KML_FLASHEMBED_PROCESS_SCRIPT_CALLS
 

How To Build a Virtual Private Cloud on GoGrid

December 14th, 2011 by - 6,491 views

At GoGrid, we are often asked to provide solutions for a variety of use cases. More often than not, businesses are not looking for “standard” cloud implementations. And what really is “standard?” When you think about it, every business has unique needs in order to satisfy their cloud challenges. We help companies craft these solutions daily and we call it Creating a Cloud Fingerprint. But, as is the nature of cloud computing, many users desire to figure it out themselves, simply because solutions can be architected fairly easily, and if it isn’t quite right, they can be modified.

In our regular discussions with companies looking for information on how they can benefit from cloud Infrastructure as a Service, we often come across the same set of hurdles, namely:

  • Most established companies have an existing infrastructure investment, and may not be willing or able to sacrifice these investments,
  • Some infrastructure components may not be generally available through IaaS vendors, such as Enterprise security or storage infrastructure,
  • Some applications or data will be deemed “too sensitive” for the cloud due to internal objections or compliance constraints,
  • Maintaining and growing an on-premise solution or even data center is not only difficult, but extremely expensive,
  • Doing a full migration to the cloud comes with a very high conversion and operational cost,
  • Business simply are unsure as to how to best leverage cloud computing.

With these challenges in mind, we have a solution that allows business not only to utilize their existing infrastructure, but also leverage GoGrid’s public cloud to create a Virtual Private Cloud on GoGrid.

But, addressing the points above is critical in the solution. Therefore, we wanted to be sure:

  • Customers could retain their existing infrastructure,
  • GoGrid’s platform is used as an EXTENSION of that infrastructure,
  • GoGrid’s customers have a wide range of network security options/policies available,
  • Customers are able to fully leverage the advantages of cloud infrastructure, and the elimination of capital expenditures and their associated resource costs,
  • A customer can fully utilize their existing infrastructure investment.

The GoGrid Solution

The solution is actually quite straight forward. And it aids customers in potentially moving on-premise infrastructure to the cloud in the future at a gradual pace. As we all know, a picture is worth 1000 words:

GoGrid-virtual-private-cloud-2

Each GoGrid account includes dedicated Layer-2 Public and Private VLANs —  this means that GoGrid completely and securely segregates each customer’s data in motion from every other GoGrid customer’s. It also means that all virtual and physical servers can speak directly to each other over high-throughput, low-latency gigabit networks.

Capitalizing on this built-in security and performance, GoGrid can add a full-featured network firewall, completely controlling network traffic per customers’ specifications.

In the Virtual Private Cloud (VPC) configuration, all traffic is denied to and from the Internet, but all traffic is allowed over the secure, encrypted point-to-point link between the customer’s cloud infrastructure at GoGrid, and their on-premise or hosted infrastructure. Of course, this policy set can be modified to add more or less restrictive policies, for example to allow database or remote management traffic only over the VPN, but allow secure web services (HTTPS) over the Internet or an IP range.

What is depicted above is the linking of two distinct infrastructures, one within GoGrid and one as a customer’s on-premise environment. The linkage is done simply by using a VPN/Firewall solution, which creates and encrypted tunnel between the two locations: GoGrid cloud and customer’s location. This is a dramatically over-simplified representation, so let’s take a look at one possible solution in a bit more detail.

GoGrid-virtual-private-cloud-details

The solution above requires the following items:

Within GoGrid

  • A GoGrid Account
  • A Managed Hardware Firewall
    • Cisco ASA-Series Firewall (Single Tenant)
    • Fortinet Firewall (Multi-Tenant)

Within Customer’s On-Premise Infrastructure

  • A VPN termination appliance at the customer’s location, such as a Cisco, Juniper or Netscreen device

In order to set up this configuration or other versions of GoGrid’s Virtual Private Cloud solution, we recommend that you have a discussion with a Cloud Specialist or Solutions Architect, as it is important to not only properly configure the environment, but also, you will need to order some managed firewall solutions.

Pricing starts around $200/month for a Virtual Private Cloud implemented with the Fortinet Firewall, and $350/month for a managed Cisco ASA 5510 dedicated to a single customer account. These charges are in addition to associated GoGrid infrastructure and bandwidth costs.

Who Might Benefit from a Virtual Private Cloud?

The nice thing about cloud computing is that it can be a solution for just about any use case. Having flexibility to construct solutions using a variety of cloud services allows customers to truly craft their Cloud Fingerprint. In the case of Virtual Private Clouds, we see them as being beneficial for Internal Applications where security of data is paramount. Core private data is maintained within a customer’s location, however, if transmitted to the cloud, it is done via a securely, encrypted tunnel. Some environments that may require this include:

  • Microsoft Exchange
  • Microsoft SharePoint
  • Billing & Financial Systems

Similarly, Virtual Private Clouds can be used for Intranet solutions as well as SaaS applications. Lastly, having a pre-constructed Virtual Private Cloud allows you the flexibility to Cloud Burst should your internal environment suddenly need to leverage more capacity or compute power from GoGrid’s public cloud.

And, as your company’s business and infrastructure grows, you may want to consider a migration to GoGrid’s Hosted Private Cloud which offers the benefits, capabilities and flexibilities of GoGrid’s public cloud, but within a single-tenant environment, one that is dedicated to your company solely.

Regardless, the important point here is to carefully plan for your future infrastructure growth. Don’t do it alone either. Ask your peers as well as your cloud partner to provide you with best practice solutions to make you successful and timely in your efforts.

The following two tabs change content below.

Michael Sheehan

Michael Sheehan, formerly the Technology Evangelist for GoGrid, is a recognized technology, social media, and cloud computing pundit and blogger who writes regularly about technology news and trends.

Leave a reply