Multi-Cloud Connectivity

Make Multi-Cloud
Connectivity
Fast and Easy

Connect to IaaS/PaaS/SaaS in hours
with no CAPEX to manage

Aryaka’s fully managed multi-cloud connectivity solution provides a fast and cost-effective means for connecting to the most widely used IaaS or SaaS providers. Aryaka’s solution is built from 4 main components: the Aryaka Network Access Point (ANAP), our global private network of 30+ PoPs, the MyAryaka reporting and configuration portal, and direct routes to leading IaaS and SaaS providers.

extended-cloud-reach-aryaka

Enterprises are in the midst of a major Information Technology (IT) transformation driven by innovations like cloud, virtualization and Internet of Things (IoT). As an increasing number of applications and workloads migrate to the cloud, enterprises are faced with the challenge of upgrading their wide area networks (WAN). Today, most enterprises depend on MPLS routers for their WAN, a technology that was first introduced in the 1990s. Legacy MPLS networks are woefully inadequate in dealing with the sheer volume and variety of traffic that traverses modern enterprise networks. A badly designed WAN can degrade the performance of cloud-based applications and adversely affect the end user experience.

Aryaka’s cloud connectivity solution caters to the needs of both IaaS as well as SaaS rollouts. While IaaS connectivity is addressed using private connections (i.e. AWS Direct Connect, Azure ExpressRoute) or IPSec tunnels, SaaS connectivity and application performance is addressed using Aryaka’s unique Virtual Office (VO) solution.

A VO is just what it implies. Instead of a physical site, it is virtual, handing off traffic from the Aryaka PoP to the nearest SaaS entry point. The customer’s SaaS traffic thus traverses the Aryaka backbone from the edge to a SaaS co-location point, ensuring application performance.

Multi-Cloud Resources

AWS
Azure
Oracle
Alibaba
Alibaba

How We Differ

In contrast to the Aryaka solution, traditional connectivity solutions rely on either IPSec through the Internet or private MPLS links, neither of which address the cloud connectivity challenge. Issues with these approaches are detailed in the Aryaka Blog here.

Cloud connectivity via IPSec and MPLS
IaaS and SaaS connectivity

ARYAKA MULTI-CLOUD CONNECTIVITY ARCHITECTURE

Aryaka’s fully managed multi-cloud connectivity solution provides a fast and cost-effective means for connecting to the most widely used IaaS or SaaS providers. Aryaka’s solution is built from 4 main components: the Aryaka Network Access Point (ANAP), our global private network of 30+ PoPs, the MyAryaka reporting and configuration portal, and direct routes to leading IaaS and SaaS providers.

ANAP

ANAP

The Aryaka Network Access Point (ANAP) is a cloud-managed and provisioned device.

Private Network

Private Network

Private Layer 2 links from top service providers worldwide, connecting 30 PoPs located on 6 continents.

MyAryaka

MyAryaka

Self-service customer and partner portal for centralized configuration, management and reporting.

Direct Connectivity

Direct Connectivity

Direct connectivity to leading IaaS/PaaS providers and co-located access to SaaS providers.

ARYAKA – CLOUD CONNECTIVITY USE CASES

Aryaka’s cloud connectivity solution can be used in a variety of deployment scenarios be it IaaS connectivity, SaaS connectivity and application performance acceleration, multi-cloud connectivity etc.

Aryaka as Virtual Firewall for Cloud Services

USE CASE 1
BRANCH OR DATA CENTER TO CLOUD

Private direct connection is Aryaka’s recommended solution for connecting branch offices to applications hosted on Amazon Web Services (AWS), Microsoft Azure , Oracle Cloud, Google Cloud or Alibaba Cloud.

BRANCH OR DATA CENTER TO CLOUD

This solution creates an easy way to connect directly to and between all the cloud resources, without MPLS, complicated appliances, or the need for peering. Using these direct connections, Aryaka links branch offices to AWS's VPCs, Google's VPCs, Alibaba's VPCs, Oracle's VCNs or Azure's VNETs in a full mesh topology. In most locations, Aryaka offers a 10G dedicated link to AWS, Azure, Oracle, Google Cloud and Alibaba Cloud. In addition, the solution offers flexible bandwidth capacity for up to 300 Mbps per customer. A private direct connection enables employees to access applications in 30 milliseconds or less, securely, from anywhere in the world.

