Building Secure, Private Cloud Networks for AWS Bedrock

Joint Technical Webinar

Why the World Needs Cross-Cloud Service Connect

Our recent introduction of Cross-Cloud Service Connect support on the Prosimo platform represents a critical milestone in our multi-cloud networking solutions, fostering seamless and secure connectivity for services across diverse cloud environments. The driving force behind this lies in the dynamic shifts within business strategies. Modern enterprises swiftly embrace hybrid and multi-cloud approaches, leveraging various best of breed services to architect and oversee their applications. However, our interactions with these enterprises underscore a recurring trend – excessive emphasis on the networking layer often diverts attention from the core goal of cloud networking: application/service layer connectivity, security, and performance.

Join me in uncovering the drivers that led us to build and deliver the Cross-Cloud Service Connect functionality, which empowers businesses to navigate the complexities of multi-cloud environments, ensuring robust and streamlined connections tailored to their operations.

Use cases driving Cross-Cloud service Connectivity

Distributed Data Access

Enterprises today harbor application suites dispersed across various cloud environments, necessitating seamless connectivity, availability, and security for critical business data. For instance, envision an enterprise operating an AI platform empowering financial analysts, utilizing services across major providers like Google’s BigQuery, AWS Sagemaker, Azure ML, and more.

Business Partner Connectivity

Establishing partnerships between enterprises demands communication between specific applications or services within their respective multi-cloud environments, each with unique connectivity and security requirements.

Developer Self-Service

The challenge lies in efficiently provisioning networking, access, and security services for varied application teams in a sprawling enterprise with diverse business units empowered to select their preferred cloud providers.

Challenges with Cross-Cloud Connectivity

Lack of service awareness with network layer connectivity model

Most current solutions solve the Cross-Cloud connectivity problem at the network layer. These solutions are unaware of services and applications running in the network. This approach is about building pipes between clouds and providing firewall-based controls for security. This might be sufficient from the connectivity point of view but quite limiting from the visibility, granular policy-based controls and troubleshooting aspects. Enterprises should not worry about IP addresses and port numbers in the cloud, but should be equipped with service / App level visibility and controls.

High infrastructure costs

Infrastructure cost needs to be carefully considered to provide a cost-optimal Cross-Cloud solution. Some VM-based approaches need more flexibility to scale up and down based on load. This results in higher enterprise cloud costs, negating Cross-Cloud infrastructure’s benefits.

Agent-based deployment models

Service-mesh solutions provide service / App layer connectivity at the other end of the spectrum. Still, most of them require a deployment model where an agent in the form of a sidecar proxy must be installed as part of the application. This is only a feasible approach for a few customers.

Solving Cross-Cloud Connectivity at the Service layer

We built Prosimo to help customers quickly connect between different clouds. Let’s look at how Prosimo architectural components make Cross-Cloud Service Connect possible.

Cross-Cloud Service Connect links cloud endpoints without heavy infrastructure.

Apps and Services are Core to Prosimo Architecture

Prosimo’s architecture addresses Cross-Cloud connectivity at the service layer by making Apps / Services primary entities. From the moment you provide cloud credentials, the architecture begins to discover applications and services in your cloud and allows onboarding of these Apps onto the Prosimo fabric. The architecture automatically abstracts these endpoints into service core entities using concepts of reference indirection.

Then Prosimo will build connectivity between these service entities based on connectivity requirements of service using underlying cloud-native or custom Prosimo constructs. One architecture enables secure and seamless connectivity between Apps, services, and networks.

Extending Cloud Native Services across clouds

Hyperscalers provide tool sets such as private link endpoints, within their respective cloud ecosystems to solve the service layer connectivity. However, these capabilities are often limited to within a cloud region or a single cloud. In addition, other hyperscalers may or may not have similar tools to connect Apps. Prosimo provides a service core fabric that allows customers to stitch the Apps using cloud-native constructs and tools across clouds.

Optimal private/public Cross-Cloud path selection

Prosimo achieves this by allowing customers to choose between private paths laid out by providers like Equinix, Megaport, and public cloud backbone paths. Prosimo solution can be programmed to pick performance and cost-optimized paths for App-to-App connectivity across clouds.

Visibility

Prosimo platform provides near real-time visibility of the traffic patterns for the onboarded services, giving instant insights into the traffic patterns, network health, consumption, top talkers, etc. Deep insights into traffic patterns between services allow the platform to provide operations teams with enough data around consumption costs across services and enable them to charge back to their internal teams.

Privacy and Compliance

Many enterprises have stringent privacy and compliance demands when interacting with other cloud applications, especially when they span different environments. In such cases, routing traffic over public circuits, like the Internet, might not be desirable. In addition, compliance regulations might dictate that no application in a particular geographical location can access a specific service or that read-only permissions are allowed while write permissions are prohibited. Prosimo provides flexibility to choose Cross-Cloud paths and a robust policy framework for customers to achieve the desired level of privacy and compliance.

Cost-effective infrastructure footprint

Prosimo architecture uses modern microservices-based concepts and can scale horizontally based on load requirements.  Enterprises can also schedule pre-scaling of their infrastructure if they feel comfortable. Cross-cloud service connect focuses on connecting endpoints across multiple clouds without bringing in a heavy infrastructure.

Learn more

Check out more information on Prosimo’s Cross-Cloud Service Connect here.