Enterprises are in the midst of a major Information Technology (IT) transformation driven by innovations like cloud, virtualization and Internet of Things (IoT). As an increasing number of applications and workloads migrate to the cloud, enterprises are faced with the challenge of upgrading their wide area networks (WAN). Today, Many enterprises still depend on MPLS routers for their WAN, a technology that was first introduced in the 1990s. Legacy MPLS networks are woefully inadequate in dealing with the sheer volume and variety of traffic that traverses modern enterprise networks. An outdated designed WAN can degrade the performance of cloud-based applications and adversely affect the end user experience.
Traditional cloud connectivity solutions rely on either IPSec through the Internet or private MPLS links, neither of which address the multi-cloud challenge for fast, reliable and easy to manage connectivity.
A better alternative for global and regional enterprises is Aryaka’s fully managed Cloud-First WAN delivered as a Service that provides enterprise grade connectivity and guarantees consistently fast performance for on-premises and SaaS-based applications, regardless of where they are located. This is achieved by combining a Global Private Network, with Aryaka developed SD-WAN equipment that is bundled with functionalities like WAN application optimization, a Dynamic CDN, centralized network configuration and monitoring.
Aryaka’s global private network has been built using private Layer 2 links from top service providers, connecting 30+ Services PoPs located on 6 continents, in proximity to business hubs and major cloud service providers. It bypasses the unreliability of the public Internet and delivers consistent latencies and negligible packet loss, thus ensuring predictable application performance to users around the world.
Aryaka’s fully managed multi-cloud connectivity solution provides a fast and cost-effective means for connecting to the most widely used IaaS or SaaS providers. Aryaka’s solution is built from 4 main components: the Aryaka Network Access Point (ANAP), our global private network of 30+ Services PoPs, the MyAryaka reporting and configuration portal, and direct routes to leading IaaS and SaaS providers.
The Aryaka Network Access Point (ANAP) is a cloudmanaged and provisioned device.
Private Layer 2 Links from top service providers worldwide, connecting 30+ Services PoPs located on 6 Continents.
Self-sevice customer and partner portal for centralized Configuration, management and reporting.
Direct connectivity to leading Iaas/PaaS providers and co-located access to SaaS providers.
Figure 4 : Aryaka’s cloud connectivity solution addresses the needs of both IaaS/PaaS and SaaS rollouts
Aryaka’s cloud connectivity solution caters to the needs of both IaaS as well as SaaS rollouts. While IaaS connectivity is addressed using private connections or IPSec tunnels, SaaS connectivity and application performance is addressed using the Virtual Office (VO) solution.
A VO is just what it implies. Instead of a physical site, it is virtual, handing off traffic from the Aryaka PoP to the nearest SaaS entry point. The customer’s SaaS traffic thus traverses the Aryaka backbone from the edge to a SaaS co-location point, ensuring application performance.
Aryaka’s cloud connectivity solution can be used in a variety of deployment scenarios be it IaaS connectivity, SaaS connectivity and application performance acceleration, multi-cloud connectivity etc. In the remainder of this document, we explore 6 PoPular use cases.
Private direct connection is Aryaka’s recommended solution for connecting branch offices to applications hosted on Amazon Web Services (AWS), Microsoft Azure , Oracle Cloud, Google Cloud or Alibaba Cloud.
This solution creates an easy way to connect directly to and between all the cloud resources, without MPLS, complicated appliances, or the need for peering. Using these direct connections, Aryaka links branch offices to AWS’s VPCs, Google’s VPCs, Alibaba’s VPCs, Oracle’s VCNs or Azure’s VNETs in a full mesh topology. In most locations, Aryaka offers a 10G dedicated link to AWS, Azure, Oracle, Google Cloud and Alibaba Cloud. In addition, the solution offers flexible bandwidth capacity for up to 300 Mbps per customer. A private direct connection enables employees to access applications in 30 milliseconds or less, securely, from anywhere in the world.
