Smart Access Gateway: A Smarter Way to Connect Your Enterprise to Alibaba Cloud
Alibaba Cloud Suite of Network Products
With more than 1 million enterprise users across multiple industries, Alibaba Cloud is constantly aiming to better serve our customers by connecting resources in various regions through networking technologies. Adhering to the aim of “making the network simpler”, after years of R&D and design, Alibaba Cloud network has made great achievements and has one of the most abundant network products in the industry. Based on different application scenarios, these products can be roughly divided into four categories, as follows:
- Network on Cloud — Luo Shen: At first, Alibaba Cloud networks were all classic networks. Later, considering factors, such as security and stability, Virtual Private Cloud (VPC) networks were introduced. Once an enterprise’s business is connected to the cloud, the first consideration is the public network capability of the products on the cloud, that is, the ability to provide services to the external Internet or the ability to access the Internet. Server Load Balancing (SLB) can implement cluster deployment to provide services to the external, the Network Address Translation (NAT) gateway can specify an IP address to enable multiple cloud servers to access the public network, and the Elastic IP (EIP) can be bound to the Elastic Compute Service (ECS), SLB or NAT gateway, thus enabling public network capability. Enterprises requirements are continuously increasing, and higher requirements are put forward for costs on the basis of functionality. Alibaba Cloud continues to introduce the Data Transfer Plan and shared bandwidth, which can further reduce operating costs in combination with the business scenarios of enterprises. In recent years, IPv4 has encountered a bottleneck, and more terminal devices began to support IPv6. However, the servers only support IPv4, which causes communication congestion due to mismatched network environments. To meet the demand of IPv6, Alibaba Cloud has launched an IPv6 conversion service. Enterprises can provide IPv6 services externally by simply setting up the conversion service on an IPv4 server.
- Cloud-to-Cloud Network — Zhi Nv: As enterprises get connected to the cloud, more services are on the cloud, and they are getting more complex. To better maintain different services, it is suggested to deploy different services in different VPCs. However, how can we implement Intranet communication between different VPCs? Through automatic route distribution and learning, the Cloud Enterprise Network (CEN) can improve the quality and safety of the rapid network convergence and cross-network communication, enable interconnection of resources across the network, and help enterprises build an interconnected network with enterprise-level scale and communication capabilities. Global Acceleration (GA) provides network acceleration for a specified region. For example, if the data center is located in Hangzhou, China, and the business is located in the western United States, you only need to purchase an EIP in the United States, and connect to ECS in Hangzhou through Alibaba Cloud’s backbone network to realize global acceleration.
- Network Accessing the Cloud — Chang’e: Some enterprise business systems can all be connected to the cloud, while some business systems cannot (such as finance systems). Therefore, building a hybrid cloud has become an increasingly popular choice, because it not only takes advantage of powerful computing, storage and network capabilities of the public cloud, but also has the security of the private cloud. To better meet the needs of enterprises in different scenarios, Alibaba Cloud provides a high-speed channel, VPN, and Smart Access Gateway based approach to achieve the rapid connection of local branches or outlets, and IDCs to the cloud, building a secure, stable, and reliable hybrid cloud architecture.
- Smart Network — Qi Tian: Intelligentizing services has always been the aim of Alibaba Cloud network. To simplify the network, Qi Tian can perform big data analysis on the existing network data, provide network planners and operators with solutions to various problems through human-computer interaction, and help enterprise network maintenance personnel and planners to improve efficiency. It is currently in open beta testing and is expected to be launched in 2019.
After nine years of development, Alibaba Cloud services have spread all over the world. More than 150 kinds of cloud products are available, which are very abundant, involving basic computing, storage, network, security, big data, and artificial intelligence. At the time of writing, the infrastructure is distributed across 52 data centers in 19 regions on 5 continents, including China, UK, France, USA, Singapore, Dubai, and other major regions.
Alibaba Cloud Smart Access Gateway
Smart Access Gateway (SmartAG) is a one-stop cloud access solution provided by Alibaba Cloud. This allows enterprises to access the nearest cloud resources through the Internet in encrypted mode, and enables a more intelligent, reliable, and secure cloud access experience.
- Support for various terminal forms: Based on different Smart Access Gateway products, terminal devices support mobile apps, computer desktops, and data center racks, and can connect branches or outlets, single clients and local IDCs to the cloud;
- Cross-regional interconnection: The Smart Access Gateway instance establishes a virtual leased line based on IPsec, and accesses the nearest POP node through automatic route learning, achieving cross-regional interconnection;
- Interconnection on cloud: Cloud Connect Network (CCN), Virtual Border Router (VBR), and VPC on cloud can be interconnected through CEN to realize global interconnection, and leased line transmission, thus improving the stability and speed of data transmission;
- Cloud-network integration: All network products are controlled centrally on Alibaba Cloud Console, to realize unified monitoring and management, improving the overall network O&M efficiency.
The Smart Access Gateway mainly consists of three components: Smart Access Gateway devices, Smart Access Gateway instances, and CCN. The Smart Access Gateway provides a hardware gateway device for offline branch to access. A gateway device can be purchased by creating a Smart Access Gateway instance, and Alibaba Cloud will deliver goods according to the provided delivery address. A Smart Access Gateway instance is a logical mapping of the hardware device, which can be managed through Alibaba Cloud Console to operate the devices. Cloud Connect Network (CCN) is another important component of the Smart Access Gateway. CCN is a device access matrix composed of Alibaba Cloud distributed access gateways. The full connection between the offline access matrix and the on-cloud center matrix can be implemented by binding multiple Smart Access Gateway devices to CCN, and then binding CCN to CEN.
