If you run workloads on the cloud, but need the privacy and security features of a VPN-protected network, Alibaba Cloud offers an interesting solution, called ExpressConnect. ExpressConnect allows you to set up a secure network framework.
ExpressConnect can be particularly useful in situations where you need to maintain a hybrid cloud, with some of your business-critical workloads hosted in the cloud, and others run locally. Such an architecture may require you to move sensitive data between the cloud and on-premises infrastructure. ExpressConnect provides a way to transfer such data securely.
In this article, I walk through the steps of using ExpressConnect to build a secure hybrid cloud connection framework using Alibaba Cloud.
Configuring an ExpressConnect
To create an ExpressConnect, you first need to set up a Virtual Private Cloud (VPC). To do this, on the main dashboard, select VPC (Virtual Private Cloud):
Then select the zone where you want to create the VPC. In my case, I chose China East 1 (Hangzhou).
On the next screen, we will add the name of our VPC.
The next screen covers the configuration of the named switch. The CIDR is predefined. The Zone within the region that we selected is also finalized here, and the range of IP that this switch will have.
Here, our VPC is created.
Now, we can go on to create our ExpressConnect instance using the button on the left-hand side of the VPC configuration menu.
Select the above option. and you will drop into the ExpressConnect configuration page.
Let’s create a Route Interface by clicking the Create Route Interface button on the right side at the top of the screen, so that a route is created between one environment and another. It is necessary to create a VPC in each region that you want to interconnect — Otherwise, you will not advance to the next screen. The amount you will pay monthly or per use is directly related to the locations you wish to link to.
After selecting the locations and the interfaces that they will connect to, click Buy Now. The screens that follow are payment screens (so you do not need the print of them in this article). After confirming the payment, the route created in the Express Computing dashboard will appear as shown below.
Notice that on the right side, we have the option of Initiating, because when creating the connection, it does not start automatically. When we click on Initiate, the connection between the parties is established.
After configuration and execution, the route settings can be changed, even with other routes from the same account or with routes configured in another account, if required. This is important in situations when you have partner companies, when one company buys the other, or there is some kind of federation between companies.
Click Vrouter on the name of your route to view the interconnections.
All network interconnections are made through this screen. Those comfortable with network settings will find it easy to manipulate the info here. We can create new switches and new routers through this interface.
In the VPC overview, we can find the active configuration information.
In this VPC, I have an instance running with CentOS.
ExpressConnect reminds me of one of my first experiences with Microsoft training, back when Active Directory replication started. At the time, if we had domain controllers that were distant from each other, we could have serious problems with replication. A VPN solution like ExpressConnect eliminates these problems, thanks to the synchronization between domains and the information that it provides.
As I have shown in this article, ExpressConnect is straightforward to set up, providing an easy solution for building the secure connection framework required for a hybrid cloud architecture.
Brena Monteiro is a Fixate IO Contributor and a software engineer with experience in the analysis and development of systems. She is a free software enthusiast and an apprentice of new technologies.