As cloud computing matures, more and more enterprises are starting to build their own cloud resources on public clouds and use various cloud services. They tend to deploy cloud IT services on multiple public clouds. However, enterprises that choose different cloud services need to apply to the network provider and multiple cloud service providers independently for resources and maintain them independently. As there is neither unified and secure network management platform nor cloud resource management platform supporting multiple tenants, the application efficiency is low and the service deployment and maintenance is complicated. To solve these problems, enterprises are in urgent need for a solution that can manage multiple clouds efficiently and uniformly.
Trend for Operators to Build Cloud Access Platforms
Multi-cloud access has a broad market space. Leveraging their own network advantages to build cloud access platforms, telecom operators can provide better cloud access services for enterprises and facilitate the enterprises to manage multiple clouds more efficiently.
AT&T launched its NetBond early in 2013, providing network management and cloud infrastructure connection models for cloud service providers. Using the MPLS VPN technology, NetBond provides secure, flexible, high-performance connectivity for a customer. It can extend the customer's MPLS network from AT&T to any cloud service provider interconnected with the NetBond cloud system. The customer can also adjust network resources in real time. AT&T builds a complete cloud service provider ecosystem and has deep cooperation with Amazon, Microsoft, Google and Salesforce. Now more than 20 partner members provide cloud solutions.
Equinix Metro Connect deploys multiple international business exchanges (IBXs) in a metropolitan areas, providing highly reliable network connectivity between data centers, and direct access to more than 1800 networks and more than 9800 enterprises as well as cloud, digital content and financing companies. Equinix provides an interconnection platform to access multiple clouds, so that customers can access the Equinix network through physical and virtual connections.
Moreover, some third-party internet service providers (ISPs) offer multi-cloud access through VPN. China's VPN market has expanded from 4 billion RMB in 2010 to tens of billions RMB in 2018, and third-party ISPs occupy more than 50% of market share. Third-party ISPs are interconnected with multiple mainstream cloud service providers through high-speed fiber networks. Enterprise users can access multiple public clouds from any VPN node and deploy their cloud-based IT services.
Analysis of Mainstream Public Cloud Access Modes
At present, mainstream public clouds include AWS VPC, AWS PaaS, Azure VPC, Office365, Baidu cloud VPC, Alibaba cloud VPC, Tencent cloud VPC, and Kingsoft cloud VPC. Based on these mainstream public clouds, the requirements for devices in the cloud access center include:
—Multi-instance: Provide multi-cloud access for multiple enterprises (tenants)
—IPSec: Access Baidu cloud, Alibaba cloud and Tencent cloud by VPN
—BGP: Advertise routes over AWS DirectConnect and AZure ExpressRouter
—VLAN sub-interface: Access AWS and Azure; access Baidu cloud, Alibaba cloud and Tencent cloud by leased lines
—NAT: Provide NAT for user private networks to access the PaaS service and Office365 service in the public cloud
—VxLAN: Interconnect with PON leased line
—L2VPN/L3VPN: Interconnect with IPRAN and MPLS leased lines
Thoughts on Building Cloud Access Platforms for Operators
Telecom operators can build a cloud access platform as shown in Fig. 1. A cloud access center is built, where OTN, MPLS, IPRAN and PON leased lines are terminated. Through the cloud access center, these leased lines are connected to different public clouds, so that the enterprise can reach multiple clouds by accessing the internet from one node. This architecture can reduce the impact of the increasing number of public cloud providers on leased line networks.
By deploying the cloud access center close to public cloud nodes, telecom operators can take advantages of their transport networks, control the network path of enterprises accessing the cloud, and provide differentiated network services for enterprise users. Also they can reduce network security threats and provide secure connectivity for enterprises to access multi-clouds.
Operators need to build a unified cloud-network service orchestration system to manage MAN, IPRAN, backbone network, POP node and cloud access center, and manage enterprise users' network resources on public clouds through the cloud API interfaces opened by public cloud service providers. Opening self-service portals to enterprise users based on the cloud-network service orchestration system enables enterprise users to rapidly and safely implement on-demand interworking between IDC and VPC, obtain PaaS/SaaS services, and perform unified management of multiple clouds, thus helping them complete digital transformation.
Cloud access platform, multi-cloud management, public cloud