Alibaba Cloud Smart Access Gateway has launched 3 products in the whole series: the software client, SAG-100WM and SAG-1000. A software client is a software app suitable for mobile office and remote O&M. SAG-100WM is applicable to the branch interconnection and cloud access for small enterprises, and supports 4G and WI-FI. SAG-1000 is applicable to the branch interconnection and cloud access for large enterprises, especially the communication between local IDCs and headquarters or on-cloud data centers.
Features of Smart Access Gateway
Smart Access Gateway provides a fast cloud access solution with the advantages of high intelligence, security, and reliability.
- Intelligence: The configuration is highly automatic and out-of-the-box, and network topology changes converge quickly and adaptively. The control is centralized and Alibaba Cloud Console is used as the global management view. The bandwidth can be upgraded or downgraded at any time based on the service to meet service communication requirements;
- Low cost: The configuration is automatic, which is free of configuration and O&M, and is out-of-the-box, greatly reducing labor costs;
- Security: Encrypted interconnection of hybrid cloud private networks — encryption and authentication are performed during Internet transmission. Data encryption — IKE and IPsec protocols are used to encrypt the transmitted data to ensure data security. Anti-replay attacks — the data source is authenticated to prevent replay attacks. Anti-tampering — data is authenticated in various ways;
- High reliability: Device-level disaster tolerance — dual-device active/standby mode is implemented so that the traffic is immediately distributed to the standby device when the active device fails. Link-level disaster recovery — each gateway device implements dual-link sealed access. The optimal link is automatically detected and assigned to be the active link. Traffic is distributed to the standby link when the active link fails. Leased line access-level disaster tolerance — Combined with leased lines, it can be used as a hybrid cloud disaster tolerance solution. In case of failure, switch lines to ensure the stability of service communication.
Smart Access Gateway can seamlessly achieve cloud-network integration (CNI). It connects various offline terminal devices, such as mobile phones, computers, and IDCs, to POP nodes all over the world, through distributed hardware boxes, and then the cloud and the network are integrated through CEN to implement a full interconnection network.
In actual networking, Smart Access Gateway supports two modes, which are one-arm and inline. SAG-100WM supports both one-arm and inline modes. With a simple configuration, an enterprise’s branches and outlets can be quickly connected to the cloud, such as a new retail store. SAG-1000 supports one-arm mode. It requires refined network planning in combination with network settings, such as routers and switches, to enable local IDCs to be quickly connected to the cloud, such as a large shopping mall.
Performance of Smart Access Gateway
As a product of SD-WAN, Smart Access network has great advantages in specific scenarios. Compared with VPN and public network access, Smart Access Gateway provides superior data access quality and access speed through automatic routing of POP nodes and transmission over Alibaba Cloud backbone network. Compared with leased lines, Smart Access Gateway greatly reduces costs. It is also very convenient to deploy, monitor, and manage data in a unified manner on the cloud, which can improve the O&M efficiency and project launch speed of enterprises.
A POC test shows that the quality of data transmission based on Smart Access Gateway is far superior to that based on the public network transmission. Especially in cross-border data interaction, Smart Access Gateway can effectively guarantee the transmission speed and packet loss rate to improve the stability of data access.
Application Scenarios of Smart Access Gateway
With the development of the Internet, enterprises have higher requirements for data transmission, such as intelligence, security, and high reliability. Smart Access Gateway can meet the needs of enterprises based on its inherent advantages, and it has been used in various industries, such as new retail, logistics, medical treatment, online education, and chain catering.
Some businesses of an enterprise are connected to the cloud, providing services on the Internet or backing up some data to the cloud. Considering the security of the data transmission process from local to cloud, it has certain control over the cost of building a hybrid cloud. At the same time, it has certain requirements on the quality of data communication and intelligent O&M. So, Smart Access Gateway is an excellent choice for enterprises. It is out-of-the-box, has a short deployment cycle, and is free of configuration and O&M. Encrypted transmission over the Internet enables secure data transmission, quickly building a stable and reliable hybrid cloud architecture.
An enterprise has multiple offline branches or outlets, and they need to communicate with each other. In the traditional solution, leased lines/VPNs are used, which is time-consuming, labor-intensive and costly. To improve network security and deployment efficiency, and reduce the O&M costs of the enterprise, Smart Access Gateway can well meet the needs of the enterprise. Only a few Smart Access Gateway hardware boxes need to be purchased and then connected to CCN based on IPSec, to implement interconnection communication between all branches.
Hybrid Cloud + Multi-Region Interconnection
An enterprise has multiple offline branches or outlets, and has services on the cloud. These branches (or outlets) need to communicate with the services on the cloud. With Smart Access Gateway and CEN, a low-cost solution can be quickly built to implement a full interconnection network.
Cost-Efficient Backup Link
Some enterprises have extremely high requirements on the stability of data transmission. For hybrid cloud deployment, it is necessary to set up a master-slave redundancy mechanism, but it has a certain budget for the cost, and focuses on the network operation efficiency. Smart Access Gateway can provide redundant backup links. In the normal status, a leased line is preferentially selected for the link. In case of uncontrollable faults, such as broken or damaged optical cables, the Smart Access Gateway line will switch automatically to provide network communication services, thus ensuring the stability of service data transmission.
Visit https://www.alibabacloud.com/products/smart-access-gateway to learn more!