Alibaba Cloud Releases PrivateLink to Help Enterprises Build Private Network Services
Catch the replay of the Apsara Conference 2020 at this link!
At the Apsara Conference 2020, Zhu Shunmin, Researcher of Alibaba Cloud’s intelligent network products, introduced the PrivateLink, a product for private network connection. PrivateLink uses Alibaba Cloud’s private network for business interaction. With private network connections, users of Alibaba Cloud can access services provided by other Virtual Private Clouds (VPCs) through private networks, without additional Internet egress services. This ensures higher security and better network quality by preventing interactive data from going through the Internet.
What is PrivateLink?
In the past, enterprises needed to create Internet egresses to provide on-cloud services or access resources of other business networks. Enterprises used products, such as Enterprise Information Portal (EIP) based on elastic public networks, Server Load Balancing (SLB) for public networks, and gateways for Network Address Translation (NAT), to create connections and provide on-cloud services. However, as the number of enterprises on the cloud gradually increases, enterprises also gradually want to provide services on the cloud network. They hope to provide services and achieve mutual access through the internal network of Alibaba Cloud. By doing so, they can solve problems, such as relatively low security and high network latency. Fortunately, PrivateLink can provide private network connections within the cloud.
What Scenarios May Require PrivateLink?
There are a large number of business scenarios on Alibaba Cloud, such as enterprise internal services, inter-enterprise on-cloud services, and on-cloud enterprise ecosystems. PrivateLink can be applied to establish secure and stable private connections between VPC and Alibaba Cloud’s services. This provides a flexible configuration to meet the needs of different scenarios.
Scenario Example 1: Sharing Cloud Services Across VPC Networks
Through PrivateLink, the SLB service of one VPC can be shared with other VPC, achieving cross-VPC private access of the SLB service.
As shown above, to achieve private access to the SLB service in VPC2, the SLB service needs to be added into the endpoint service as a service resource first. Then, endpoints for accessing the SLB service need to be created in VPC1. Thus, VPC1 can access the SLB service in VPC2 through endpoints.
Scenario Practice 1: An enterprise-level SaaS cloud service allows services to be provided on Alibaba Cloud’s intranet. Enterprises or individuals can access service resources across regions and share the low-latency, high-availability, and high-security network of Alibaba Cloud.
Scenario Practice 2: Large and medium-sized enterprises or multinational companies set up the service releasing layer at the enterprise level. Each subsidiary and overseas office can access service resources through PrivateLink, achieving multi-account, multi-VPC fast interconnection, and security. PrivateLink can help these enterprises and companies migrate all their business to the cloud, making business usage and interconnection more convenient and reliable.
Scenario Example 2: Sharing On-Cloud Services in One VPC With a Local Data Center
Through PrivateLink, the SLB service in one VPC can be shared with a local data center, achieving on-cloud access to the SLB service in off-cloud private networks.
As shown above, to achieve private access in a local data center with the SLB service in VPC2, the SLB service needs to be shared with VPC1 first. Then, VPC1 will be connected with a local data center through a leased line, VPN gateway, or Smart Access Gateway (SAG.) In this way, private access from a local data center with on-cloud SLB services can be achieved.
Scenario Practice: When Independent Software Vendors (ISV) and System Integrators (SI) construct cloud ecosystems with enterprises, more of their offline services are migrated to the cloud. They build their own services on Alibaba Cloud or connect their local Internet Data Center (IDC) services to Alibaba Cloud. By doing so, they can help their long-term enterprise users to achieve more efficient and high-quality cloud migration.
What Are the Benefits of PrivateLink?
Communication in Private Networks
Alibaba Cloud network services provide stable, secure, reliable, low latency, and high-quality network communication. Alibaba Cloud network has more than 21 regional data centers, 63 availability zones, and over 120 Point of Presence (PoP) nodes globally. Through PrivateLink, access traffic is forwarded within the Alibaba Cloud intranet, which avoids potential risks caused by public network access.
Security and Reliability
When accessing on-cloud services through PrivateLink, users can add security group rules to Elastic Network Interfaces (ENIs) that are used to access services in a VPC. This provides enhanced security protection and control measures, so traffic stays within the Alibaba Cloud intranet. Therefore, the possibility of data leakage can be greatly reduced, and network security issues, such as attacks, can also be avoided.
When accessing on-cloud services through PrivateLink, access requests are forwarded in the same availability zone with lower latency and jitter. At the same time, the underlying layer of the Alibaba Cloud network has high availability and reliability.
When accessing on-cloud services through PrivateLink, networks of service providers, and service users can be planned separately. There is no need to worry about address collision. By separately planning networks, the routing configuration can be simplified. Cross-account service access is also supported, which simplifies account management and security.
Network development is the most important thing for enterprises when migrating to the cloud. The Alibaba Cloud network provides enterprises with various cloud network services. Users can select connection services in public or private networks based on business characteristics. With these services, users can optimize business modes and access quality. They can also comprehensively allocate usage costs and simplify O&M management. PrivateLink provides more stable and secure network services and brings about new opportunities in terms of business modes as well.