Building a Private Cloud within a Public Cloud
One of our customers wanted to establish a site to site connectivity between their datacenter and public cloud (Amazon EC2) and then have a private network within Amazon EC2 with their own custom IP addresses for their servers in the cloud. Basically idea here is to augment the internal datacenter resources with the resources in the public cloud securely so that the servers in the cloud appear as if they are part of their own private corporate network. The idea here is to isolate the servers used by the customer in the cloud from the rest of the servers in the cloud using private network, just like the corporate internal datacenters are isolated using private network with private routers routing the internal traffic.
Kaavo team setup the required network using OpenSwan and OpenVPN, see the figure below.
The advantage of this setup is that users within the corporate firewalls can access the server in the cloud seamlessly as servers in the cloud are part of the private corporate network.
One of the barriers to cloud adoption for a large number of enterprise customers is that, they can’t just lift and load applications and run them in isolation in the cloud as majority of enterprise applications are connected to backend systems, internal authentication servers, etc. Having a secure seamless connectivity b/w corporate datacenters and the servers in cloud reduces the barrier for enterprise customers to gradually move applications in the cloud without having to worry about the integration issues between internal resources and the resources in the cloud.
Having the ability to create secure, high-bandwidth network, on-demand between two end points (in this case customer datacenter and cloud or between two different clouds) via API would be an ideal solution. Hopefully networking solution providers can step up to the plate and deliver solutions where we can dynamically create networks for applications and manage the bandwidth and Service Levels, in the context of the application, on-demand. So for example if we know some application has a peak bandwidth usage during afternoon we can allocate the appropriate bandwidth on-demand in the afternoon and release extra bandwidth when the usage is low. Another example is data warehouse application which may require high bandwidth during batch load window (typically late night) and relatively small bandwidth during other times of the day.