Alibaba Cloud and Palo Alto Networks Joint solutions for Remote Educations
The global outbreak of COVID-19 has had a huge impact on the society and economy of all countries in the world. Health and safety have become the biggest concern of every organization and every person . With the spread of the virus, more and more companies select employees from home telecommuting , and more and more students also need the connection method carried out online learning.
According to the Ministry of Education March 2019 statistics, just in 2018, the total number of Chinese students studying abroad will exceed the 660 thousand people, continue to maintain the world’s largest foreign student source countries of position . In the current case the epidemic, there is a tremendous number of students, need to be able to have a quick and safe way, access overseas schools of applications, services, data and resources, in order to successfully complete the online course of learning tasks.
What’s more, in the past few weeks, the number of global new domain name registrations has increased by 10 times year-on-year . Among them, the number of domain name registrations related to the new crown virus is staggering. Since January , there have been 16,000 new domain names related to the new crown virus. Domain names are registered, and more than 50% of them are related to malware activities. The form of network security is not optimistic.
Therefore, how to provide remote users with comprehensive on-demand expanded VPN access, and at the same time provide secure access to applications and data, is a big challenge under the current demand for concurrent access of massive users.
Together with Palo Alto Networks , Alibaba Cloud relies on Alibaba Cloud’s global cloud platform resources, high-speed and stable cloud enterprise network (CEN) private network communication channel, and Alibaba Cloud’s new CDN ( Content Delivery Network ) , plus Palo Alto Networks ‘ global security platform and products have created a joint solution to meet the above-mentioned challenges of network stability, low latency, and security of overseas distance education.
Alibaba Cloud has ultra-large-scale data-centers all over the world, with 21 regions and 63 availability zones.
Increasing availability also provides a wealth of computing resources.
The Alibaba Cloud CDN (Content Distribution Network), full name, is the Alibaba Cloud Content Delivery Network and is built and run on a distributed network of edge node servers spread across different regions, replacing the traditional WEB Server-centric data transfer model. Publish the source content to the edge node, cooperate with the precise scheduling system, assign the user’s request to the node that best suits him, so that the user can get the content he needs as quickly as possible, effectively solve the Internet network congestion situation, improve the response speed of the user’s access.
Thanks to the rich infrastructure capabilities of Alibaba Cloud and more, we combine the security solutions of PaloAlto Networks to provide solutions for a wide range of overseas remote education scenarios. Here’s a real case:
An overseas university, a large number of Chinese students (more than 8,000) have returned China for festival holidays. Due to the pandemic, they have to provide online educations for those students. Affected by the current internet congestion, especially the access of overseas traffic, the stability is very poor. In order to resolves these challenges, the entire remote education platform has to be delivered and ready for services within a week.
This means that in a very short event we have to build a stable, highly usable, secure platform that was previously impossible. Because we all know that the purchase of private lines, compute resources, network optimization, etc. are often required months or longer. But now, relying on Alibaba Cloud’s VPC resources in Beijing, Shenzhen and Hong Kong, as well as the reliable connectivity services of CEN Cloud Enterprise Network, we have built two PaloAlto Networks access nodes in Beijing and Shenzhen for our users to meet VPN access needs in different regions. Remote users are connected to the school data center and various online educational resources via the VPN Portal of the unified Palo Alto Networks, as well as AD/LDAP integration and authentication with the overseas university, near to Beijing or Shenzhen Gateway, and through CLEN via the VPC of Hong Kong Regency.
In the actual deployment, in order to avoid a large amount of non-online education traffic consuming CEN bandwidth resources, the local IP address is updated to Gateway in Beijing and Shenzhen synchronously via Direct Dynamics List, and EDL-based forwarding policies are deployed to achieve the diversion of local Internet traffic on Gateway, ensuring that CEN resources are used more efficiently.
We also leverage Alibaba Cloud’s Global Acceleration Global Acceleration solution to support cross-border remote education. For example, the download and distribution of distance learning materials. Alibaba Cloud Global Acceleration is a network acceleration product. Relying on Alibaba’s high-quality BGP bandwidth and global backbone network, we help users achieve near-access worldwide to reduce the impact of network issues such as latency, jitter, and packet loss on service quality and enhance the service’s global access experience. With Alibaba Cloud’s global acceleration program, accelerated access to remote users on the mainland can be achieved for the school’s website content. Alibaba Cloud’s GA solution creates on-premises accelerated IP addresses for overseas services, allowing users to gain low latency, high-stability connectivity and usage experience by connecting directly to local accelerated IP addresses.
In the actual test, for the instance deployed on Alibaba Cloud Hong Kong VPC, the local acceleration IP address was provided by Alibaba Cloud Global Acceleration at Shanghai VPC. The test results show that the delay of connecting to this accelerated IP is only about 12ms, and the connection and usage experience of remote users has been greatly improved.
Besides, Palo Alto Networks provides Prisma Access’s SASE service, providing unified access to user data centers, corporate headquarters, branch offices, and remote access through a distributed architecture of more than 100 nodes deployed in 76 countries and territories around the world, with consistent security policy assurance.
As a result, global Protect Gateway nodes deployed in mainland China can be integrated with Prisma Access through the Alibaba Cloud CEN Cloud Enterprise Network solution to become The External Gateway for Prisma Access. Remote users around the world have secure access to Gateway near them through a unified Portal provided by Prisma Access, and access to internal applications, data, and various online resources based on a unified security policy.
Palo Alto Networks established a cloud partnership with Alibaba Cloud in 2018 to ensure customer a secure Cloud Journey. Alibaba Cloud offers a comprehensive suite of global cloud computing services to support the online business of international customers and Alibaba Group’s own e-commerce ecosystem. Alibaba Cloud’s vision is to make computing the engine of the DT world. As a partner of Alibaba Cloud, Palo Alto Networks wants to continuously address threats to your cloud and use it securely.