussion on cloud migrations.
Once we have gotten through the discussion and analysis of:
- How much infrastructure am I currently using (compute, storage, network)?
- What apps am I running?
- What are the dependencies between those apps
- What is Cloud Ready?
- Can I just lift and shift?
- What would the TCO look like on multiple cloud vendors?
The question will come up: “This may be a stupid question, but how do I connect to the cloud?” The question is anything but stupid and is often a critical component of the overall cost that needs to be taken into account. While we are all used to working from home and connecting over the public internet to get to our O365 data and SaaS applications, connecting from an enterprise is a very different animal. One of our Cloud Architect’s, Larry Green, lays out the options this way:
- Azure ExpressRoute or AWS Direct Connect – This is a private connection between Cloud datacenters and on premise infrastructure. No public internet = more reliability, faster speeds and lower latencies.
Both metered and unlimited connections are available where you are allotted a certain number of GB per month and pay more per GB if you exceed the allocation, similar to a mobile phone plan. These services can be purchased from a traditional circuit provider such as AT&T or Verizon, many of the large Data Center providers, and even some specialty companies which may bundle in encryption and other services.
- Site to Site VPN (or VPN Gateway) – This solution typically uses a Firewall on premise and connects to a VPN appliance in the cloud. We use this method at Astadia. For this solution you use your current ISP and share the bandwidth between your internet traffic and your cloud traffic.
- Point to Site VPN - A point to site VPN is established from a single computer to the VPN in the cloud. This is a good option if you are only connecting to a small workload in the cloud from a single computer.
- Public Internet - Of course the public internet is still a viable option for connecting to workloads and services using RDP/SSH/HTTPS/HTTP access.
Each of these options have their pros and cons. Astadia will work with you to determine the best case for your particular environment. Sometimes it is as simple as taking advantage of existing contract obligations with a service provider. Other times, there is clearly a correct way to go based on technical benefits.
The takeaway here is that it is very important to take into account the network charges that a cloud provider will get you for. While most inbound traffic to AWS and Azure are included, charges for outbound traffic can add up very quickly and need to be taken into account!
Don’t be afraid to ask that question. It is definitely NOT a stupid one!!