1
00:00:00,000 --> 00:00:01,620
Connectivity options.

2
00:00:01,620 --> 00:00:03,060
In this lesson, we're going to talk

3
00:00:03,060 --> 00:00:04,740
about the different connectivity options

4
00:00:04,740 --> 00:00:05,790
that are available when connecting

5
00:00:05,790 --> 00:00:08,550
to cloud-based solutions, including virtual private networks

6
00:00:08,550 --> 00:00:10,830
or VPNs, and a private-direct connection

7
00:00:10,830 --> 00:00:12,240
to your cloud provider.

8
00:00:12,240 --> 00:00:14,520
Now, as we go through these options, I want to point out

9
00:00:14,520 --> 00:00:16,860
that we're not talking about your ability to use software

10
00:00:16,860 --> 00:00:18,780
as a service as part of a cloud technology

11
00:00:18,780 --> 00:00:20,460
in this lesson necessarily.

12
00:00:20,460 --> 00:00:21,960
Instead, we're more focused

13
00:00:21,960 --> 00:00:23,520
on connecting our enterprise networks

14
00:00:23,520 --> 00:00:26,730
to our public cloud service providers, known as CSPs.

15
00:00:26,730 --> 00:00:29,310
Now, for example, let's pretend your organization decide

16
00:00:29,310 --> 00:00:32,130
to offload all of its on-premise servers over to the cloud,

17
00:00:32,130 --> 00:00:34,560
including your intranet servers, like your file servers,

18
00:00:34,560 --> 00:00:37,110
your proxy servers, your mail servers, and others.

19
00:00:37,110 --> 00:00:38,790
Well, how are your network clients going

20
00:00:38,790 --> 00:00:40,500
to access those resources?

21
00:00:40,500 --> 00:00:42,300
We need to ensure that when Susan in accounting

22
00:00:42,300 --> 00:00:44,850
or Bob in Human Resources logs onto the network,

23
00:00:44,850 --> 00:00:46,680
they can actually reach that domain controller

24
00:00:46,680 --> 00:00:48,960
and be authenticated, and then access the shared drive

25
00:00:48,960 --> 00:00:50,760
just like they could when the server was down the hall

26
00:00:50,760 --> 00:00:51,750
in our data center,

27
00:00:51,750 --> 00:00:53,970
even though the server may now be across the country

28
00:00:53,970 --> 00:00:55,080
sitting in one of Amazon's

29
00:00:55,080 --> 00:00:56,940
or Microsoft's data centers.

30
00:00:56,940 --> 00:00:59,400
So we need to talk about connectivity options.

31
00:00:59,400 --> 00:01:01,680
The first type of connectivity we need to cover is known

32
00:01:01,680 --> 00:01:04,349
as a virtual private network or VPN.

33
00:01:04,349 --> 00:01:06,390
By using a virtual private network solution,

34
00:01:06,390 --> 00:01:08,100
you can establish a secure connection

35
00:01:08,100 --> 00:01:10,680
between your on-premise network, your remote offices,

36
00:01:10,680 --> 00:01:11,580
your client devices,

37
00:01:11,580 --> 00:01:13,740
and the cloud provider's global network.

38
00:01:13,740 --> 00:01:15,480
This type of connection will usually be created

39
00:01:15,480 --> 00:01:18,000
as a site-to-site VPN between your edge router

40
00:01:18,000 --> 00:01:19,890
and the cloud service provider's network.

41
00:01:19,890 --> 00:01:21,840
When using a VPN solution like this,

42
00:01:21,840 --> 00:01:24,930
usually you're going to rely on a traditional IPSec VPN

43
00:01:24,930 --> 00:01:26,280
to create an encrypted connection

44
00:01:26,280 --> 00:01:27,387
between your cloud provider's network

45
00:01:27,387 --> 00:01:29,310
and your own enterprise network,

46
00:01:29,310 --> 00:01:30,720
all over the public internet

47
00:01:30,720 --> 00:01:32,880
using this encrypted VPN tunnel.

48
00:01:32,880 --> 00:01:34,290
This allows you to extend your network

49
00:01:34,290 --> 00:01:36,030
using a highly available, managed

50
00:01:36,030 --> 00:01:38,070
and elastic cloud VPN solution

51
00:01:38,070 --> 00:01:39,720
to protect your network traffic instead

52
00:01:39,720 --> 00:01:41,820
of laying it to traverse the internet directly.

53
00:01:41,820 --> 00:01:43,920
While a VPN works well in most cases,

54
00:01:43,920 --> 00:01:45,660
if you're running a large enterprise network

55
00:01:45,660 --> 00:01:47,490
and you need higher speeds and redundancy,

56
00:01:47,490 --> 00:01:50,070
you may instead choose to use a private-direct connection

57
00:01:50,070 --> 00:01:51,420
to your cloud provider.

