As the consumption of digital workloads accelerates in these post-covid times, IT teams are stretched thin as they try to make applications available ubiquitously. These applications need access to data residing in digital islands such as - data centers, co-location providers, service provider hosted infrastructures, edge compute, 5G, and the public clouds. To provide seamless connectivity between applications and data, most enterprises are adopting public clouds as part of their IT strategy. While some enterprises prefer one cloud over others, to avoid vendor lock-ins and to avail best of breed services from each cloud provider, most enterprises prefer a multi-cloud approach.
There are many challenges with the hybrid and multi-cloud connectivity solutions available today. The traditional option with a VPN connection is limited by indeterministic latency and scale that severely impacts production usage. Dedicated connectivity options lack deployment velocity, bandwidth elasticity, and pay-per-use economics. Furthermore, as customers are migrating on-prem applications to the cloud, these architectural limitations are leading to increased complexity and rigid deployments. In summary, the current networking architecture adopted by cloud providers does not provide unified multi-cloud and cross-region connectivity between cloud providers.
According to Gartner, "traditional network vendors often fail to meet the requirements of cloud, platform, and DevOps teams”. Virtual routers address the needs of basic VPN, but they fail to meet the needs of cloud-native integration, cloud security, cloud-scale, consistent policy, network visibility, automation, orchestration, and management from a single console. Due to these limitations, large enterprise organizations are constrained by limited choices when deploying and scaling connectivity across data centers, co-location providers, and public clouds.
The Arrcus Connected Edge (ACE) platform makes networking agile, scalable, seamless, and secure. ACE provides a single platform that can be deployed in the on-prem, data center, edge, and IP core to multi-cloud. The ACE multi-cloud networking (MCN) solution delivers scalable networking to interconnect enterprise data centers securely and seamlessly with any cloud around the world, with hyperscale performance and cloud-native security.
The ACE MCN Networking Solution
ACE MCN solution allows organizations to seamlessly extend their on-prem networks to cloud providers and co-location providers with a flexible deployment architecture and robust security. ACE MCN is the industry's first multi-cloud solution that supports multi-tenancy to allow you to share your cloud infrastructure with your partners and offer network segmentation with a consistent policy. Database separation per tenant ensures data isolation and prevents inadvertent malicious access. Designed for digital-first enterprise organizations, the Arrcus multi-cloud networking platform consisting of ArcEdge, as a secure data plane software and ArcOrchestrator dramatically shortens multi-cloud networking set up time from days to hours. Operationally simplify ongoing management by automating and orchestrating with popular frameworks including HashiCorp Terraform, Ansible playbooks, and RestAPI. Built from the first principles for Amazon Web Services, Microsoft Azure, and Google Cloud Platform environments, the ACE multi-cloud networking platform is a fully integrated and cloud-native solution.
Use Cases
Multi-cloud connectivity
Deploy and manage ArcEdge in your VPC/VNET in any region in any cloud from the ArcOrchestrator console. Operators deploy, connect, and secure thousands of ArcEdges at scale with simplified UI workflows from the ArcOrchestrator console. Interconnect distributed applications with hub-spoke, full-mesh, or hybrid connectivity. Cloud migration across multi-cloud environments is simplified via support for private and overlapping IP addresses with network address translation. ArcOrchestrator is integrated with AWS Route 53 and can seamlessly provide DNS services to workloads running across clouds over the overlay network. ArcOrchestrator can be configured to forward all traffic to a 3rd party appliance to address the network firewall and/or IPS/IDS use-cases.
Hybrid Cloud Orchestration
ArcOrchestrator, a first of its kind, can be deployed in the on-prem network or the cloud. From the ArcOrchestrator deployed in your on-prem or the cloud, deploy instances of ArcEdge on any physical, virtual, or cloud infrastructure. Realize the unlimited flexibility to connect the On-prem network to any cloud in any region. BYoIP feature on ArcOrchestrator allows you to assign “your IPs” to your ArcEdge instances in the cloud and configure your on-prem firewall to allow traffic to/from “your IPs” only. Your security operations team can configure security policies to allow ingress/egress traffic to/from your IP prefix range.
Cloud inter-connect at Colo provider
When customers want to avoid backhauling traffic between two cloud providers via their data center, customers use a co-location provider’s infrastructure to interconnect the two cloud providers. To maintain architectural consistency and seamless connectivity, customers deploy ArcEdge to configure IPsec connectivity between two clouds at the co-location infrastructure. Additionally, co-location providers can leverage the ArcEdge secure connectivity to offer hybrid and multi-cloud connectivity as a managed service.
Fig 1: On-prem to multi-cloud deployment flexibility with Arrcus MCN solution
Operational Flexibility
Network operations and security teams need deep visibility and control over each network entity. ArcEdge provides full visibility and control with one mouse-click terminal access. Customers can configure advanced networking features including BGP, high availability, optimal routing, traffic engineering, and more. To minimize the network disruption and reduce the maintenance window, the Arrcus MCN solution allows you to upgrade ArcEdge software in all regions simultaneously or perform a rolling upgrade across all your regions, thus simplifying the software lifecycle management. Upgrading ArcOrchestrator to the latest version automatically backup and transfers all the data without causing any disruption to the network.
Monitoring & Analytics
ArcEdge can be configured to redirect all ingress/egress traffic to the ArcIQ monitoring solution. ArcIQ is modern network visibility and analytics platform that enables Enterprise IT personnel with real-time, deep views of the network and devices with actionable insights to help with proactive incident management and faster troubleshooting. This platform is architected on streaming telemetry for real-time data collection and secure streaming with Kafka or gNMI. ArcIQ provides control plane security - it monitors, validates, and notifies the network and security insights like route origin validation (ROV) and detects route leaks and hijacks. ArcIQ provides deep route analytics using rich telemetry data for the most widely deployed protocols in the industry e.g., BGP, IS-IS, EVPN, LLDP. It maintains a time-series database for data retention and analysis. It supports an extensive list of APIs for integration with other observability platforms, central processing of critical events, and security analytics.
Routing Security
ArcIQ leverages authentication-based routing to validate the origin of routes received, thereby improving the security of business assets. ArcIQ protects routing infrastructure from malicious attacks and secures resource availability and business continuity.
Summary:
The MCN solution with Arrcus ACE platform is available in various form factors – containers, VM, software on white box hardware, and the cloud. Enterprises and service providers can seamlessly deploy this solution anywhere - access, data center, or cloud. Enterprises can leverage ACE MCN to sustain the rapid growth of applications and data distributed globally and adopt a new architecture that delivers hyper-scale multi-cloud networking solutions with reliable scale, predictable performance, and seamless orchestration.
Additional Resources: