Provision Redundant Connectivity Between Private Networks in the Cloud and On-Premises Environments

PostedMarch 21, 2025

UpdatedMarch 22, 2025

ByKevin McCaffrey

Ensuring reliable connectivity between your cloud and on-premises networks is crucial for maintaining continuous operations, especially in multi-cloud environments. Redundant connections minimize the risk of downtime and enhance the reliability for workloads that require high availability.

Best Practices

Establish Redundant Connectivity Between Environments

Implement multiple AWS Direct Connect connections to ensure high availability and fault tolerance between your on-premises network and AWS environments.
Create multiple VPN tunnels for redundancy; if one tunnel fails, traffic can automatically reroute to another, preventing disruptions.
Utilize Direct Connect locations across different geographical areas to minimize potential outages caused by local issues.
Ensure that your architecture spans at least two AWS Regions, which offers cross-region redundancy and helps maintain service continuity during regional outages.
Consider using AWS Marketplace appliances for VPN termination; choose solutions that support high availability, and deploy them in separate Availability Zones to mitigate risks associated with a single point of failure.

Questions to ask your team

Have you established multiple Direct Connect connections or VPN tunnels to ensure there are no single points of failure?
Are there redundant Direct Connect locations configured to enhance availability?
How do you manage and monitor your network connections to ensure they are operating optimally?
Have you planned for redundancy across multiple AWS Regions to mitigate regional failures?
Are there contingency plans in place for rapid failover in the event of a network disruption?
How frequently do you test your network redundancy measures to ensure they work as expected?

Who should be doing this?

Network Architect

Design and implement the overall network topology for cloud and on-premises connectivity.
Evaluate and select appropriate AWS Direct Connect locations for redundancy.
Ensure high availability by deploying multiple VPN tunnels or Direct Connect connections.
Create IP address management plans for public and private IPs across the networks.
Plan and implement domain name resolution strategies between environments.

Cloud Engineer

Deploy and configure AWS Direct Connect and VPN solutions.
Monitor the performance and availability of network connections.
Assist in setting up redundant instances of AWS Marketplace appliances for high availability.
Collaborate with the Network Architect to align with best practices for network topology.
Document network configuration and topology changes.

DevOps Engineer

Integrate continuous monitoring tools to track network reliability and performance.
Automate deployment processes for redundant network connections.
Work closely with the Cloud Engineer and Network Architect to support network configurations.
Implement backup processes for network settings and configurations.

Security Engineer

Ensure that network security measures are in place for all connections between cloud and on-premises environments.
Evaluate security implications of chosen network topologies and redundancy strategies.
Work with the Network Architect to implement secure communication protocols for VPNs.

What evidence shows this is happening in your organization?

Network Topology Diagram: A visual representation of the network design showcasing redundant connectivity between AWS Direct Connect locations, VPN tunnels, and on-premises environments, highlighting multiple routes for high availability.
Redundancy Implementation Plan: A detailed plan outlining steps for provisioning redundant connectivity, including instances of AWS Direct Connect, descriptions of network configurations, and failover strategies in the event of a failure.
Network Connectivity Checklist: A checklist for verifying that redundant connectivity configurations are in place, which includes items like testing VPN connections, ensuring Direct Connect redundancy, and configuring domain name resolution.
Disaster Recovery Strategy: A guide detailing how to maintain network operations during outages, including procedures for switching between multiple Direct Connect connections and VPNs, and verifying service continuity across regions.
High Availability Policy: Documented policies that define the organization’s approach to maintaining high availability for network designs, emphasizing multiple AWS Regions and availability zones to ensure resilience.
Redundant Infrastructure Models: A set of models illustrating various configurations of redundant infrastructure, including AWS and on-premises connectivity, to help teams understand network layouts and redundancy principles.

Cloud Services

AWS

AWS Direct Connect: Provides dedicated network connections from your premises to AWS, allowing for redundant connections between private networks.
AWS VPN: Establishes secure connections from your on-premises network to your AWS VPC, allowing for redundant VPN tunnels.
Amazon Route 53: Managed DNS service that helps with domain name resolution for redundancy and high availability.
Amazon VPC: Enables the creation of private networks in the cloud that can connect with on-premises environments.
AWS Transit Gateway: Simplifies management of network connections between multiple VPCs and on-premises networks for high availability.

Azure

Azure ExpressRoute: Provides a dedicated, private connection to Azure, allowing for increased reliability and redundancy.
Azure VPN Gateway: Allows you to establish secure connections between your on-premises network and your Azure virtual networks.
Azure DNS: Provide thorough domain name resolution services for efficiently managing your DNS infrastructure.
Azure Virtual Network: Create isolated networks in Azure that can connect to on-premises and other Azure networks.

Google Cloud Platform

Cloud Interconnect: Provides dedicated, high-throughput connections to GCP, helping establish redundant connections.
Cloud VPN: Allows you to securely connect your on-premises network to your Google Cloud VPC via IPsec VPN.
Cloud DNS: Offers scalable and reliable high-performance DNS services for domain management and resolution.
VPC Networking: Enables the creation and management of private networks on GCP, supporting hybrid connectivity.

Question: How do you plan your network topology?
Pillar: Reliability (Code: REL)

Operational Excellence

Determine what your priorities are

Structure your organization to support your business outcomes

Organizational culture to support your business outcomes

Implement observability in your workload

Reduce defects, ease remediation, and improve flow into production

Mitigate deployment risks

Be ready to support a workload

Uilize workload observability

Understand the health of your operations

Manage workload and operations events

Evolve your operations

Security

Securely operate your workload

Manage identities for people and machines

Manage permissions for people and machines

Detect and investigate security events

Protect your network resources

Protect your compute resources

Classify your data

Protect your data at rest

Protect your data in transit

Anticipate, respond to, and recover from incidents

Incorporate and validate the security properties of applications throughout the design, development, and deployment lifecycle

Reliability

Manage service quotas and constraints

Plan your network topology

Design your workload service architecture

Design interactions in a distributed system to prevent failures

Design interactions in a distributed system to mitigate or withstand failures

Monitor workload resources

Design your workload to adapt to changes in demand

Implement change

Back up data

Fault isolation to protect your workload

Design your workload to withstand component failures

Test reliability

Plan for disaster recovery (DR)

Cost Optimization

Implement cloud financial management

Govern usage

Monitor your cost and usage

Decommission resources

Evaluate cost when you select services

Meet cost targets when you select resource type, size and number

Use pricing models to reduce cost

Plan for data transfer charges

Manage demand, and supply resources

Evaluate new services

Evaluate the cost of effort

Performance

Select the appropriate cloud resources and architecture patterns for your workload

Select and use compute resources in your workload

Store, manage, and access data in your workload

Select and configure networking resources in your workload

Support more performance efficiency for your workload

Sustainability

Select Regions for your workload

Align cloud resources to your demand

Take advantage of software and architecture patterns to support your sustainability goals

Take advantage of data management policies and patterns to support your sustainability goals

Select and use cloud hardware and services in your architecture to support your sustainability goals

Implement organizational processes support your sustainability goals