A Network That Networks — Part 2: Deployment Usage and Expansion

Image for post
Image for post

By Raghav K.

Infrastructure management and operations are bound to maintain synonymity for an organization to expand into a region or globally. The second part of this article on the Alibaba Cloud Global Network and Solution will discuss how to deploy using Alibaba Cloud’s line-up of networking solutions using a usage scenario that further explores the options of rapid expansion globally.

Deployment

The previous article explored technological options to achieve contactless access systems in the workplace to replace smartcards or key type entry. An application was developed to achieve this feat using Alibaba Cloud solutions at the infrastructure level.

If it’s a co-working space, this could open a new monetization scenario for the workplace agency. They can configure the backend platform to isolate paid and free resources at the workplace, just like a meeting room usage scenario. The agency can grant access to members that have paid the organization fees. Members can remotely unlock the space and access the rooms whenever required.

The Smartphone application could be used to issue or revoke keys and offer a variety of new membership plans. These plans can be synced to different access timings for different personnel. Timing profiles based on these plans can be implemented, for example, 24/7 access or 9 am to 5 pm access.

Infrastructure Requirement

A Virtual Private Cloud (VPC) needs to be set up at the workplace and has to be connected to the organization’s on-premises data center where its member information is stored. This adds another layer of complexity to the infrastructure and provides a secure and robust connection to maintain a high level of service.

VPN Gateway

Alibaba Cloud VPN Gateway service can be deployed to establish a connection between the organization’s VPC and its on-premise data center.

Image for post
Image for post

Some of the Alibaba Cloud VPN Gateway benefits are listed below:

Security: The VPN Gateway provides various security measures to ensure data security, including data source verification, encryption, anti-tamper protection, and anti-replay.

The communication between the isolated VPC is IPsec-encrypted, ensuring a secure data transmission over the Internet. An IPSec VPN tunnel works to protect the IP packets exchanged between remote networks and the VPN Gateway located in a private network. IPSec has protocols to establish mutual authentication between agents as the session starts and the negotiation of cryptographic keys during the session.

Reliability: If an active VPN gateway fails, the Alibaba Cloud VPN Gateway offers a standby gateway to assume the responsibility of the primary gateway.

Easy Configuration: The Alibaba Cloud VPN Gateway is an out-of-the-box service. It provides a software-defined network that can offer easy customization and management of the organization’s network. Any changes to the configuration of the VPN Gateway reflect in real-time.

NAT Gateway

An organization has to ensure that its applications are running at low latency and low-cost, even when the users increase. Service stability has to be ensured even with constant fluctuation.

Image for post
Image for post

Alibaba Cloud NAT Gateway sits between the organization’s VPC and the users. When the network traffic fluctuates, the NAT Gateway allows multiple IP addresses to share the same bandwidth. The NAT Gateway achieves this by configuring SNAT and DNAT entries, which allow more flexible use of network resources. Some of the benefits are:

  • Service Delivery: VPC-connected ECS instances can deliver services to the Internet through port mapping and IP address mapping. You can also associate an EIP with a NAT gateway.
  • Easy Usage: The Alibaba Cloud NAT Gateway provides SNAT and DNAT functions, which cuts down the need to build your own SNAT gateway for your servers. SNAT allows ECS instances without public IP addresses in a VPC to access the Internet. SNAT also offers a firewall functionality that prevents unwanted access to backend servers. After you configure SNAT entries to allow backend servers to initiate connections with specific external terminals, only these external terminals will be able to access the backend servers.

DNAT supports port mapping and IP mapping. It can be used to map a public IP address associated with the NAT gateway to an ECS instance. This enables the ECS instance to be accessible from the Internet.

  • High Performance and Availability: The NAT Gateway is virtual network hardware that is based on Alibaba Cloud’s self-developed distributed gateway. It is supported by SDN virtualization technology that offers a forwarding capacity of up to 10 Gbps. The NAT Gateway supports high-bandwidth throughput and a large number of connections.

NAT Gateway supports large-scale Internet applications and cross-zone disaster recovery. If a failure is recorded in a single zone, it will not affect the service of the NAT Gateway. VPC-connected ECS instances can share Internet bandwidth to reduce costs.

A Network That Networks: Part 3

The next part of this article series will discuss expansion scenarios for your organization to multi-zone and then from multi-zone to global expansion. To achieve this, Alibaba Cloud products and solutions can be leveraged for a more stable and reliable infrastructure.

Original Source:

Written by

Follow me to keep abreast with the latest technology news, industry insights, and developer trends.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store