This architecture leverages cloud solutions including AWS Direct Connect, Microsoft Azure ExpressRoute, Oracle FastConnect, Google Cloud Dedicated Interconnect and Alibaba Cloud Express Connect.

AWS Direct Connect is a cloud service solution that makes it easy to establish a dedicated network connection from your premises to AWS. Using AWS Direct Connect, you can establish private connectivity between AWS and your data center, office, or colocation environment, which in most cases can reduce your network costs, increase bandwidth throughput, and provide a more consistent network experience than Internet-based connections. The Aryaka service also eliminates the requirement to build this capability on your own.

Microsoft’s ExpressRoute lets you extend your on-premises networks into the Microsoft cloud over a private connection facilitated by a connectivity provider, such as the Aryaka core. With ExpressRoute, you can establish connections to Microsoft cloud services, such as Microsoft Azure, Office 365, and Dynamics 365.

Oracle’s FastConnect is a network connectivity alternative to using the public internet for connecting your network with Oracle Cloud Infrastructure and other Oracle Cloud services. FastConnect provides an easy, elastic, and economical way to create a dedicated and private connection with higher bandwidth options, and a more reliable and consistent networking experience when compared to internet-based connections.

Google Dedicated Interconnectprovides direct physical connections between your on-premises network and Google's network. Dedicated Interconnect enables you to transfer large amounts of data between networks, which can be more cost effective than purchasing additional bandwidth over the public Internet.

Alibaba Cloud Express Connect allows you to establish high bandwidth, reliable, secure, and private connections between different networks. Dedicated physical connections link your on-premise data centers with Alibaba Cloud, which improves the flexibility of your network topology and the performance of cross-network connectivity.

USE CASE 2
BRANCH OR DATA CENTER TO CLOUD OVER IPSEC

Aryaka has built private direct connections to Azure and AWS in over 10 regions, covering the most important geographies. However, in locations where a private direct connection is not feasible, Aryaka provides cloud connectivity through IPsec tunnels to AWS, Azure, Oracle, Google Cloud or Alibaba Cloud. Further, static or BGP peering is added to route traffic between the branches/DCs and the cloud provider's VPCs or equivalent.

BRANCH OR DATA CENTER TO CLOUD OVER IPSEC

Aryaka’s network connects all the branches using a single IPSec tunnel going from the PoP to the cloud provider’s VPC. This architecture is far superior to the traditional SD-WAN architecture, where a single VPC has a number of IPSec tunnels to connect the branches. Advantages of this solution include better reliability and a smaller Round trip time (RTT).

USE CASE 3
MULTI-CLOUD CONNECTIVITY

For most organizations, a multi-cloud architecture is a practical reality. In some cases, multi-cloud may be a conscious risk mitigation strategy to avert commercial, technical or operational reliance on one IaaS service provider, while in other cases it may be a transient migration strategy as they move from one cloud service provider to another. In either case, multi-cloud connectivity is a necessity. Current approaches for multi-cloud connectivity are inefficient as they require traffic to be backhauled across the entire enterprise network.

MULTI-CLOUD CONNECTIVITY

Aryaka with its PoP architecture simplifies multi-cloud connectivity. The PoP closest to the IaaS location acts as the transit point for the inter-cloud traffic by providing an efficient alternative to traditional solutions.

USE CASE 4
VPC TO VPC INTRA-REGION USING DIRECT CONNECTION AND ARYAKA PoP

It is common for customers to provision logically isolated virtual networks to host their AWS resources. Such customers tend to create multiple VPCs within the same region or in different regions. Aryaka VPC to VPC connectivity is useful for customers who require multiple VPCs for security, billing, regulatory, or other purposes, and want to integrate AWS resources between their VPCs more easily. More often than not, these different VPCs need to communicate privately and securely with one another for sharing data or applications.

VPC TO VPC INTRA-REGION

Traditional solutions for this connectivity has relied on partially meshed or fully meshed (VPC Peering). The drawback with these solutions is that these peering connections often require modifications to the associated VPCs’ route tables and, as the number of VPCs grows, this can be difficult to maintain. Furthermore, there is a limitation of a maximum of 125 peering connections per VPC.

peering connections per VPC

In Aryaka’s intra-regional VPC to VPC connectivity solution, the PoP acts as the inter VPC router, greatly simplifying the architecture. With this solution a BGP session is created between Aryaka PoP and AWS, a VLAN is then created for each customer VPC. Each VLAN then corresponds to a single VPC. The customer requires no Aryaka software within their VPCs.

