Cisco UK & Ireland Blog

How to pick the best network access for public clouds

March 2, 2017

Agility in the network is becoming a critical aspect of an organisation’s overall strategy. As such, the emphasis is shifting away from fixed-length private MPLS WAN contracts towards Internet connectivity and Over-The-Top (OTT) VPN services based on Software Defined-WAN and Network Function Virtualisation (NFV) technologies.

Effective and secure connectivity to public cloud providers is also vital for running applications in the cloud. So it goes without saying: no network, no cloud…

But what’s the best way for organisations to connect to public cloud providers?

Simplistically, there are two options:

  1. Indirect Access – A quick and cost-effective method is using your existing Internet connection and a secure VPN network to extend your network policies and gain visibility to the public cloud. For example, Cisco CSR 1000V virtual router, which is available on:Amazon Web Services
  2. Direct Access – Dedicated links, or a cross connect via a carrier, can connect cloud providers to your network infrastructure directly. Cloud providers use specific partners to install private connections. Relevant service providers are available online for:

However, neither of these methods provide a central point of policy enforcement in a cloud neutral location for hybrid cloud environments with a mix of applications hosted in the cloud and on premise. In order to secure data in public cloud environments, organisations have the additional expense of building multiple network edge (DMZ) environments.

Networking for hybrid cloud environments

Cisco’s Secure Agile Exchange (SAE) is a hybrid cloud networking approach designed to reduce circuit costs, virtualise network functions and orchestrate with common policy enforcement for distributed consumers and providers.

Consumers connect quickly and securely to applications, wherever they reside, by virtualising the DMZ and extending it to colocation centres (Colo).

You can find more on Cisco’s SAE here but the benefits of Cisco SAE are realised in the following areas:

  • Lower Cost
    • Carrier AND Cloud Provider neutral flexible infrastructure
    • Fewer circuits via distributed provider aggregation layer
  • Security and Experience
    • Centralised security policy enforcement across trusted (private) and untrusted (cloud)
    • Enhanced telemetry and analytics
    • Choose security services independent of public IAAS, PAAS, or SAAS cloud availability
  • Automation and Operations
    • Simple operations – no Linux or OpenStack skills required
    • Reduce cost and improve agility by automating virtual service lifecycle

Which cloud connectivity approach best meets my needs?

Well, it depends… It depends on where you are on your cloud adoption journey. Considerations include latency requirements, the volume of data and its portability, Service Level Agreements and of course available budgets.

The Enterprise cloud adoption approach generally falls into three categories and it is an evolution:

  1. Private data centre first – 90% on prem private data centre, 10% SaaS
  2. Cloud first – Hybrid IT with a mix of 33% SaaS, 33% IaaS and 33% on prem (non-cloud)
  3. Cloud all in – 67% IaaS and 33% SaaS

In some cases, a large enterprise may choose an approach for the entire company and all the lines of business (LoBs) then follow the same strategy. However, in most cases, a single large enterprise may follow all three in different LoBs.

Given these three environments, the enterprise network needs to adjust based on where the applications and data are hosted.

Private data centre first


  • The majority of applications (about 90%) are hosted in a private data centre
  • SaaS applications (10%) are used for specific business functions
  • Siloed adoption of cloud services
  • Limited use of public IaaS for development and testing
  • Private MPLS network for trusted communications
  • Cloud Access – SaaS via HTTP(s) and public IaaS via flexible Over-The-Top (OTT) VPN services


Benefits & Drawbacks



Cloud first


  • Preference for a new application is public SAAS (33%) first, public IAAS (33%) second and private data centre third (33%)
  • Increasing adoption of public IaaS for development and production
  • Increased attack vectors and opportunities for threat actors
  • Limited visibility into cloud environments and application performance
  • Cloud Access – Combination of (1) Direct Access and/or (2) Indirect Access via VPN services



Benefits & Drawbacksbenefits-and-drawbacks-2


Cloud all in (cloud native) 


  • Cloud first for new applications, plus you are investing resources in refactoring, lifting and shifting existing applications to migrate them from the private data centre to public SaaS and IaaS
  • Mainstream adoption of public IaaS (typically 67%) and SaaS (33%)
  • A Cloud native mode of operation whereby new applications are developed and operated (DevOps) within the cloud
  • Cloud access predominantly via the Internet


Benefits & Drawbacks


Find out more
about Cisco’s WAN connectivity solutions and why your network is the foundation for your cloud and digital transformation goals.


Leave a comment