This architecture leverages cloud solutions including AWS Direct Connect, Microsoft Azure ExpressRoute, Oracle FastConnect, Google Cloud Dedicated Interconnect and Alibaba Cloud Express Connect.
AWS Direct Connect is a cloud service solution that makes it easy to establish a dedicated network connection from your premises to AWS. Using AWS Direct Connect, you can establish private connectivity between AWS and your data center, office, or colocation environment, which in most cases can reduce your network costs, increase bandwidth throughput, and provide a more consistent network experience than Internet-based connections. The Aryaka service also eliminates the requirement to build this capability on your own.
Microsoft’s ExpressRoute lets you extend your on-premises networks into the Microsoft cloud over a private connection facilitated by a connectivity provider, such as the Aryaka core. With ExpressRoute, you can establish connections to Microsoft cloud services, such as Microsoft Azure, Office 365, and Dynamics 365.
Oracle’s FastConnect is a network connectivity alternative to using the public internet for connecting your network with Oracle Cloud Infrastructure and other Oracle Cloud services. FastConnect provides an easy, elastic, and economical way to create a dedicated and private connection with higher bandwidth options, and a more reliable and consistent networking experience when compared to internet-based connections.
Google Dedicated Interconnect provides direct physical connections between your on-premises network and Google’s network. Dedicated Interconnect enables you to transfer large amounts of data between networks, which can be more cost effective than purchasing additional bandwidth over the public Internet.
Alibaba Cloud Express Connect allows you to establish high bandwidth, reliable, secure, and private connections between different networks. Dedicated physical connections link your on-premises data centers with Alibaba Cloud, which improves the flexibility of your network topology and the performance of cross-network connectivity.
Aryaka extends the geographic reach to more cloud infrastructure from IaaS providers in a region. Cloud Services Extensions scale the reach significantly and allow for rapid access to IaaS’s cloud services without the need of a dedicated Services PoP in a defined region. To offer these services, Aryaka leverages software-defined private interconnections via the Equinix Cloud Exchange Fabric. Cloud Services Extensions are fully managed by Aryaka.
Aryaka has built private direct connections to Azure and AWS in over 10 regions, covering the most important geographies. However, in locations where a private direct connection is not feasible, Aryaka provides cloud connectivity through IPsec tunnels to AWS, Azure, Oracle, Google Cloud or Alibaba Cloud. Further, static or BGP peering is added to route traffic between the branches/DCs and the cloud provider’s VPCs or equivalent.
Aryaka’s network connects all the branches using a single IPSec tunnel going from the PoP to the cloud provider’s VPC. This architecture is far superior to the traditional SD-WAN architecture, where a single VPC has a number of IPSec tunnels to connect the branches. Advantages of this solution include better reliability and a smaller Round trip time (RTT).
For most organizations, a multi-cloud architecture is a practical reality. In some cases, multi-cloud may be a conscious risk mitigation strategy to avert commercial, technical or operational reliance on one IaaS service provider, while in other cases it may be a transient migration strategy as they move from one cloud service provider to another. In either case, multi-cloud connectivity is a necessity. Current approaches for multi-cloud connectivity are inefficient as they require traffic to be backhauled across the entire enterprise network.
Aryaka with its PoP architecture simplifies multi-cloud connectivity. The PoP closest to the IaaS location acts as the transit point for the inter-cloud traffic by providing an efficient alternative to traditional solutions.
It is common for customers to provision logically isolated virtual networks to host their AWS resources. Such customers tend to create multiple VPCs within the same region or in different regions. Aryaka VPC to VPC connectivity is useful for customers who require multiple VPCs for security, billing, regulatory, or other purposes, and want to integrate AWS resources between their VPCs more easily. More often than not, these different VPCs need to communicate privately and securely with one another for sharing data or applications.
Traditional solutions for this connectivity has relied on partially meshed or fully meshed (VPC Peering). The drawback with these solutions is that these peering connections often require modifications to the associated VPCs’ route tables and, as the number of VPCs grows, this can be difficult to maintain. Furthermore, there is a limitation of a maximum of 125 peering connections per VPC.
In Aryaka’s intra-regional VPC to VPC connectivity solution, the PoP acts as the inter VPC router, greatly simplifying the architecture. With this solution a BGP session is created between Aryaka PoP and AWS, a VLAN is then created for each customer VPC. Each VLAN then corresponds to a single VPC. The customer requires no Aryaka software within their VPCs.
Aryaka VPC to VPC inter-region connectivity is useful for customers who require multiple VPCs for security, billing, regulatory, or other purposes, and want to integrate AWS resources between their VPCs more easily. More often than not, these different VPCs need to communicate privately and securely with one another for sharing data or applications.
This solution leverages Aryaka’s multi-regional PoP architecture to simplify connectivity. Traffic goes from VPC1 via direct connect to Aryaka Services PoP (region X) and further across Aryaka core network to the other Aryaka Services PoP (region Y). Finally the traffic is routed from Aryaka PoPy to VPC2. As with the previous use case, the customer requires no Aryaka software within their VPCs.
Connectivity to SaaS applications like Office 365, Salesforce or Webex is a challenge. Traditional connectivity solution for accessing SaaS applications depend upon the public internet, which is unreliable or slow, especially across regions. Even private MPLS networks cannot solve this problem as they are incapable of traffic segmentation based on the application type.
A public ‘Virtual Office, (VO) is Aryaka’s solution for improving the performance of cloud-based office applications that are commonly accessed over the internet. A VO is a virtual router with stateful firewall capability and public IP address integrated within an Aryaka PoP. It also provides multi-segment TCP optimization to reduce RTT.
The solution leverages the power of Aryaka PoPs, by configuring them as virtual offices VOs. Two VO instances are created per customer running in active / standby mode. These VOs act as an exit point from Aryaka PoP to the Cloud Application, breaking out the traffic from the secure Aryaka backbone.
The VOs are at close proximity and act as clients to Microsoft, Fuze, WebEx, Salesforce or other application data centers. End users are connected into Aryaka’s network via an IPSec-edge tunnel to the PoP that is located closest to them. The private network allows the enterprise to bypass the congestion and packet loss associated with an unreliable public Internet. Further, the built-in WAN optimization minimizes the latency that is experienced by global end-users. This ensures a more consistent and reliable application performance, as well as guaranteed throughput and availability.
Aryaka recognizes and marks UCaaS traffic, steers it optimally and dynamically across internet access links and through the core infrastructure, minimizing packet loss and latency, and delivering an optimized user experience.
Note that Fuze leverages both Aryaka Virtual Office (VO) capabilities as well as direct Layer 2 peering, one of the first SaaS applications so enabled.
The use of direct Layer 2 peering set up is available as an option for other SaaS applications subject to location.
Cloud connectivity and multi-cloud networking is an important challenge that organizations must overcome for a successful cloud transformation. Ignoring this aspect of cloud transformation can adversely affect application performance and therefore end user experience.
Aryaka’s Cloud-First WAN, delivered as a managed service simplifies the cloud connectivity challenge by leveraging its global fully meshed L2 Services PoP network, feature-rich SD-Branch/Edge appliance (ANAP), the MyAryaka Cloud Portal, and direct routes to leading IaaS providers.
As a Cloud-First WAN, Aryaka offers better reliability and QoS compared to the public internet, while it is more flexible than private MPLS networks. However, Aryaka’s real advantage lies in combining fully managed services with leading SD-WAN technology, integrated security, multi-cloud networking and a private Layer 2 network with presence in over 30 locations worldwide.
Aryaka, the Cloud-First WAN and SASE company, and a Gartner “Voice of the Customer” leader, makes it easy for enterprises to consume network and network security solutions delivered as-a-service for a variety of modern deployments. Aryaka uniquely combines innovative SD-WAN and security technology with a global network and a managed service approach to offer the industry’s best customer and application experience. The company’s customers include hundreds of global enterprises including several in the Fortune 100.