Enterprise Cloud: Connectivity Options



    According to Gartner, cloud technology is becoming increasingly popular. If in 2012 the market share of IaaS was $ 6.1 billion, then in 2015 this figure grew to $ 16 billion. Moreover, the growth rate of the popularity of IaaS is not decreasing .

    IaaS allows you to solve many problems, providing flexibility and scalability, and covers the needs of a wide variety of clients. Turning to IaaS, you get a cost-effective solution (compared to traditional infrastructures) with the ability to provide resources on demand and a single management system.

    Today, more and more companies are moving their infrastructure to the cloud. This approach is economically justified, profitable and convenient. One point that may raise questions is choosing the right one.connection method . The following solutions are usually used to connect to cloud services: RDP client, RemoteApp, web access, Remote access VPN, VPN site-to-site, DirectAccess, VDI.

    An RDP client or remote desktop connection is one of the most convenient and versatile tools that provide access to a workstation deployed in the cloud. It is based on the proprietary RDP (Remote Desktop Protocol) protocol - it is it that provides the user with remote access to a computer running the terminal access service. The user through the RDP client connects to the terminal server and sees the desktop of the remote system.

    Within the framework of the established session, it can run applications deployed on the terminal server. The security of this connection is guaranteed by the Remote Desktop Gateway, which uses RDP over the HTTPS protocol, providing a strong encryption method. Today, there are clients for almost all operating systems of the Windows, Linux, FreeBSD, Mac OS X, iOS, Android, Symbian families.

    RemoteApp is a variation of the above option. However, in this case, the user only sees the running remote application. This option will be useful if you need to restrict access to specific applications, or when the user wants to combine work on the local machine using some kind of cloud application. In this case, the launched remote terminal services applications will look as if they were running on the user's system.

    Access to certain applications and desktops in the cloud can be arranged using a browser. The user launches a browser, enters the required address, logs in, and is already working with the application or remote desktop.

    Another convenient, safe and quite often used tool for connecting to cloud resources is Remote access VPN. In this case, a secure tunnel is organized between the application on the client’s computer and, for example, the VPN concentrator or router located in the cloud of the hosting provider.

    To connect to a remote resource, the user launches the VPN shortcut and, with successful authentication, gains access to the desired resources. Thus, the user's computer enters the network of the virtual remote office in the cloud and can use the resources as if it were located directly in the company’s office.



    However, this scenario is also possible: company employees from their non-cloud infrastructure need to connect to a resource in the cloud. To do this, there is a Site-to-site VPN, which implies the presence of two devices between which a tunnel forms.

    In this case, the users are “behind the devices”, so there is no need to install special software on their computers.



    For example, here VPN Server 1 establishes a VPN connection with the VPN Server 2 server, after which the user sees the contents of the requested resource. On the client side, there is no need to create an outgoing VPN connection.

    In addition to the usual VPN implementations that can be used to remotely connect to the cloud, there is another technology - this is DirectAccess. In this case, as soon as the user's computer connects to the Internet, he immediately gets access to the Internet resources, and to the entire corporate network. That is, a user computer configured as a DirectAccess client automatically builds a reliable tunnel to the DirectAccess server and gains access through it. In this case, the user does not need any additional actions.

    Another way is virtual desktop infrastructure (VDI). It is implemented on many cloud platforms of corporate IaaS providers. This technology allows you to centralize user workstations on virtualization servers, while creating a single point of management, deployment and maintenance. In the provider's cloud, a server with a hypervisor is allocated, on which individual VMs are deployed. The user starts the client and connects to the infrastructure.

    This type of connection, at first glance, is not much different from an RDP connection. But what is the difference? In the case of an RDP connection to a terminal server, this is a separate session on a shared Windows server. In the case of VDI, it is a separate isolated container with a client operating system.

    As we mentioned above, an increasing number of companies are starting to work with the cloud. A larger number ... but not all. Why is the cloud so scary for business? One reason is the issue of privacy. There is nothing to worry about, and to sleep calmer you just need to understand the modern nuances of working with information. Cloud protection is basically no different from a traditional data center. Often, even the use of familiar security tools is possible. In particular, IaaS allows you to implement any protection mechanisms and obtain the required level of confidentiality.

    The second popular misconception is that, supposedly, these new technologies are still raw and are not suitable for serious work. Cloud infrastructure is built on proven technology. For example, IaaS relies almost entirely on virtualization systems like VMware vSphere. Such products have been improved for over ten years and can already be considered a reliable solution that can increase the flexibility of the server infrastructure.



    The figure above shows a brief evolution of VMware products - from the first virtualization systems to integrated solutions for corporations and commercial data centers. All solutions are based on technology with more than 10 years of history - the ESXi hypervisor.

    According to researchGartner agencies, one of the popular myths about cloud computing is their inapplicability to business-critical applications. “Our application is too big and important for the cloud”, - such a phrase can be heard quite often. Cloud technologies are built on virtualization systems, so if the application can be run on a virtual server, then there should be no difficulties with the cloud.

    As a real example of the work of "large" applications in a virtual and cloud environment, you can bring the product SAP HANA. SAP has long established itself as a leading global manufacturer of automated process control systems. HANA is a high-performance DBMS for demanding applications. All user database information is stored in the server’s RAM and is available for query with minimal latency. Manufacturerconfirmed the full functionality of this platform in the VMware virtual environment.

    The issue of data migration is most acute when moving the entire server infrastructure somewhere. We will not argue that everything is easy and simple, but if in the past you have already encountered this, then you can assume that most of the difficulties have passed. However, one of the questions is still quite relevant: “How many resources do you need to allocate for a terminal server, if you decide to deploy it on a remote site of a hosting provider?”

    Since the exact calculation of resources for a terminal server is still complicated, we suggest considering methods that will help to do it.

    Piloting is perhaps the simplest method used in practice when a test virtual machine is deployed in the cloud, playing the role of a terminal server. The load on the server is gradually increasing, but at the same time, the resources used are monitored and performance indicators for different time periods are compared. Based on the data collected, conclusions are drawn.

    Extrapolation to user system - this method is based on data received from the system used by one user. Performance aspects such as memory, processor, disk space, network are evaluated. In the future, it is they that are used to calculate capacities in a multi-user environment.

    Modeling - this method is based on indicators already collected in the framework of the script. A test server is also highlighted here, and using special tools, various levels of load are simulated to determine the capabilities of the server.

    The latter method is one of the methods that accurately assess the potential of the system. For it to work, you first need to determine a clear sequence of user actions, as well as understand how they use data (documents, files, media content, and so on).

    For example, user reviews and monitoring of their activity help to cope with the task. Further, after the deployment of the test environment, the testing itself is carried out - the essence of this step is to form a load on the server and determine the viability of the system. A performance test is run here to determine the maximum number of users that the terminal server can handle.

    At this stage, automation tools are used, with the help of which instances of applications that simulate the work of several users are simultaneously launched. One of the popular "simulation" tools is the AutoIT scripting language. Using scripts, you can simulate user input from the mouse and keyboard, work with the network, registry and clipboard, and much more.

    WinBatch and AutoIT scripts make it possible to automate applications, including those that do not support command line options. After modeling, it remains only to analyze the results obtained and determine the acceptable load on the system. According to the results obtained, it is determined whether additional resources need to be increased, or whether they are enough for correct operation.

    As you can see, there are various methods and tools with which the necessary resources are calculated when deploying a terminal server in the cloud of an IaaS provider. The main thing that remains is the correct use of all the considered methods.

    PS Our materials on a subject on Habré:


    Also popular now: