Zum Hauptinhalt springen

Cloud Connection

A Cloud Case Study

Axel.Hinz-IT-Cloud

Project Details

Client

Automotive Major Bank

Category

Financial Industry

Project Year

2021

Introduction

Initial Situation

The transition from a local to a cloud-based proxy prompted a client from the financial industry to create a new concept for the planned cloud connection of their data centre.

Objective

The existing data centre network segmentation architecture must be retained and extended to the cloud environment to ensure consistent security controls and operational integrity. In addition to the typical goals of increased flexibility, better scalability, and efficiency improvements, the customer also wanted to realise data protection and regulation.

Task

Challenges

In addition to AWS, Azure and GCP, there are numerous other clouds that operate with different vendor-specific connections. Direct peering, L2 or L3-based connections, and other options should not be implemented through lots of single solutions, but through a central instance that enables specific connections in each case.

The challenge was to develop a unified concept capable of integrating a wide range of diverse solutions. Differences between PaaS, IaaS, and SaaS models, as well as appropriate encryption methods, had to be carefully considered. Integrating heterogeneous systems such as databases, web front ends, and various software applications presented numerous architectural possibilities.

Key considerations included how subsidiaries should be connected and how end users would consume cloud-based remote access solutions in the future. A central aspect of the design process was determining whether a centralized or decentralized approach would be the most suitable architecture.

In addition, network segmentation requirements and varying regulatory frameworks further increased the complexity of the project. Furthermore, the rapid pace of innovation in cloud technologies required an agile and flexible solution capable of continuously adapting to evolving requirements and technological advancements.

Solution

Concept Based on Functional Building Blocks

In general, a building block-based approach to connectivity enables the integration of different technologies, such as Layer 2 and Layer 3 architectures. Depending on the specific solution requirements, routers, firewalls, and other essential components were combined in various ways to create a flexible and scalable design.

Network segmentation had to be implemented individually to accommodate the characteristics and constraints of the respective technologies. In addition, the existing security framework required adaptation to address the specific requirements of modern cloud environments.

During the initial phase of the project, no fewer than 17 different cloud platforms had to be evaluated and considered within the overall solution design.

Implementation

L2 and L3 Technologies

By leveraging standard Layer 2 and Layer 3 technologies, the majority of cloud environments could be integrated into the overall architecture. However, some cloud platforms required dedicated connectivity solutions, which were implemented using two distinct approaches within the connectivity framework.

To ensure robust security, high-performance routers and firewalls, Intrusion Detection and Prevention Systems (IDPS), and Application Layer Gateways (ALGs) were deployed on the specific requirements and architectural characteristics of each solution.

Encryption and NAT played a critical role, with dedicated implementations tailored to the unique requirements of each connection. In addition, data flows within cloud environments are often structured differently from traditional on premise infrastructures, further increasing complexity and necessitating compromises when integrating on-premise systems into cloud services.

Outcome

Project Success

The dynamic nature and continuous evolution of cloud solutions made a traditional implementation approach impractical. Consequently, agile methodologies were adopted, despite the inherent challenges of applying them to infrastructure-focused projects.

The overall success of the project was achieved through the effective design and implementation of numerous diverse connectivity solutions that met both technical and business requirements.

  • Increased Flexibility
  • Better Scalibility
  • Increased Efficiency
  • Data protection and Regulation

Conclusion & Recommendation

Cloud Strategy

Cloud connections can be implemented in compliance with applicable regulations, including those in the financial industry. However, documentation is more complex than in on-premise environments. A well-defined cloud strategy is essential to establish the required connectivity while maintaining flexibility for future changes.

In addition, regulatory requirements must be continuously reviewed and aligned with evolving cloud environments. Governance therefore requires particularly careful and comprehensive documentation.

Next Case Study

Network Segmentation in the Data Centre

In a time when security and compliance are top priorities, a leading financial sector company faced the challenge of optimising its network segmentation within the data centre…