In this post, I’ll go more in depth about the advantages of connecting your on-premise private network to the cloud. I’ll also show you how Interconnect is an important consideration to make and I’ll walk you through the different options that you have to make connectivity happen. That way, you will be able to make the right informed decisions when making the move.
When companies are moving to the cloud, a solid connect is inevitable. It should be one of the main components in the architectural discussions and plans you have, before you even spin up your first VM.
Networking considerations when moving your infrastructure to the Cloud are:
- Do I need private access to my VPC (i.e. RFC 1918)?
- Do I want to manage the connections myself?
- How will the innovations of SDN interoperate with my on-prem environment?
- Will I use the same connection for my migration as for my production traffic?
There’s many reason to extend your on-premise network to the Cloud. First of all, it secures server-server communication between on-premise machines during the co-existence phase, while you are migrating your workloads in waves. Secondly, it’s important when you’re going for a hybrid approach, keeping some legacy systems on-premise.
VPN & Interconnect
Even if you migrate all workloads to the Cloud in a single weekend (let us know how that went!), another consideration is how your workers will connect. Ideally, you want a guaranteed and private connection from your office to Google Cloud. This is where we enter the domain of Cloud VPN and Interconnect, as these solutions extend your private RFC 1918 range to Google Cloud.
Here’s a great comparison between the different Interconnect and VPN options from Google: Dedicated Interconnect, Partner Interconnect and IPsec VPN tunnel. Each have their own capabilities and limitations. For more details on the solutions, read their docs here.
Take me to the clouds!
In an enterprise environment, Interconnect is your ultimate end goal. As a managed service with great bandwidth and automatic routing setup using BGP, all you have to do is to choose between using a partner or going directly to Google. Most enterprises will want to use Partner Interconnect, having a Service Provider Partner manage the connection for you, and providing an SLA from the their side to on-prem. Google will guarantee the SLA from their data centers to the ISP’s endpoint.
There’s a catch however. Interconnect just went GA, and might still take your provider a decent amount of time to set up. Soooo… does that mean you just postpone your migration?
Connectivity Alternatives
This is one of the reasons you want to tackle connectivity as early on as possible, so that your connection is ready before your first VM is migrated. If you’re time bound, Cloud VPN with BGP on a Clout Router might come in to the rescue. Since both Cloud VPN and Interconnect can use Cloud Router with BGP, it’s a good temporarily alternative.
You can setup Cloud VPN yourself in a jiffy, test all the connections and even start doing some test migrations. When your Cloud Interconnect finally comes up, it will just take precedence over Cloud VPN and thanks to the dynamic routing using BGP, no network changes will be required. It can be as simple as that.
Take the test
If you already moved some applications to Google Cloud, you will want to test the Interconnect connection anyhow, before changing over from Cloud VPN to Interconnect. A great way to do so, is to limit the advertised ranges from GCP to your on-prem in Cloud Router.
By creating a new subnet in the same VPC, which has no workloads on it yet, you can advertise just that subnet to your on-prem over Interconnect. You can then go ahead and test the Interconnect itself to that subnet. If those tests are all going well, you’ll be a lot more certain to include all subnets and migrate from Cloud VPN to Interconnect.
Using Cloud Interconnect, you can enjoy the full experience in both on-premise and in Cloud!
In summary, enterprises need to connect over private IP range to Google Cloud. With Interconnect, Google and its partners offer a fully managed service, which should be your end goal. While exploring, Cloud VPN with BGP can be a low effort temporarily solution, later to be replaced by Interconnect.
Once you’re connected to the cloud, there’s so much for you to explore… So sit back, relax and enjoy the flight.
What about you?
Need help with your Cloud migration? Want to (partially) move from on-premise to Google Cloud? Looking for a certified Google partner that can help you with your next Cloud project?
Contact us now, we’d be happy to talk about your needs and the possibilities of Cloud technology for your company. We’re curious to hear about your projects and to see how we can help!
Note: This post is based on the Google Next ‘18 Breakout Session “VPC Deep Dive and Best Practices” by Emanuele Mazza – Google Cloud Networking Product Specialist