USE CASE 5
VPC TO VPC INTER REGION USING DIRECT CONNECTION AND ARYAKA PoP

Aryaka VPC to VPC inter-region connectivity is useful for customers who require multiple VPCs for security, billing, regulatory, or other purposes, and want to integrate AWS resources between their VPCs more easily. More often than not, these different VPCs need to communicate privately and securely with one another for sharing data or applications.

VPC TO VPC INTER REGION

This solution leverages Aryaka’s multi-regional PoP architecture to simplify connectivity. Traffic goes from VPC1 via direct connect to Aryaka PoPx(region X) and further across Aryaka core network to the other Aryaka PoPy(region Y). Finally the traffic is routed from Aryaka PoPy to VPC2. As with the previous use case, the customer requires no Aryaka software within their VPCs.

USE CASE 6
CONNECTIVITY TO SAAS

Connectivity to SaaS applications like Office 365, Salesforce or Webex is a challenge. Traditional connectivity solutions for accessing SaaS applications depend upon the public internet, which is unreliable or slow, especially across regions. Even private MPLS networks cannot solve this problem as they are incapable of traffic segmentation based on the application type.

A public ‘Virtual Office; (VO) is Aryaka’s solution for improving the performance of cloud-based office applications that are commonly accessed over the internet. A VO is a virtual router with stateful firewall capability and public IP address integrated within an Aryaka PoP. It also provides multi-segment TCP optimization to reduce RTT.

VPC TO VPC INTER REGION

The solution leverages the power of Aryaka PoPs, by configuring them as VO. Two VO instance are created per customer running in active / standby mode. These VOs act as an exit point from Aryaka PoP to the cloud application, breaking out the traffic from the secure Aryaka backbone.

The VOs are at close proximity and act as clients to Microsoft, Webex, Salesforce or other application data centers. End users are connected into Aryaka’s network via an IPSec-edge tunnel to the PoP that is located closest to them. The private network allows the enterprise to bypass the congestion and packet loss associated with an unreliable public Internet. Further, the built-in WAN optimization minimizes the latency that is experienced by global end-users. This ensures a more consistent and reliable application performance, as well as guaranteed throughput and availability.

ARYAKA – CLOUD CONNECTIVITY USE CASES

Aryaka’s cloud connectivity solution can be used in a variety of deployment scenarios be it IaaS connectivity, SaaS connectivity and application performance acceleration, multi-cloud connectivity etc.

Aryaka as Virtual Firewall for Cloud Services

USE CASE 1
BRANCH OR DATA CENTER TO CLOUD

Private direct connection is Aryaka’s recommended solution for connecting branch offices to applications hosted on Amazon Web Services (AWS), Microsoft Azure , Oracle Cloud, Google Cloud or Alibaba Cloud...

USE CASE 2
BRANCH OR DATA CENTER TO CLOUD OVER IPSEC

Aryaka has built private direct connections to Azure and AWS in over 10 regions, covering the most important geographies. However, in locations where a private direct connection is not feasible, Aryaka provides cloud connectivity through IPsec tunnels...

×

USE CASE 1
BRANCH OR DATA CENTER TO CLOUD

Private direct connection is Aryaka’s recommended solution for connecting branch offices to applications hosted on Amazon Web Services (AWS), Microsoft Azure , Oracle Cloud, Google Cloud or Alibaba Cloud.

BRANCH OR DATA CENTER TO CLOUD

This solution creates an easy way to connect directly to and between all the cloud resources, without MPLS, complicated appliances, or the need for peering. Using these direct connections, Aryaka links branch offices to AWS's VPCs, Google's VPCs, Alibaba's VPCs, Oracle's VCNs or Azure's VNETs in a full mesh topology. In most locations, Aryaka offers a 10G dedicated link to AWS, Azure, Oracle, Google Cloud and Alibaba Cloud. In addition, the solution offers flexible bandwidth capacity for up to 300 Mbps per customer. A private direct connection enables employees to access applications in 30 milliseconds or less, securely, from anywhere in the world.

This architecture leverages cloud solutions including AWS Direct Connect, Microsoft Azure ExpressRoute, Oracle FastConnect, Google Cloud Dedicated Interconnect and Alibaba Cloud Express Connect.

