The most common barriers cited for public cloud adoption are security and networking. Typically, a move to public cloud requires different networking and security policies and architectures that are inconsistent with existing on-premises investments. This leads to duplicity in skill sets, multiple copies of security appliances, and multiple physical connections to the cloud. All of these lead to increased cost and complexity.
Today we would like to introduce the Hybrid DMZ Reference Designs for vCloud Air. These designs have been developed to support common security and networking practices that are quite common in traditional data centers and make them available in vCloud Air. Some of our largest and fastest growing vCloud Air customers have already begun to employ these designs to incorporate their existing security tools, simplify user management, manage software licensing, and lower their TCO. The Hybrid DMZ Reference Designs for vCloud Air are a series of recommended architectures to build a new zone in the hybrid cloud where physical cloud connectivity can be shared amongst multiple services, security and other core services can be centralized, and our customers can leverage their existing security and networking best practices. With a Hybrid DMZ, customers can achieve the same levels of network isolation and service aggregation as an on-premises network design, effectively moving the network perimeter to the cloud and allowing IT to maintain control of the security posture of your organization, while allowing application teams to control their own isolated cloud environments.
A simplified overview of a Hybrid DMZ architecture.
A Hybrid DMZ architecture creates an aggregation and isolation point between a customer’s existing vCloud Air deployments, their on-premises IT estate, and the internet. The benefits of this design are many:
- IT and network security teams define and control internet access to and from the cloud environment
- At the same time, application teams have full control over their own Virtual Data Center resources
- Shared core services like Active Directory servers or licensing servers can be aggregated in one central zone, instead of maintaining – and paying for – duplicate instances in each Virtual Data Center
- High-speed Direct Connect lines can be shared amongst multiple vCloud Air Virtual Data Center instances
- Network security and routing amongst multiple services can be easily configured and centrally managed, including support for dynamic routing amongst instances
The Hybrid DMZ Reference Designs for vCloud Air allows customers to achieve a greater level of IT control over service and network isolation while also allowing for more cost-efficient and resource-efficient architectures through the consolidation of networking connections and appliance licenses in a single aggregation point that can be shared across a customer’s multiple vCloud Air services.
VMware can work with you to determine and tailor the right Hybrid DMZ design for your use case and environment. For more information on the Hybrid DMZ designs, visit vcloud.vmware.com.
Ready to get started with the hybrid cloud? Visit vCloud.VMware.com.