Cloud and Your Network: Prepare for Bandwidth Use, DDoS, and More
Your business probably has faster internet than your home. If you’re with an enterprise, you almost certainly have some quality broadband. Plugging into the cloud can be a relatively painless process, albeit one that requires careful planning, but without considering your network design and connection speeds, even a simple cloud migration can become time-consuming, expensive, and difficult to manage.
Connecting to the CSP
Each cloud service provider offers a different stable of network providers. Depending on the ISP in your offices or on-premise data center, that means your connection to the CSP could hop several times between backbones before reaching the cloud infrastructure, increasing latency.
When researching your cloud provider, ask about their network providers. Some data centers are located in carrier hotels or larger facilities that house internet peering exchanges, which can help facilitate more direct connections even if your provider of choice is not offered from the CSP itself.
In addition to the choice of ISP and blend of network connectivity, consider your own network infrastructure and how much data you might be moving between your premise and the CSP. A WAN optimizer or accelerator can reduce the amount of network traffic and maximize your bandwidth. Many CSPs don’t allow custom hardware, but smaller providers like Green House Data can help configure hardware as a combined colocation and cloud solution to deliver better network performance.
WAN accelerators in particular are becoming popular alongside the cloud, as they prioritize and secure network traffic while leveraging your entire network, including edge locations or branches.
Once data has reached your users from the CSP, you need to minimize latency within your network design as well. Now is a good time to reexamine your network topology to see if you can eliminate bottlenecks like superfluous switches or firewalls. Another commonly recommended network tweak is the addition of an MPLS connection between your premise and the CSP.
Check the network traffic logs for each application as well to see which ones are slurping up your bandwidth. Some of these might be replaceable with cloud native applications that can improve performance.
For basic applications, that generally means a download speed of up to 1,900 kbps, an upload speed of up to 600 kbps, and latencies up to and above 160 ms. For intermediate and advanced applications, like video, VoIP, and virtual desktop, you’ll need cloer to 2,500 kbps and above for download speeds, 1,000 kbps and above for upload, and latencies of 50 – 125 ms.
Maintaining a Secure Connection
Security remains one of the top obstacles for teams interested in migrating to the cloud. There are a few hardware or software solutions to the problem of securing the network links to the CSP, like using a VPN or even setting up a direct link, but they can be expensive, or in the case of VPN, impact performance.
A regular, unsecured network connection is an acceptable method to access cloud services, but you should ensure the CSP has stringent security measures in place, including IPS/IDS, 24/7 monitoring, and DDoS mitigation and prevention. If necessary, ask if they can or do implement encryption in transit and at rest.
Request evidence of security audits and penetration tests, and make sure that you are allowed to conduct cloud penetration tests of your own. You also need to be certain your data and applications can be isolated from other tenants in a multi-tenant cloud environment.
Identity and access control are vital factors. If you have a platform to manage user identity and sign on, see if your provider can integrate it to maximize security with everything managed in a single place – and make things easier on your users at the same time.
This overview neglects many of the technical details involved in the network preparation process. A service-focused CSP can help you figure out your current network’s readiness and limitations, and design a secure, high-performance connection to your new cloud services.