Getty Images/iStockphoto
An introduction to cloud network architecture
Enterprises have three main options when it comes to cloud network architecture: Use built-in CSP tools, buy virtual networking appliances or use a multi-cloud management platform.
When it comes to the cloud, network architects might be wary of the challenge of designing a network that supports all necessary applications, data and services. This is especially true as businesses move toward infrastructure-as-code methodologies and intent-based networking.
Enterprises often don't own underlying cloud components, so options can feel limited. Yet, cloud networking technologies have advanced to the point where multiple choices now offer varying levels of network design depending on an organization's needs.
In this introduction to cloud networking, we define what a cloud network is and discuss the primary architecture options available. We also explore how organizations can select the cloud network architecture that best fits their business today and in the future.
What is a cloud network?
The concept of cloud networks largely focuses on the ability of a cloud customer to design, configure and manage the underlying network in a private or public cloud. With a private cloud, architects have far more flexibility when it comes to the overall design because the cloud provider fully manages the underlying hardware and software on which the cloud is built.
For public clouds, customers can control and manage networking using traditional methods only in IaaS deployments. With SaaS, the customer has no control over network functions as they're fully managed by the service provider. PaaS, on the other hand, provides IT operators with building blocks that can be used to define network policies, segmentation, security groups and load-balancing capabilities.
Cloud computing vs. cloud networking
Cloud computing delivers services using IaaS, PaaS and SaaS consumption models, while cloud networking uses cloud services for network design and management. Explore more of the differences here.
From a cloud customer perspective, many organizations choose to operate in a hybrid cloud architecture. That means some applications, data and services reside in corporate-owned and managed data centers, while others are moved to a cloud infrastructure. Ideally, customers with this hybrid model mimic the network IP space, policies and procedures they've already established in their data centers. Replicating these processes and settings into the cloud environment creates a more uniform end-user and administration experience.
Some businesses go a step further by using multiple cloud service providers (CSPs) in a multi-cloud architecture. Symmetry among clouds is key here from both an operational and cloud management perspective. Companies moving toward multi-cloud must be able to manage routing, access lists, load balancing and other network functions, no matter which cloud they're in.
What cloud networking architecture options are available?
Businesses can evaluate three different cloud network architecture deployment methods, which are outlined below.
1. Built-in networking tools
The first method is to use the CSP's built-in networking tools provided as part of the base IaaS service. For example, companies that use the Amazon Virtual Private Cloud service get control over the basics, such as assigning private IP addresses of their choice, carving out the virtual network into various subnets, and creating and applying security policies to each subnet. Customers also have control over the route table, internet gateways and supplemental network services, such as Dynamic Host Configuration Protocol and DNS.
That said, using the built-in networking tools means enterprises must configure and manage the IaaS cloud independently of any other private or public cloud. Alternatively, network orchestration tools available on the market often work within popular CSP infrastructure environments. Thus, enterprises can achieve centralized management if a budget is available for a comprehensive, vendor-agnostic network orchestration strategy.
2. Virtual networking appliances
A second method is to use virtual networking appliances from a networking vendor to handle networking tasks, instead of the built-in tools the cloud provider offers. Companies such as Arista Networks, Cisco, Juniper and SonicWall offer several versions of their virtualized routers, firewalls and software-defined WAN appliances on popular IaaS marketplaces. In many cases, these proprietary or open networking virtual appliances can also be managed using a centralized, software-defined network orchestration platform.
Companies looking at a hybrid cloud might want to implement one or more third-party virtual appliances into IaaS clouds to more closely mimic network configurations already created in their private data centers. Doing so simplifies initial configuration and ongoing management and maintenance.
3. Multi-cloud management platform
Businesses looking to build out a multi-cloud environment could try to use third-party network appliances in multiple CSPs. But another option to simplify the management of multiple clouds from a configuration and policy perspective is to use a multi-cloud management platform.
Multi-cloud management tools are purpose-built to create a software overlay between private and public clouds, which masks any underlying differences in configuration management. These tools help prevent overlapping IP space and manage shared DNS resources between private and public cloud infrastructures. They also present a way to scale to other cloud providers using standard methodologies and policies.
While the multi-cloud management option is far more complex than the other options, it's an alternative for those seeking to distribute a large network across many public cloud providers.
How to choose a cloud network architecture
The ultimate choice of a cloud network architecture largely depends on short- and long-term needs. Companies seeking a hybrid architecture with a single primary provider might choose the built-in tools or third-party virtual network options. Additionally, third-party network orchestration options can integrate with most single or hybrid cloud use cases that streamline processes through automation and intent-based networking principles.
Enterprises with large and highly distributed multi-cloud ambitions might find a multi-cloud management platform more appropriate. This option delivers the speed and agility of single or hybrid clouds. Additionally, applications and services are diversified and can be strategically located across geographic areas to reduce network latency.
Another factor to consider is whether IaaS or PaaS is truly an organization's long-term strategy or if SaaS is the eventual goal. SaaS growth is expected to continue outpacing both IaaS and PaaS, so businesses might start rethinking their multi-cloud architecture ambitions in favor of a SaaS provider that requires no cloud networking at all.
Finally, when it comes to cost, enterprises must consider both Capex and Opex. IaaS network architectures are typically the lowest cost and come with the most flexibility. From a buildout and ongoing operations perspective, however, those savings quickly erode if the proper tools and network automation are not put in place. SaaS is typically the most expensive option but comes with the benefit that there's no network to manage. Finally, PaaS is becoming popular as it provides some control over the network architecture and supporting services through predefined building blocks. This makes PaaS increasingly ideal for businesses that are DevOps-focused.
Editor's note: This article has been updated to reflect technology changes and to improve the reader experience.
Andrew Froehlich is founder of InfraMomentum, an enterprise IT research and analyst firm, and president of West Gate Networks, an IT consulting company. He has been involved in enterprise IT for more than 20 years.
