5.2 Cloud Routing Architectures

00:08

Hello and welcome to Module five point to Cloud Rounding Architectures and this module. We're going to spend some time learning about how we route to the cloud and what connective ity like AWS Direct Connect and Microsoft Measures Express Route are all about. So let's get out of our on premise network and connect to the public cloud.

00:27

Microsoft is your express route. Let's you extend your on premise network into the Microsoft Cloud over a private connection facilitated by a service provider, a connective ity provider like Centurylink or A T and T. These express route connections do not go over the public Internet and operate a lot like a point to point Ethernet connection

00:45

that creates a direct connection from her network's data center or co location facility

00:49

to Microsoft. This dedicated private connection is routed over the Service providers network, and it's connected on each end of this private circuit with a provider edge router or P router and the Public Cloud Providers router or, in this case, a Microsoft ed rounder or is your driver. These connections can be small or as big as you're willing to pay for,

01:07

but typically range from 50 to 100 megabits per second.

01:11

Twist fast as one and 10 gigabits per second.

01:15

Direct connections to the Cloud Provider Lectures, Express Route and Amazon Web service is direct Connect. Create private connections between the cloud providers, data centers and your on premise infrastructure, such as your own data center or your own Coehlo facility.

01:27

As these direct connections do not go over the public Internet and are dedicated private connections between you and the cloud provider, these direct connections offer

01:36

greater reliability, faster speeds and lower Leighton See than your typical Internet connection. Offering high throughput and low latent. See direct connections like Express Route can feel like a natural extension to your data center so you can enjoy the scale and economy of the public cloud without having to compromise network performance.

01:53

You can also create very robust hybrid architecture solutions.

01:57

Hybrid is a combination of service is running in your on premise network and also running in the cloud At the same time, direct connections offer predictability, reliability and high throughput so that we can successfully spend our own premise. Infrastructure to public Cloud service is like a juror without compromising privacy or performance.

02:15

These are the two primary disadvantages to relying on Lee on the public Internet to connect to our cloud provider a lack of privacy and poor performance.

02:24

A great example of the hybrid cloud architecture approaches a service called Is Your Active Director? Connect or 80 Connect Active Directories, a Microsoft server role that has stood up on a Microsoft server. Instance, like Microsoft Server 2019 Microsoft active director was a set of directory service is developed for Windows Domain networks.

02:42

Starting in 2008 Active Director became an umbrella title for a broad range of directory based identity related service. Is

02:50

a server running active director. Domain service is called the Domain Controller. An active directory domain controller authenticates and authorizes all users in computers and the Windows Domain type network. Assigning and enforcing security policies for all computers

03:04

and controls rights and privileges to such service is is installing new programs on that machine were updating software when the user logs into a computer that is part of a Windows Domain

03:14

active directory checks the submitted password and determines whether the user is a system administrator or a normal user. Active directory is the cornerstone of every Windows domain network Active Directory verifies user credentials and defines a user's rights and privileges. Almost every window service relies on domain service's

03:31

determined by active directory to control things. That group policy

03:36

file system, encryption, domain names, service's and D. N s resolution and is used to cross the computing and user experience and controls the rights and privileges. Toe applications like exchange Server, SharePoint, Microsoft Office, the Windows Registry device, hardware and software settings and much, much more

03:53

active directory federation surfaces or a D. F. S is one way we can have single sign on service or S s O with a T. F s infrastructure in place, users may use several Web based service is such as online shopping or access to the cloud software as a service

04:08

or a network resource, like getting on the wireless network and use only one set of credential stored in a central location

04:15

and then sharing the single set of credentials across all network Resource is signing and only once, as opposed to having to be granted a dedicated set of credentials for each and every network resource and signing in numerous times against the networks. Active Directory, 80 Federation Service is an extension of 80 directory service that can enable users to authenticate with

04:33

and use the devices that are part of the same network

04:36

using only one set of credentials. Thus, a hybrid active directory infrastructure. Having active directory on permission, your network while also in the Azure Cloud and then fed aerating each of these instances of active directory, the instance in your network and the instance in the azure cloud using an is your direct connection called Azure 80 Connect

04:56

allows our users to sign into service is inside our network or in the Azure cloud only once,

05:01

and then the credential sets are shared across the Federated Active Directory infrastructure. This is only one example of how extending our service is out to the cloud with direct connections. That's express route and is your 80 connect and then sharing and partnering. Those service is across the cloud. Federation can extend our corporate policy across our network service is

05:20

while simplifying. The delivery of these service is to our networks users.

