You took the decision to move to the cloud and you selected Alibaba Cloud as your cloud services provider. Now it’s time to know how to connect your on-premise data center with the cloud.
Alibaba Cloud’s Global Infrastructure
Alibaba Cloud’s infrastructure is built around regions and zones. Region refers to a physical node on a global scale. Each region is composed of multiple zones. A zone is composed of one or multiple scattered data centers, each of which has independent supporting facilities including redundant power supplies, networks, and connections. A zone helps to improve the efficiency of production apps and databases and has higher availability, error tolerance capabilities, and extendibility than a single data center.
Alibaba Cloud operates 75 zones spread across 24 regions globally, including regions in Mainland China and regions outside Mainland China such as Europe (UK and Germany), APAC (Indonesia, Singapore, India, Australia, Japan, Malaysia, Hong Kong), and US (Virginia and Silicon Valley).
Additionally, Alibaba Cloud CDN has 2,800+ cache nodes across Mainland China and outside Mainland China in 30+ countries and regions deployed with multiple ISPs. Content is distributed to acceleration nodes across the network and the Alibaba Cloud global scheduling system accurately routes user requests to the nearest optimal node, effectively reducing access latency.
What options offers Alibaba Cloud to connect?
There are two main options you can leverage to connect your data center with Alibaba Cloud, or being more precise, with the VPC in Alibaba Cloud. These are VPN Gateway and Express Connect.
Generally speaking, VPN uses the Internet for connectivity, while Express Connect uses a dedicated, private connection leading straight to the Alibaba Cloud region.
Option 1: VPN Gateway
VPN Gateway is an Internet-based service that securely and reliably connects enterprise data centers, office networks, or Internet-facing terminals to Alibaba Cloud Virtual Private Cloud (VPC) networks through encrypted connections.
There are two different connections VPN Gateway supports: IPsec-VPN connection and SSL-VPN connection.
- IPsec-VPN connection: The route-based IPsec-VPN facilitates the configuration and maintenance of VPN policies, and provides flexible traffic routing methods. You can use IPsec-VPN to connect an on-premises data center to a VPC network. IPsec-VPN supports IKEv1 and IKEv2 protocols. Any devices that support these two protocols can connect to Alibaba Cloud VPN Gateway.
- SSL-VPN connection: SSL-VPN is implemented based on the OpenVPN framework. You can create an SSL-VPN connection to connect a remote client to applications and services deployed in a VPC network. After the deployment is complete, you only need to import the certificate to the client to initiate the connection.
Option 2: Express Connect
Alibaba Cloud Express Connect service enables you to establish a dedicated network connection to Alibaba Cloud. This option offers privacy and usually higher bandwidth than VPN connections.
The communication between Express Connect and your data center is over the Alibaba Cloud internal network. Leased lines allow you to bypass the Internet service provider (ISP) to keep the network stable and prevent data theft during data transmission.
Express Connect consists of connections established between on-premises data centers and Alibaba Cloud access points. There are two different types of connections:
- Exclusive physical connections: An Alibaba Cloud physical port and a leased line provided by a third-party service provider are used to connect an on-premises data center to an Alibaba Cloud access point. The only way to apply for a physical connection interface is through the Alibaba Cloud Express Connect console. This option is more expensive than the shared physical connection.
- Shared physical connections: A leased line and the network provided by a third-party service provider are used to connect an on-premises data center to Alibaba Cloud. In this solution, the third-party service provider establishes the link between the on-premises data center and an Alibaba Cloud access point that can be shared by multiple tenants. This option is cheaper than the exclusive physical connection.
Differences between VPN Gateway and Express Connect
You can use either physical connections or VPNs to connect on-premises data centers to Alibaba Cloud. However, physical connections are superior to VPNs in terms of network quality, security, and transmission speed. The following table compares both:
| Item | Express Connect | VPN Gateway |
|---|---|---|
| Network quality | Physical connections use leased lines and internal networks for communication, which features high quality, low latency, and low packet loss. | VPNs use the Internet for communication, which faces risks of high latency and packet loss. |
| Security | Physical connections prevent data theft and provide high-security Physical connections can satisfy customers with high-security requirements, such as finance and government enterprises. | VPNs use encrypted communication channels that are based on the Internet and can meet the basic security requirements of customers. |
| Bandwidth | A single link provides a bandwidth of up to 100 GE and can satisfy customers of high data volumes. Equal-cost multi-path routing (ECMP) is supported among multiple physical connections. The bandwidth can be increased to a TB. | The network bandwidth depends on the bandwidth of the public IP address. |
About Roopu Cloud
If you have any questions or concerns about Alibaba Cloud, you can contact us. We are experts in building and implementing cloud solutions in the Alibaba Cloud platform as well as in other Chinese cloud platforms. Let us help you!