AWS Direct Connect is a cloud service solution that makes it easy to establish a dedicated network connection from your premises to AWS. Using AWS Direct Connect, you can establish private connectivity between AWS and your data center, office, or colocation environment, which in most cases can reduce your network costs, increase bandwidth throughput, and provide a more consistent network experience than Internet-based connections. The Aryaka service also eliminates the requirement to build this capability on your own.

Microsoft’s ExpressRoute lets you extend your on-premises networks into the Microsoft cloud over a private connection facilitated by a connectivity provider, such as the Aryaka core. With ExpressRoute, you can establish connections to Microsoft cloud services, such as Microsoft Azure, Office 365, and Dynamics 365.

Oracle’s FastConnect is a network connectivity alternative to using the public internet for connecting your network with Oracle Cloud Infrastructure and other Oracle Cloud services. FastConnect provides an easy, elastic, and economical way to create a dedicated and private connection with higher bandwidth options, and a more reliable and consistent networking experience when compared to internet-based connections.

Google Dedicated Interconnectprovides direct physical connections between your on-premises network and Google's network. Dedicated Interconnect enables you to transfer large amounts of data between networks, which can be more cost effective than purchasing additional bandwidth over the public Internet.

Alibaba Cloud Express Connect allows you to establish high bandwidth, reliable, secure, and private connections between different networks. Dedicated physical connections link your on-premise data centers with Alibaba Cloud, which improves the flexibility of your network topology and the performance of cross-network connectivity.

×

USE CASE 2
BRANCH OR DATA CENTER TO CLOUD OVER IPSEC

Aryaka has built private direct connections to Azure and AWS in over 10 regions, covering the most important geographies. However, in locations where a private direct connection is not feasible, Aryaka provides cloud connectivity through IPsec tunnels to AWS, Azure, Oracle, Google Cloud or Alibaba Cloud. Further, static or BGP peering is added to route traffic between the branches/DCs and the cloud provider's VPCs or equivalent.

BRANCH OR DATA CENTER TO CLOUD OVER IPSEC

Aryaka’s network connects all the branches using a single IPSec tunnel going from the PoP to the cloud provider’s VPC. This architecture is far superior to the traditional SD-WAN architecture, where a single VPC has a number of IPSec tunnels to connect the branches. Advantages of this solution include better reliability and a smaller Round trip time (RTT).

USE CASE 3
MULTI-CLOUD CONNECTIVITY

For most organizations, a multi-cloud architecture is a practical reality. In some cases, multi-cloud may be a conscious risk mitigation strategy to avert commercial, technical or operational reliance on one IaaS service provider...

USE CASE 4
VPC TO VPC INTRA-REGION USING DIRECT CONNECTION AND ARYAKA PoP

It is common for customers to provision logically isolated virtual networks to host their AWS resources. Such customers tend to create multiple VPCs within the same region or in different...

×

USE CASE 3
MULTI-CLOUD CONNECTIVITY

For most organizations, a multi-cloud architecture is a practical reality. In some cases, multi-cloud may be a conscious risk mitigation strategy to avert commercial, technical or operational reliance on one IaaS service provider, while in other cases it may be a transient migration strategy as they move from one cloud service provider to another. In either case, multi-cloud connectivity is a necessity. Current approaches for multi-cloud connectivity are inefficient as they require traffic to be backhauled across the entire enterprise network.

MULTI-CLOUD CONNECTIVITY

Aryaka with its PoP architecture simplifies multi-cloud connectivity. The PoP closest to the IaaS location acts as the transit point for the inter-cloud traffic by providing an efficient alternative to traditional solutions.

×

USE CASE 4
VPC TO VPC INTRA-REGION USING DIRECT CONNECTION AND ARYAKA PoP

It is common for customers to provision logically isolated virtual networks to host their AWS resources. Such customers tend to create multiple VPCs within the same region or in different regions. Aryaka VPC to VPC connectivity is useful for customers who require multiple VPCs for security, billing, regulatory, or other purposes, and want to integrate AWS resources between their VPCs more easily. More often than not, these different VPCs need to communicate privately and securely with one another for sharing data or applications.

VPC TO VPC INTRA-REGION

Traditional solutions for this connectivity has relied on partially meshed or fully meshed (VPC Peering). The drawback with these solutions is that these peering connections often require modifications to the associated VPCs’ route tables and, as the number of VPCs grows, this can be difficult to maintain. Furthermore, there is a limitation of a maximum of 125 peering connections per VPC.

peering connections per VPC

In Aryaka’s intra-regional VPC to VPC connectivity solution, the PoP acts as the inter VPC router, greatly simplifying the architecture. With this solution a BGP session is created between Aryaka PoP and AWS, a VLAN is then created for each customer VPC. Each VLAN then corresponds to a single VPC. The customer requires no Aryaka software within their VPCs.

