How Private Cloud helps your network

Secure Private Cloud for Networking

Your business may be considering a move to the “cloud” for some applications and communications services. Interest in cloud computing is driven by increasing expectations for always-on, geographically dispersed businesses—accompanied by decreasing budgets and staff availability to manage an in-house network.

But what does the cloud really mean to your network design and how you deliver voice and data services to users? What factors should you consider when evaluating how to use cloud-based applications with public and private network services? How do you create the best deployment of a private or hybrid public/private network for secure cloud computing?

Before moving to a cloud, it is important to identify the activities and applications that the cloud network will need to support. For example, do you want to:

- Access external storage and computing resources or cloud-based applications?

- Perform transactions—such as working with financial databases or verifying identities?

- Support real-time monitoring, collaboration, and instant communication?

The Drawbacks of a Public (Internet-Only) Network

After identifying your cloud computing goals, consider the type of network you want. Although a public network that uses the

Internet to transport all traffic may seem like an attractive choice, it involves significant trade-offs for performance and security.

Applications may not perform properly and/or bandwidth may not be available for mission-critical applications. Your network may

suffer latency, jitter, and packet loss.

For performance, a public network provider using the Internet can only deliver a “best effort” priority level that applies to all traffic. This limitation exists because all Internet traffic is vulnerable to moment-by-moment congestion levels and routing path availability, which can render your applications unusable. Applications on a public network may create user frustration if the network delivers a slow response or when access is blocked because of Internet problems.

Security is another critical concern in using public networks. Private Networks, MPLS in particular, are less susceptible to Denial of Service (DOS) and other attacks than networks that utilize the public network for site-to-site communications.

Additionally, although anti-virus, intrusion detection, and intrusion prevention services may be available, these services are usually applied only at the customer premises, which may be too late for protecting data and applications from unauthorized access, data theft, and disruption.

Together, the risk of network latency and security threats in a public network may outweigh the advantages of moving to a cloud environment in order to reduce computing costs and IT staff levels.

The Advantages of Private MPLS-based Network for Cloud Computing

In contrast to the limitations of a public network, private MPLS-based network offers many advantages for cloud computing. MPLS (Multi-Protocol Label Switching) has been the foundation technology for communications and creating private networks consisting of two or more locations. By design, MPLS creates a fully meshed network topology with multiple paths between any two or more sites. It automatically forwards your traffic via the optimal path, ensuring that packets—which carry data, voice calls, or video streams—are delivered quickly without bottlenecks or single points of failure. This efficiency makes MPLS ideal for supporting performance-sensitive applications such as Voice over Internet Protocol (VoIP) and videoconferencing, as well as financial and enterprise resource planning (ERP) transactions. Many large enterprises, healthcare organizations, government agencies, and other companies choose MPLS because of the advantages it offers for the safety and security of their networks and data.

MPLS is both a secure and “self-healing” network that maintains multiple routes to cloud-based applications. If a private network becomes congested, the network can automatically reroute packets using another available path. In addition, Class of Service (CoS) definitions can prescribe the priority levels for certain types of packets (e.g., voice, video, and point-of-sale) throughout a private network to ensure your applications have the network resources available to function properly.

Additional security measures can protect your data if you include Internet access in your private network design. A gateway security service will check the data packets before they enter your private network looking for intrusions, viruses, and related threats. A firewall can allow certain types of network traffic to access cloud-based applications, or it can deny external access.

A Carrier’s network plays a role your business’ cloud computing by connecting your business locations to each other and the Internet. This role means the capabilities the carriers network can greatly impact the performance, reliability, and security of your cloud-based applications.

The carrier must have an all-optical MPLS core network that offers a strong foundation for a private network because the MPLS network is engineered to maximize application performance. Redundant OCx links and a fault-tolerant point-of-presence (POP) architecture maximize network uptime and reliability. In addition, the carrier must use state-of-the-art MPLS routing technology to deliver your data with exceptionally low latency and packet loss.

High Performance Traffic Shaping and Class of Service

A critical factor for the success of cloud computing is delivering high performance levels for each traffic type and application carried on the network. MPLS networks use Class of Service (CoS) tagging or labeling to shape voice, video, and data traffic, then maintain that priority across the network. This prioritization delivers the quality of service that is an important requirement for a provider’s network.

CoS rules ensure that voice calls and videos have optimal sound and playback quality. Additionally, IT managers can control bandwidth costs and network performance by using CoS to prioritize voice traffic ahead of data applications and real-time video conference streams ahead of stored video downloads. A provider extends service classes to your sites using CoS-capable equipment to mark, queue, and prioritize traffic as it travels from the site to the MPLS network. This traffic marking and prioritization ensures consistent circuit performance for important applications. The provider-edge routers also prioritize and queue these traffic flows across the MPLS network and in the return direction from the network to the site.

It is important to note that any traffic destined for the Internet cannot be prioritized once it leaves the carriers network because they have no control over the Internet routers. (A carrier may have its own Internet routers but cannot not control the Internet routers owned or managed by other carriers.) However, critical applications that access the Internet can still benefit from priority handling within some networks while en route to the Internet.

Although most service providers support some form of CoS prioritization in their MPLS networks, not all of these offerings are alike. Some service providers support only a few options for traffic prioritization CoS definitions, covering the broad categories of voice, video, and data. The most common definitions are:

- Real-time: Voice services and customer VoIP and video traffic

- Critical: Mission-critical data—such as financial transactions and credit card data transmission

- Business: Enterprise applications—such as SAP, Oracle, or video surveillance traffic

- Data: Low-priority traffic—such as Internet browsing, file transfers, and stored video downloads

The ability to create multiple CoS definitions helps you better manage traffic in a private cloud by:

- Prioritizing business-critical applications

- Controlling bandwidth allocations and avoiding the need to over-provision or dedicate circuits

- Promoting consistent, interruption-free network performance

- Preventing critical applications from failing or impacting the user experience due to network congestion

Protect Your Network with Managed Security Services

To protect your cloud-computing solution, carriers offer powerful, cost-effective, and fully managed security solutions that are compliant with key industry standards, such as PCI and HIPAA. These services deliver a multilayer security approach that provides holistic protection from individual and blended threats, as well as coordinated security alerting, blogging, and reporting.

Carriers offer cloud-based network edge protection, as well as site-level solutions to protect your assets from external and internal threats. Security solution components—which are managed and maintained by the provider—typically include managed firewalls; intrusion prevention systems; antivirus, anti-spyware, and anti-spam software; and Web and content/URL filtering tools.

When delivered via a single platform, these components are classified as Unified Threat Management (UTM). When selecting a security solution, it is important to understand where the protection is being applied. In all scenarios, defense-in-depth is a best security practice.