58
00:01:51,420 --> 00:01:52,770
These are sold under different names

59
00:01:52,770 --> 00:01:54,660
depending on the cloud provider you're using.

60
00:01:54,660 --> 00:01:57,150
If you're with Amazon Web Services, or AWS,

61
00:01:57,150 --> 00:01:59,190
they call this a Direct Connect Gateway.

62
00:01:59,190 --> 00:02:00,420
If you're with Microsoft Azure,

63
00:02:00,420 --> 00:02:03,000
they call this an Azure Express Route.

64
00:02:03,000 --> 00:02:05,520
So what is a private-direct connection?

65
00:02:05,520 --> 00:02:06,540
Well, it's going to allow you

66
00:02:06,540 --> 00:02:08,910
to extend your preexisting on-premise data center

67
00:02:08,910 --> 00:02:11,670
or office network into the cloud provider's network,

68
00:02:11,670 --> 00:02:14,190
so you can directly connect to your virtual private cloud

69
00:02:14,190 --> 00:02:16,170
inside that cloud provider's network.

70
00:02:16,170 --> 00:02:18,090
Now, by using a private-direct connection,

71
00:02:18,090 --> 00:02:19,950
you can bypass the internet directly

72
00:02:19,950 --> 00:02:21,510
and instead establish a secure

73
00:02:21,510 --> 00:02:23,880
and dedicated connection from your infrastructure

74
00:02:23,880 --> 00:02:25,530
to the cloud provider's infrastructure

75
00:02:25,530 --> 00:02:26,940
using a dedicated leased line

76
00:02:26,940 --> 00:02:29,010
or similar type of WAN connection.

77
00:02:29,010 --> 00:02:31,290
So what's the difference between using a VPN

78
00:02:31,290 --> 00:02:33,060
and a private-direct connection?

79
00:02:33,060 --> 00:02:35,190
Well, in general, a private-direct connection

80
00:02:35,190 --> 00:02:38,280
will support faster speeds and better performance.

81
00:02:38,280 --> 00:02:41,400
For example, if you're using an AWS-managed VPN service,

82
00:02:41,400 --> 00:02:42,960
you can only achieve a maximum speed

83
00:02:42,960 --> 00:02:44,610
of four gigabytes per second

84
00:02:44,610 --> 00:02:46,320
when you're connecting your enterprise network

85
00:02:46,320 --> 00:02:47,640
to your virtual private cloud

86
00:02:47,640 --> 00:02:49,140
that's hosted by Amazon.

87
00:02:49,140 --> 00:02:49,980
Now, on the other hand,

88
00:02:49,980 --> 00:02:51,750
if you have a private-direct connection,

89
00:02:51,750 --> 00:02:53,850
which they call AWS Direct Connect,

90
00:02:53,850 --> 00:02:56,670
you can get speeds up to 40 gigabytes per second.

91
00:02:56,670 --> 00:02:58,470
Additionally, private-direct connections

92
00:02:58,470 --> 00:03:01,110
can support multiple connections into multiple VPCs

93
00:03:01,110 --> 00:03:02,910
that are hosted in the cloud,

94
00:03:02,910 --> 00:03:04,650
and this provides us with redundancy.

95
00:03:04,650 --> 00:03:06,060
Whereas with a VPN solution,

96
00:03:06,060 --> 00:03:10,260
we can only support one VPN connection to one VPC at a time.

97
00:03:10,260 --> 00:03:11,880
But with everything in the cloud,

98
00:03:11,880 --> 00:03:13,590
there's always going to be trade-offs.

99
00:03:13,590 --> 00:03:15,960
Yes, a private-direct connection has better performance

100
00:03:15,960 --> 00:03:17,220
and better redundancy,

101
00:03:17,220 --> 00:03:19,320
but it's also a more expensive connection

102
00:03:19,320 --> 00:03:20,880
than a VPN connection.

103
00:03:20,880 --> 00:03:24,240
So with AWS, for example, if you're using a VPN solution,

104
00:03:24,240 --> 00:03:27,540
this costs you about 9 cents per gigabyte of data transfer.

105
00:03:27,540 --> 00:03:30,090
But if you're using a private-direct solution, this costs

106
00:03:30,090 --> 00:03:33,060
between 20 and 30 cents per gigabyte of data transfer,

107
00:03:33,060 --> 00:03:35,550
making it two to three times more expensive.

108
00:03:35,550 --> 00:03:37,830
So when it comes to connecting your enterprise networks

109
00:03:37,830 --> 00:03:40,290
to your virtual private clouds, you're hosted by Amazon

110
00:03:40,290 --> 00:03:41,880
or your Azure virtual networks,

111
00:03:41,880 --> 00:03:43,920
remember, you can either use a VPN

112
00:03:43,920 --> 00:03:45,540
or a private-direct connection.

113
00:03:45,540 --> 00:03:47,460
It just depends on the level of performance you need

114
00:03:47,460 --> 00:03:49,943
and the amount of cost that you're willing to accept.