If you have cloud-based networks in multiple Alibaba Cloud regions, how do you allow them to communicate securely? If you have a hybrid infrastructure in which you need to link on-premises systems to servers in the cloud, how do you do it? The answer in both cases might well be Express Connect. Alibaba Cloud Express Connect is a network service which provides a fast, stable, secure and private or dedicated network communication between different cloud environments, including VPC intranet communication and dedicated leased line connections across regions and users.
At first glance, it's easy to appreciate why cloud computing could be the answer to any company's IT needs. A shiny new virtual data center with virtual servers, switches and routers, running remotely on hardware that you don't need to manage. Or fix. Or depreciate in the annual accounts. Or upgrade. Or build an air-conditioned room for. Or pay for from the CapEx budget.
Indeed, anyone who is setting up a company or new IT system from scratch might be considered eccentric if they did not strongly consider putting their IT infrastructure in the cloud.
But in the real world, things aren't always so clear-cut. "Build it in the cloud" is relatively easy to achieve. "Move it to the cloud" is more difficult. Especially if you don't want to move all of it, or not all at the same time. You subsequently arrive at what's known as a hybrid system, with parts of your IT remaining in-house and other parts of it in the cloud. Perhaps your web server and domain controllers are in the cloud but email and the file server are currently on-premises. Or the SQL Server box is on-premises but the databases themselves are not.
(While we're on the subject, let's not call it 'on-premise'. A 'premise' is a thought. It's not the same as a 'premises'. A 'premise' is not the singular form of a 'premises', just as a 'specie' is not the singular form of 'species'. Anyway, back to cloud.)
In a hybrid IT system you need a secure communication channel between the two sites. A Virtual Private Network (VPN) is often used. But if your cloud-based systems are hosted with Alibaba Cloud then you have Express Connect available to you too. It's a simple, cheap and highly secure way to link the two (or more than two) parts of your hybrid infrastructure. The VPN service is an Internet-based service while Express Connect establishes a dedicated private connection without going through the internet.
Cloud providers employ what are known as deployment regions. Alibaba Cloud, for example, currently has seven deployment regions in the north, east and south of Mainland China, as well as Singapore, Hong Kong, Sydney, Tokyo, Kuala Lumpur, Dubai, Frankfurt, Silicon Valley and Virginia. So you can host in the location that's most suitable for your business and its needs.
Many organizations host in multiple regions. It's good for resilience and also means that you can have more of a perceived physical presence in your key markets. There may be other reasons too. A U.S.-based company considering expansion into China will probably want to host its new China-facing services within the country itself, while probably leaving existing U.S.-facing systems in situ.
The starting point for any non-trivial cloud computing presence on Alibaba Cloud is a Virtual Private Cloud, or VPC. It's a virtual data center consisting of servers, switches, routers and so on, which is fully protected from every other VPC. It can contain just one server, or thousands. But while communicating between devices within a VPC is easy, communication between VPCs won't work out-of-the-box. This is by design, primarily for security. And it applies whether the two VPCs are in the same hosting region or not.
In situations where you explicitly want to communicate between regions and VPCs, Alibaba Cloud Express Connect offers a flexible, reliable and cost-effective solution.
One very common way in which companies are gradually migrating key services to the cloud is with hybrid databases. The database server and engine remain in-house, running perhaps Oracle or SQL Server or MySQL. The non-system databases themselves get moved out to the cloud. Either on standard file servers running Windows or Linux, or more dedicated facilities such as Object Storage Service or Network Attached Storage. In the case of Alibaba Cloud, these services mean that you can create large storage areas online instead of having to purchase and maintain an expensive on-premises SAN.
Again, this is an ideal scenario for Express Connect across a VPC or leased line connection to ensure that your database servers have full, fast, secure access to your cloud storage.
A typical configuration showing how the on-site Data Center connects through Express Connect with databases hosted by Alibaba Cloud and with mail and other services from a third-party provider, all connected using Express Connect
Not all company or corporate structures are straightforward, especially after a period of mergers, acquisitions or expansion. There may be two branches of the company, each with their own Alibaba Cloud account that contains one or more VPCs. Or maybe a company with its own Alibaba Cloud account and VPC wants to allow limited access to their resources by a trusted third-party such as a reseller, strategic partner or auditor. Again, Express Connect enables private network communication between VPCs in any region, avoiding unstable public networks and reducing the risk of data interception.
