The last year has certainly proven that businesses need to be able to respond, at speed, to changing internal and external factors for business continuity. During this time many businesses responded with tactical tech deployments, however organisations now have a chance to take a step back, think strategically, and build a secure networking foundation which transforms the business moving forward.
Networking is often seen as a bottleneck in digital transformation due to traditional connectivity methods, delivery times and complex “after-thought” integration. However it is essential in order for everything to work and your organisation to function effectively.
So, what practical steps can be taken to plan for any and all scenarios and move forward into the new ways of working? There are a few key cloud architectures and technology options for future-proofed business continuity and disaster recovery (DR). At the start of the year we released a whitepaper which looked at these in detail – read on for a summary and to get an understanding of architecture patterns for adopting new cloud technology or simply using cloud to augment your existing infrastructure.
Common architectures to connect to cloud
As a first step towards business continuity, organisations must ensure that secure connectivity to both cloud environments and on-premise architecture is in place. This creates the foundation for seamless integration and adoption of future technologies. Here are the main options to consider:
IPsec site to site VPN:
In this connectivity pattern, the cloud provider supplies a configuration (sometimes in the vendor specific code) to download and apply on the router or firewall. The usual method of connecting to the cloud environment is to use a virtual gateway (VGW) or VPN gateway; each cloud provider has the same concept, but different naming conventions.
This method provides a private connection to the cloud service provider from an organisation’s infrastructure. This is effectively a private physical circuit, which is a point-to-point L2 connection to the previously mentioned virtual gateway (VGW). The provider will typically deploy a physical circuit from the organisation’s data centre to the cloud environment, avoiding overload on the internet circuits.
Distributed connectivity fabric:
With an agnostic connectivity platform, organisations can use any method of connectivity, whether VPN traversing the internet, data centre cross connect, direct connection and many others. This allows organisations to connect estates to multiple cloud fabrics at speed and with flexibility on the connection route. Alternatively, organisations are able to connect via IPSec VPN, using the internet as transit.
Learn more about the pros and cons of each of these methods in the full whitepaper here.
Options to future-proof the business
With the correct connectivity foundation in place, organisations have the agility to transform, adopt and migrate to cloud technology, review existing infrastructure and plan for business continuity and disaster recovery. IT Leaders now have the chance to strategically review infrastructure, to act in the long term benefit of the business.
So, what tech can you adopt in order to respond to immediate external influences and prepare your organisation for continuity and disaster recovery moving forward? Here are 3 options which we’ve seen skyrocket over the last 12 months:
Virtual Desktop Infrastructure (VDI):
Virtual desktop infrastructure (VDI) is a technology that refers to the use of virtual machines to provide and manage virtual desktops. As a solution, VDI technology can also be wrapped up in the term Desktop-as-a-Service (DaaS). The adoption of VDI has instigated a move to Bring Your Own Device (BYOD) in many organisations.
With VDI built in the cloud, desktops can be spun up and locked down with ease and flexibility. Using the cloud provider’s internet to access the VDI means that no extra strain is being generated from users accessing the internet within the organisation’s data centre. The VDI creates an ‘air gap’ between the device and the infrastructure. The setup can be designed with a full protocol break, which ensures that nothing can be downloaded or configured from the device and the gap between the machine and infrastructure prevents and protects from external viruses. This moves organisations close to a Zero Trust Network Access (ZTNA) architecture.
Get the full deep dive into VDI including architecture patterns from the whitepaper here.
Using a cloud-based Remote Access ‘farm’ enables the flexibility to only activate access at the click of a button. The connection used could be an IPsec VPN or an SSL VPN to create a secure tunnel from the device to the infrastructure. From a business continuity perspective, this can be deployed in the cloud and simply scaled in the event of a disaster or other scenario. Spend is vastly optimised with no wastage to account for.
The difference between Remote Access and VDI is that by using a VPN to access the estate, it doesn’t create an air gap between the device and an organisation’s network. By accessing the network using Remote Access, the machine is connected directly on a network level to the infrastructure. The organisation’s entire network would potentially be at risk if the correct security provisions aren’t in place.
Get the full deep dive into Remote Access including architecture patterns from the whitepaper here
Web Application Firewall (WAF):
If VDI or Remote Access is too costly or complex for an organisation to deploy, internal teams don’t have the expertise, or complexity around compliance and governance is a hindrance, applications can still be securely presented to the outside world. In the event of a business continuity scenario, applications can be presented externally over the internet, using security protocols, to automate an organisation’s estate.
Many applications are now web-based, whether that’s an external or internal service. These applications are provided over Hypertext Transfer Protocol Secure (HTTPS) within a web browser. By protecting an application hosted either in the cloud or on-premise using a WAF, the organisation is effectively implementing a secure front door. The WAF will decrypt traffic to the application, also known as SSL offload, to enable traffic and apply security protocols such as a UTM, checking to see if users are trying to run a virus or if the application is under attack in any way. The only thing that may change from a user perspective is the URL used to access.
Get the full deep dive into WAF including architecture patterns from the whitepaper here.
Following the patterns shared in the whitepaper, organisations can first get connectivity in place to enable better visibility and control of their network to then be able to seamlessly adopt new cloud-based technology. Any technology can then be deployed according to business continuity needs. The key here is that the connectivity piece brings businesses the ultimate choice for businesses to become more agile and face any and all scenarios in the future.
Download the Future-Proofing Infrastructure for Business Continuity and Scalability whitepaper for more information.