Cloud – an extension to your infrastructure

Are you planning to buy a new server or perhaps thinking about going to AWS or Azure but concerned about security? Do you know your organization can extend its infrastructure to cloud with your dedicated portion of cloud (utmost security)? If you answered yes, then here we present the topologies with which you can tame the bull and plough your fields.

Cloud is only an extension of your office network

In this topology, you create a Virtual Private Cloud connected to your office infrastructure via site-to-site VPN or direct-connect.

Your VPC does not have Internet Gateway so your instances cannot communicate directly to internet (malware cannot send data out) and no one cannot communicate to your cloud infrastructure directly (intruders are kept abay).

Your cloud infrastructure follows your network security policies and internet access is available through only your firewall and router.

Your application can be hosted partly on-premise and can fulfill spike compute demand from Cloud infra. Your cloud infra can also host your big data, take up Machine Learning jobs (ML is cheap on the cloud) or get special resources such as S3 bucket via private link.

Typical scenario

Your applications primarily serve your employees and contractors, and applications are accessible in-office or over VPN.

Your applications include internet facing applications (both B2B or B2C) however you use your on-premise IP address to bring network traffic to those applications.

Cloud serves your partners visibly

In this topology, besides creating above topology, you expose a portion of your cloud infrastructure directly over internet. Please note only limited subnets of your network have Internet Gateway and access to those sub-nets can be controlled via Network Access Control List (ACL) and Security Groups.

The continuity of applications is never impaired because there is always Plan B (if on-premise infra goes down then Cloud infra is available and vice versa).

Back end portion of your application (access to reports, data upload etc.) can be made available to only your office infra via site-to-site VPN or direct connect to cloud.

Typical scenario

Host your mission critical applications (e.g. e-commerce, operations control apps) with high availability and access to secured functions through on-premise.

Continue to use cloud as an extension of your office infrastructure.

Cloud integrates your branches

In this topology, you can create different combinations of hub and spoke network using Cloud and on-premise firewall/switch.

AWS Cloud Hub and transit gateways are examples of this topology.

Cloud to Cloud private link

In this topology, you connect your cloud infrastructure to another organization’s cloud infrastructure privately within cloud infrastructure. The network traffic never leaves cloud infrastructure and get on internet.

This topology is an extension to above topologies.

Typical scenario

You are buyer or seller of SAAS services and your business partner application is also on the same cloud service provider. For example you may buy or sell a set of APIs to get early news feed or send strategic/sensitive data.

Are you now ready to give your dream project a chance? Talk to us, we may help.

About VisionFirst Technologies Pvt. Ltd.

We are a group of researchers and practitioners of cutting edge technology. We are AWS Registered Partner. Our tech stack includes Machine Learning, offline/2G tolerant mobile apps, web applications, IOT and Analytics.

Add a Comment

Your email address will not be published.

Related Blogs