USE CASE 5
VPC TO VPC INTER REGION USING DIRECT CONNECTION AND ARYAKA PoP

Aryaka VPC to VPC inter-region connectivity is useful for customers who require multiple VPCs for security, billing, regulatory, or other purposes, and want to integrate AWS resources...

USE CASE 6
CONNECTIVITY TO SAAS

Connectivity to SaaS applications like Office 365, Salesforce or Webex is a challenge. Traditional connectivity solution for accessing SaaS applications depend upon the public internet, which is unreliable or slow, especially across regions.Even private MPLS networks cannot solve this problem...

×

USE CASE 5
VPC TO VPC INTER REGION USING DIRECT CONNECTION AND ARYAKA PoP

Aryaka VPC to VPC inter-region connectivity is useful for customers who require multiple VPCs for security, billing, regulatory, or other purposes, and want to integrate AWS resources between their VPCs more easily. More often than not, these different VPCs need to communicate privately and securely with one another for sharing data or applications.

VPC TO VPC INTER REGION

This solution leverages Aryaka’s multi-regional PoP architecture to simplify connectivity. Traffic goes from VPC1 via direct connect to Aryaka PoPx (region X) and further across Aryaka core network to the other Aryaka PoPy (region Y). Finally the traffic is routed from Aryaka PoPy to VPC2. As with the previous use case, the customer requires no Aryaka software within their VPCs.

×

USE CASE 6
CONNECTIVITY TO SAAS

Connectivity to SaaS applications like Office 365, Salesforce or Webex is a challenge. Traditional connectivity solutions for accessing SaaS applications depend upon the public internet, which is unreliable or slow, especially across regions. Even private MPLS networks cannot solve this problem as they are incapable of traffic segmentation based on the application type.

A public ‘Virtual Office; (VO) is Aryaka’s solution for improving the performance of cloud-based office applications that are commonly accessed over the internet. A VO is a virtual router with stateful firewall capability and public IP address integrated within an Aryaka PoP. It also provides multi-segment TCP optimization to reduce RTT.

VPC TO VPC INTER REGION

The solution leverages the power of Aryaka PoPs, by configuring them as VO. Two VO instance are created per customer running in active / standby mode. These VOs act as an exit point from Aryaka PoP to the cloud application, breaking out the traffic from the secure Aryaka backbone.

The VOs are at close proximity and act as clients to Microsoft, Webex, Salesforce or other application data centers. End users are connected into Aryaka’s network via an IPSec-edge tunnel to the PoP that is located closest to them. The private network allows the enterprise to bypass the congestion and packet loss associated with an unreliable public Internet. Further, the built-in WAN optimization minimizes the latency that is experienced by global end-users. This ensures a more consistent and reliable application performance, as well as guaranteed throughput and availability.

SUMMARY

Cloud connectivity and multi-cloud networking is an important challenge that organizations must overcome for a successful cloud transformation. Ignoring this aspect of cloud transformation can adversely affect application performance and therefore end user experience.

Aryaka's Cloud-First WAN, delivered as a managed service simplifies the cloud connectivity challenge by leveraging its global fully meshed L2 Services PoP network, feature-rich SD-Branch/Edge appliance (ANAP), the MyAryaka Cloud Portal, and direct routes to leading IaaS providers.

Traditional
SD-WAN Vendors
Aryaka Traditional
MSPs
Fully managed service with 24x7 support and global NOCs
Managed last mile connectivity including procurement and monitoring
Multi-Cloud architecture with direct connectivity
Guaranteed application performance with built-in WAN Optimization
Global L2 Points-of-Presence reaching 95% of the world’s knowledge workers
Consistent global and regional SLAs with single point of contact (SPOC)
Secure converged edge with managed firewall as-a-service

As a Cloud-First WAN, Aryaka offers better reliability and QoS compared to the public internet, while it is more flexible than private MPLS networks. However, Aryaka’s real advantage lies in combining fully managed services with leading SD-WAN technology, integrated security, multi-cloud networking and a private Layer 2 network with presence in over 30 locations worldwide.