MPLS: The Go-To Cloud Connection
Cloud security and quality-of-service challenges may be best met by virtual private networks based on MPLS.
May 21, 2012
By Joan Engebretson
While cost savings and productivity gains are fueling enterprise demand for cloud, security and quality of service pose challenges challenges that channel partners are finding may be best met by virtual private networks based on MPLS.
For telecom sales agents who traditionally have focused on commodity connectivity services, the advent of cloud services offers an opportunity to move up the value chain. Many communications service providers, including some who rely heavily on agents and other third parties as their sales channel, are developing cloud services and are making those services available through their channel partners. Selling these services and educating customers about connectivity requirements and options to support these services can help agents break out of the rut of selling exclusively or primarily on price. And some service providers have taken steps to help agents address this market by, for example, establishing recommendations for class-of-service parameters based on the applications an enterprise is using.
Similarly, VARs and systems integrators also are advising enterprise customers on their public and private cloud computing deployments and in that role they are well positioned to explain the benefits of MPLS as a method of connecting enterprise locations to the cloud.
Some of the most sophisticated VARs are developing their own cloud services and connecting their data centers to the carrier MPLS networks. This can be a substantial benefit for customers who use the carrier’s MPLS service because the process of adding the cloud service provider to the enterprise VPN is simplified, requiring only a soft turn-up, rather than new infrastructures to be put in place. And connection to the MPLS network enables the cloud service provider to support secure communications with end-to-end class of service a capability that can enhance the value of real-time or mission-critical cloud services such as communications-as-a-service and security-as-a-service. In some cases, MPLS connectivity may be bundled as part of cloud-based CaaS, security or other offerings.
Evaluating Cloud Connections. Multilocation enterprise networks have been transitioning away from a hub-and-spoke approach to any-to-any connections. The advent of cloud services should further fuel the trend as enterprises now will need to establish connectivity not only between multiple enterprise locations but also to the data center and potentially multiple cloud providers.
Two major types of Layer 2 and three types of Layer 3 connections are commonly used to support multisite connectivity for cloud applications. The Layer 2 options include virtual private networks based on E-LANs (which may be based on VPLS or other connection types) and frame relay/ATM. The Layer 3 options include basic Internet access or virtual private networks based on IPSec and MPLS IP VPNs.
The easiest option for enterprises to implement is to simply connect to cloud services using existing Internet access links. From the enterprises point of view, this approach minimizes the effort and investment required to connect to cloud services. The only investment may be to upgrade the capacity of that link to support the increased traffic level.
There are two major disadvantages of this approach, however:
One is that basic Internet access does not offer the level of security that any of the Layer 2 or Layer 3 virtual private network options provides. The added security of a VPN may be a critical requirement for any service that involves the transportation of mission-critical enterprise data, including storage services and other infrastructure-as-a-service offerings; or for certain software-as-a-service offerings such as credit card processing, customer relationship management, or human resources.
The second major drawback of basic Internet access is that it supports only best effort service, while all of the other options can support multiple classes of service. The ability to prioritize certain types of communications can be critical for certain types of cloud applications such as video conferencing, unified communications and hosted VoIP services. Higher-priority classes of service also may be important for certain mission-critical applications such as credit card processing.
And although VPNs are particularly well suited to certain types of cloud computing and cloud services, they can also be positioned as a means of connecting any type of cloud application. A case can be made that only with a VPN can a customer retain the same level of security and performance from cloud applications that users are accustomed to experiencing from premises-based applications.
The question then becomes how to position MPLS vis-à-vis other VPN options.
As the table shows, IPSec is best suited to enterprises that require encrypted communications for added security. But as we have seen, the other VPN options including E-LAN, frame relay/ATM and MPLS IP-VPNs use network tunnels to isolate an individual enterprises communications from those of other customers, offering ample security for most customers. In addition, all three VPN options can support multiple classes of service.
The issue then becomes whether the customer wants Layer 2 or Layer 3 connectivity.
On the Layer 2 side, the frame relay/ATM option is declining in popularity, in large part because configuring interconnections between individual locations is more cumbersome than with the other VPN options. But although frame relay and ATM are not typically chosen for new deployments, customers whose existing networks are based on those communication types may opt to continue to use these familiar communications technologies to support their ventures into cloud computing.
For those customers with little or no existing investment in frame relay or ATM, the decision whether to use a Layer 3 VPN based on MPLS or a Layer 2 VPN based on MPLS/VPLS or another technology typically depends on the level of control that the customer wants to have. As we have noted, enterprises with extensive IT resources may prefer a Layer 2 approach, while those lacking IT resources are more likely to prefer a Layer 3 approach. Here, too, customers with a significant investment in one approach or the other will tend to continue with that approach.
If a customers existing network is not a consideration, however, a case could be made that MPLS IP VPNs are the connectivity option best suited to support cloud applications. While all of the VPN options including E-LAN, frame relay/ATM, IPSec VPNs and MPLS IP VPNs support security and class of service, MPLS IP VPNs are the easiest to implement from the customer point of view (see table).
Thats an advantage that may resonate particularly well with enterprises adopting public cloud services as those services, like MPLS IP VPNs, aim to minimize the enterprises own resource requirements and enable the enterprises IT resources to be devoted more toward strategic initiatives.
Another factor that could tilt a customer toward the use of MPLS-based VPNs is that some cloud providers already are connecting to carrier MPLS networks with the goal of simplifying the process of connecting enterprises to the cloud services. When this approach is taken, it is a simple process for the customer to connect to the cloud provider, whose data center essentially becomes another node on the service providers MPLS network.
Further more, MPLS service can be supported over a comparatively low-speed DSL connection, making it suitable even for businesses in suburban strip malls or other areas that lack higher-speed options. One option that may be particularly appealing to this market is MPLS over a DSL connection in combination with two analog voice lines, with the MPLS link being used to support cloud applications such as credit card processing.
Channel partners may find it easier to sell cloud security services to business customers by explaining how that option can reduce the customers overall connectivity costs. When the managed firewall option is chosen, all customer traffic to and from the Internet goes through the service providers point of presence, where security services are applied. This is the same point of presence where the service providers MPLS routers are located and to which the customer must connect to obtain MPLS connectivity to support the virtual private network interconnecting enterprise locations.
Accordingly, the customer can use a single physical connection from each location to reach both the Internet and the enterprise VPN by using separate virtual connections carried over the same physical link. Although the total bandwidth required would be the same as if the customer bought two separate services, with one going to the MPLS providers POP and the other to the Internet provider, the cost of a single higher-bandwidth connection is typically lower than the cost of two separate lower-bandwidth connections.
Cloud services offer new ways of overcoming one of the biggest objections channel partners encounter when selling communications services: the customers multiyear contract with another service provider. One option is to sell MPLS as a means of backing up the customers existing connection and handling overflow traffic, using the class of service capability of MPLS to prioritize traffic on the backup link.
Because MPLS is so versatile, it is well suited to supporting a wide range of applications. This means that once business customers have made the decision to use MPLS, it can serve as a platform for other new services including services such as video or SIP trunking that require class of service, as well as a growing range of cloud services. This in turn, should help drive future bandwidth upgrades and help cement the channel partners relationship with the client.
Joan Engebretson is a freelance writer who has been covering the telecommunications industry since 1992. She is a former editor for America’s Network and Telephony magazines.
Read more about:
AgentsAbout the Author
You May Also Like