With the emergence of public hosted clouds and their related technologies such as infrastructure as a Service (IaaS) and Platform as a Service (PaaS), organizations now have choices and freedom for where their data and applications are stored and running. However, before blindly deploying applications in the cloud, careful thought needs to be given as to where critical architectural components of these services are located, such as the logic and middleware tiers, back-end data storage, and authentication and authorization servers. Lastly, as these are services that your company will be providing, and most likely have a substantial business impact, you will probably want to think about monitoring, managing, and backing up these services, and how your current infrastructure can extend to the public cloud.
Hosted cloud infrastructures present a great way to scale existing application infrastructure, especially for consumer facing services. These service providers manage all aspects of the underlying infrastructure, enabling you to focus on delivering content instead of maintaining hardware.
The primary challenge with these infrastructures, in order to make them useful, and still meet compliance and policy requirements, is to enable some method of what is referred to as cross-premise connectivity, in order to extend your datacenter infrastructure services to the public cloud service offering. This will enable you to keep your critical data and supporting infrastructure contained in your own datacenter, thus allowing you a high degree of security and confidence, while at the same time meeting the business challenges.
In order to achieve cross-premise connectivity, you could work with your service provider to implement costly dedicated circuits, or use what is called a “site to site VPN”, commonly known as a S2S VPN, which tends to be much more affordable and simpler to manage.
What is a Site to Site VPN
S2S VPNs have been around for more than a decade, and were historically used for connecting branch offices to corporate datacenter networks, leveraging the public Internet instead of dedicated circuits. These S2S VPNs are similar to traditional client-based VPNs, with the difference of enabling bi-directional network connectivity instead of point to point client connectivity.
In the past, implementing a S2S VPN usually meant purchasing, configuring, installing, and supporting dedicated hardware and complex configurations. However, the major public cloud providers have worked to make implementing S2S VPNs very simple, and typically offer web based, wizard driven processes to guide you through the process. On your datacenter side, you will still require either a hardware or software based solution for your endpoint.
Enter the Microsoft and Celestix Solution
With their release of Windows Server 2012 R2, Microsoft has made great improvements in their Site to Site VPN, including a host of new PowerShell commands to automate the configuration of the S2S VPN functionality. In addition, Server 2012 R2 introduces the concept of multi-tenant VPN provider, which can enable both cloud hosting providers and organizations to use the same S2S server for managing, initiating, and auditing their VPN connections from a single server.
The Celestix E-Series appliance contains all the required components that you need to implement your own secure, cross-premise solution, and is based on the Microsoft Unified Remote Access solution.
Implementation is simple process with our appliances. You would simply install our appliance in the external and DMZ networks, assign the public and internal addresses, and configure your networking infrastructure to route traffic destined for the public hosted network to our appliance.
Implementing the S2S VPN for your service provider is usually a simple process, as our appliances will support the common IPSec VPN authentication methods and protocols required.