Obviously pricing can be an issue in data communication, so it's always important to have continual insight into what the service is costing and what it may cost in the future. In the case of Alibaba Cloud it's simple to understand and is based on a monthly subscription. As at December 2017, pricing starts at $640 per month for the lowest service level between two Chinese regions (specifically Hangzhou and Shanghai in this instance). This is for the "small.1" service level, which allows for maximum transmission of 1.25MB per second, 4.5GB per hour or 108GB per day.
There are currently eight service levels in total, with the most powerful one (known as "large.2") providing for an astonishing 256MB per second, 900GB per hour or 21.6TB per day of data transfer.
In addition, you may also need to budget for, and install, a leased line connection between your premises and Alibaba Cloud. There is at least one connection point in every Alibaba Cloud hosting region and you can either buy a line from an independent carrier of your choice or work with an Alibaba Cloud partner organization.
Using Express Connect to bridge the connection between VPCs, or between customer premises and a VPC, brings a number of benefits. Perhaps the most important is high-speed intercommunication.
Because it's part of the Alibaba Cloud infrastructure, Express Connect can bridge different network environments so both sides can communicate directly through the intranet and bypass public networks. Furthermore, Express Connect offers features typically associated with intranet communication, such as low latency and high bandwidth across long distances. So a hybrid network in which, say, your database server is in-house but the storage is in the cloud, will perform as if everything is still local.
Because everything runs on one infrastructure, this helps to ensure stability and reliability. There's a formal Service Level Agreement (SLA) for the Express Connect product, full details of which are available on the Alibaba Cloud websitewww.alibabacloud.com/product/express-connect. If uptime drops below 99.95% for any given month you'll receive 10% of your fees back as credit. Below 99% uptime, the credit figure rises to 25%.
Express Connect performs inter-network communication over the network virtualization layer, meaning all data is transmitted through Alibaba Cloud's own facilities. This removes the need for public networks and achieves multi-tenant isolation, reducing the risk of data theft during transmission.
Finally, Express Connect is not only easy to configure, it is also easy to reconfigure. This is important to consider when you are shopping around for connectivity services and providers. From the standard web-based control panel, complex physical network configurations can be undertaken with just a few clicks. Occasionally you may be required to raise a support ticket for non-standard requests, such as if there is a conflict between an Alibaba Cloud IP address and an IP address on your system.
Moving an existing data center to the cloud is (and indeed needs to be) a long process, requiring lengthy periods of planning, experimentation and pilot projects. A Big Bang approach, with the entire migration taking place at one time, is impractical in all but a handful of cases, so you need to find a way to stagger it. Perhaps to ensure that you can gradually move services across at times that suit the organization (such as during major holidays).
You may even decide that some services, for practical or legal reasons, are best left in situ and should never be migrated. Those nearing end of life, for example.
You therefore need a flexible, easily configurable and cost-effective way to ensure that your cloud-based systems can communicate with those left behind, and that's where Express Connect comes in. Just as importantly, you can also reconfigure the communications to take account of changing circumstances as your migration continues to roll forward or back.
How to defend against a database hit attack in 10 minutes or less
2,599 posts | 762 followers
FollowAlibaba Clouder - June 6, 2018
Alibaba Clouder - May 22, 2018
Alibaba Clouder - May 29, 2018
Alibaba Clouder - May 15, 2018
Alibaba Clouder - April 24, 2018
Alibaba Clouder - August 10, 2020
2,599 posts | 762 followers
FollowA dedicated network connection between different cloud environments
Learn MoreAlibaba Cloud DNS PrivateZone is a Virtual Private Cloud-based (VPC) domain name system (DNS) service for Alibaba Cloud users.
Learn MoreA virtual private cloud service that provides an isolated cloud network to operate resources in a secure environment.
Learn MoreApsara Stack is a full-stack cloud solution created by Alibaba Cloud for medium- and large-size enterprise-class customers.
Learn MoreMore Posts by Alibaba Clouder