05:25

And that, after all, is our primary job in I t. The delivery of our network resource is to our users who needed quickly, easily and securely

05:33

express rounds faster. Reliable connection capabilities are ideal for data storage, access and backups and disaster recovery. For example, you can transfer in store a large amount of data to is your storage service. Well, keeping your applications running in your own data center for Backup and Disaster Recovery

05:50

Express route makes data replication faster and more reliable, improving the performance as well as the reliability of your disaster recovery strategies.

05:59

Moreover, you can access. Other is. Your hosted service is such a CZ office 3 65 your software as a service for all of your organization suite of Microsoft software applications and a very fast, very reliable and very secure manner. And when your servers work together, they often need frequent exchanges of data to synchronize their databases. For example,

06:17

when some of your servers were moved to the cloud,

06:20

the additional agency introduced by Internet connections can have a serious impact on the performance of your overall system, and it can sometimes render the entire system unusable. Express route provides a fast connection between Your Honor Promise Data Center and is you're so that you can extend your local infrastructure to the cloud

06:36

without having to make significant architecture or cold level changes

06:41

of your platform. So another really cool piece of cloud architecture is this thing called a cloud gateway. So what is a gateway? While there are all kinds of uses for the term gateway in the network, but what I always tell my students is at the end of the day, a gateway is a fancy term for a protocol. Converter

06:56

protocols air the languages are networked devices and applications used to interpret and use data, and every system and device in the network can speak a stack of protocols, its own language, its own vocabulary.

07:05

But when the device needs to speak and understand the language that is not in its own vocabulary, rather than just leading the pack, it's it will run the package through a gateway, a protocol converter, and then the data will be converted to a protocol. It or device can understand. There are numerous types of cloud gateways and atomic cloud gateway manufacturers out there. A good example of a cloud gateway

07:26

might be this appliance called a cloud storage gateway.

07:29

The de facto standard of a cloud object storage protocol is Amazon's Web service is a W S S three. Now my network rights to storage using SIFs or NFS Common Internet Final System or network file system. And I can't write to storage the same way that Amazon's s three AP eyes do using protocols like soap or rest.

07:47

So in this case, I would install the edge storage appliance or Storage Gateway, which will convert my storage protocols like sifts and NFS to the clouds, Soap

07:56

or rest protocol. So now that I can read and write to the storage the same way the clown does, thanks to my cloud storage gateway, I can extend my stories to the clown for back up purposes, disaster recovery purposes or in any other way that I might use a cloud storage as a service platform. Really, really cool stuff.

08:13

So it's time to review what we learned about direct routes and direct past the cloud provider and cloud gateways.

08:20

What are three advantages of a direct connection to our cloud provider?

08:24

What are the names of the jurors? Direct connection and A W. S is private connection to your data center.

08:30

What is a *** way?

08:31

And how can a cloud gateway help me connect to the public cloud. So hit pause. Take a moment to run your answers to the CLO gateway so we could speak the same language. And then once we can agree and how to say your answers are 100% completely correct. Hit play and we'll review our answers together.

08:45

So welcome back, cloud heads. And so what are some of the advantages of a direct connection to our cloud provider? Well, the top three reasons why direct connections air so great is their fast.

08:52

They're reliable, and they're very low latent. See Arlo and DeLay. Another very important feature of a direct connection is that it is private and thus very secure. As yours. Direct connection is called Express Route. AWS calls There's Direct Connect and Google's Cloud platform G C P. A service we didn't cover in this lecture calls, there's dedicated interconnect.

09:13

A gateway is a fancy term for protocol converter in the network. A network router like a Cisco Integrated Service's router on Audio Coach Gateway or Juniper Outer. All performed protocol conversion. Gateway Service's and a Cloud gatewaycan Help me connect to the public cloud by allowing my internal network to speak the same language the cloud provider does

09:31

so I can extend mine private network to the public hosted

09:33

cloud service. I might also need to speak cloud storage protocols. And this would need to install a cloud storage gateway on the edge of my data center, allowing me and the cloud to speak the same language. Or if I am a multi cloud network where I need to talk to multiple cloud providers at the same time. The only way I'm gonna get that done is via a cloud gateway.

09:52

So today we learned about the directly connected routes of Microsoft is yours Express route in AWS Direct Connect. And we learned about some of the advantages and architecture applications that directly connecting to our cloud provider can bring to our organization. And we learned about the role of a gateway and how cloud get weaves can allow us to speak the language of the cloud and use the cloud more effectively.

10:11

In our next session, we will learn about the way we managed lands which is in our network

10:16

and how the industry has created this thing called cloud managed infrastructure.

10:20

So until next time, on behalf of all of us at the cyber security and I t Learning Team. We want to say thank you for joining us.

10:28

Take care and to you and all of the users on your network