When do you use private connectivity versus the public internet when going to the cloud? That question is still top of mind for many IT professionals who are using one or more clouds to serve internal users or external customers and partners.
You need to consider both security and performance when moving data and workloads between cloud services and the people and applications that require them. Let’s look at how private and public connectivity models address both of these requirements.
Private connectivity vs. the public internet: How much security do you want?
Private connectivity provides dedicated, direct and secure connections between parties, such as between a business and a network and/or cloud provider. Private connections are typically achieved over physical cross connects between systems. However, today’s modern networks enable private connectivity via multiple virtual connections using virtual network devices such as SD-WAN gateways or virtual private networks (VPNs) that allow multiple individuals, such as a company’s employees, to privately access corporate networks. These networks provide dedicated secure connections that cannot be accessed by a third party without authorization. Companies that need to protect financial transactions, private personal data or high-value assets typically require private connectivity to keep them safe from bad actors and to comply with local data protection and privacy regulations.
Secure connectivity over the public internet cannot always be ensured and private information could be compromised. Many internet sites are not secure and are easy targets and secure HTTPS internet connections are not a guarantee for complete privacy. For example, they can be hit by a “man-in-the-middle” attack, where vital data is intercepted by intruders using a technique to interject themselves into the communication process.
Many companies may have started off using the public internet to access cloud services and store data for business use since it was easy and inexpensive, but soon learned that it was not a 100% safe bet. This caused businesses to reevaluate how they connected to the cloud and the types of data and workloads they sent over those connections.
Private connectivity vs. the public internet: How much performance do you need?
Many cloud-based applications are “latency-sensitive,” which means that any delays in the network can cause performance issues, such as pauses in online gaming or jitter in video conferencing. These are examples of annoying performance issues but there are many more critical latency-sensitive, cloud-based applications to consider, such as identifying fraudulent credit card activity or sending life-threatening vital signs from a patient to a healthcare provider. For these types of applications, proximate high-speed, low-latency connectivity is required between cloud providers and users’ applications. By closing the distance between your IT infrastructure and cloud providers, applications and services will perform faster for your users.
Private connectivity that bypasses the public internet allows organizations to control the distance between cloud on-ramps and users by reducing the number of internet traffic exchange points (“hops”). For example, because there are over 1,800 networks and 3,000 cloud and IT services worldwide on Platform Equinix®, businesses can connect to a network and/or cloud provider within the same Equinix International Business Exchange™ (IBX®) data center with under 1 millisecond (ms) of latency. And redundant private connections to networks and clouds prevent a single point of failure, ensuring that data and workload traffic gets to where it needs to be.
Connectivity via the public internet cannot consistently deliver this low-latency due to the fact that many cloud on-ramps are located in a different metro area or even a different country from where the users reside. This means that the internet traffic is going through multiple hops, causing the delays that result in poor performance. In addition, since internet traffic is being exchanged between different peering network and internet providers, any failures with those providers could result in data or workload traffic getting lost and not reaching its destination.
Many IT organizations have a strategy where they split traffic between the public internet and private connectivity due to the latency-sensitive nature of the traffic or they do not want to consume valuable public internet bandwidth. For example, a university had 10 gigabytes of data running on their public internet connection, five of which were being used solely by a popular streaming service. They connected to the Equinix Internet Exchange in the same IBX data center where the streaming service also happened to be and set up a private, peering connection with them. This moved the high-volume streaming service traffic off their public internet connection and onto a private high-speed, low-latency connection — freeing up their public interconnect bandwidth for other, less latency-sensitive applications.
How Equinix delivers both private and public internet connectivity
Equinix offers multiple private and public internet connectivity options, starting with Equinix Fabric™ software-defined interconnection. Equinix Fabric connects businesses’ IT infrastructure to leading service providers globally, providing dedicated, secure and redundant interconnectivity with all the major cloud providers’ on-ramps on Platform Equinix. This means that if your users are distributed across edge locations near Los Angeles, Seattle or Atlanta metros, then their cloud services are being securely and reliably delivered with single-digit latency.
In addition, with more than 230 Equinix IBX data centers around the world, if a cloud service is not available in the same metro as your users, such as many locations in Europe, LATAM and Asia-Pacific, then you can connect to the nearest metro where that service resides via Equinix Fabric and receive a consistent high-quality user experience.
Companies can also interconnect their IT infrastructures via reliable, redundant connections using Equinix Fabric in different IBX data centers globally across Platform Equinix and deliver consistent performance and security worldwide.
Edge virtual network services
Equinix also enables the deployment of virtual network services via Network Edge without requiring IT infrastructure within a specific IBX data center. Virtual network devices such as SD-WAN gateways, VPNs, firewalls and virtual cloud routers from leading providers can be deployed remotely to connect to cloud services via Network Edge without additional hardware.
Public internet connectivity
Equinix Internet Exchange enables public internet peering to exchange traffic between network, internet, cloud and content providers through the largest global peering solution across more than 35 markets. It also provides internet traffic exchange between those providers and large organizations, such as in the university example above.
As the blog article “How to Solve for Peering Progression” explains, there are three ways organizations make that happen: IP transit, public peering and private peering. Again, you would choose which one of these methods to use based on the level of security you require—from the most open where anything can be shared to the greatest level of security, where only authorized users can gain access to that traffic.
Organizations on Platform Equinix can also choose to privately connect their IT infrastructure to internet providers via Equinix Connect, along with the Equinix Internet Exchange. This gives them secure, high-performance, low-latency connectivity between their IT services and users over the public internet.
Delivering private and public internet connectivity globally
As the world’s digital infrastructure company™, thousands of businesses choose Equinix to connect to the cloud because of its global reach, dense service provider ecosystems, and private interconnection and Network Edge services. How do you want to connect to the cloud?