Guest Post: App-to-App Cloud Connectivity Minus a VPN with Kaazing

Sign in to queue


Generic Episode Image

The following is a guest post by Frank Greco, Senior Technology Strategist of Kaazing, which works on accelerating the Web for the Internet of Things.

Free "Enterprise"
In the IT world, the word "enterprise" is bandied about quite often. First, I really have no idea how to bandy about. Let's talk about enterprises instead.

If you do some serious digging, you'll find an enterprise is a collection of related business units with a common goal of profitability. It is an aggregate, dynamic yet unified entity that provides a product or service to benefit customers in return for revenue and profit. You'll probably hear "enterprise" loosely and actually incorrectly used interchangeably with "company" or "business."

Federation of Plan-Its
As most of us are well aware, the success of this type of federation is very dependent on its network of vendors, service providers, partners and even the IT systems of its customers. In other words, most enterprises rely on their supply chain network (tip: instead use "cooperative cloud ecosystem" at your next evening event with tragically hip baristas to get smiling nods of approval). This cooperative ensemble usually includes information management, purchasing, inventory, manufacturing, process-flow, logistics, research/development, distribution and customer service. This is true regardless whether you are a large retailer, a telecom provider, an investment bank or a television network.

This means a spectrum of enterprise applications needs connectivity with other applications and services. Trading systems, real-time inventory, big data analytics, complex event processing, systems monitoring and management, mobile notifications, social media sentiment analysis, et al, increasingly require traversal across multiple organizational boundaries. And today, many of these applications reside in off-premises cloud systems such as Microsoft Azure – outside of the traditional firewall.

A Storm in Any Port
So the success of the "enterprise" now depends on a federation of organizations, integrating multiple external applications over multiple firewalls opening multiple ports (and maintaining friendships with your poker-playing buds in the InfoSec group). It's an environment that clearly demonstrates and reinforces why agility and technology standards are truly useful.

Summarized, an enterprise is in the B2B2B2B2B2B [take a breath] B2B2B2B2B2B business with A2A2A2A2A2A connectivity needs.

Make it Sew
The usual answer for application-to-application (A2A) connectivity is a traditional Virtual Private Network (VPN), which has been around since the mid-90's. VPNs were invented in a time when Google didn't even exist, Microsoft licensed Spyglass as Internet Explorer 1.0, Amazon was called Cadabra, and AltaVista was your Google.

Wow. A lot has changed since then.

Over the past decade, VPNs have done an excellent job of connecting data centers, cloud infrastructures and other large networks. Leading cloud vendors such as Microsoft Azure even offer virtual private clouds (VPC) along with hardware Gateways to create a VPN.

There are clear use cases for traditional VPNs. But there are some significant downsides to traditional and cloud-based VPNs for modern, on-demand A2A communication:

  • The onboarding process can be onerous, especially between external organizations, despite the straightforward technology setup.
  • They typically allow low-level, potentially dangerous access, especially if home computers are used to access corporate assets.
  • VPN Access control usually uses the hard-to-manage, blacklist model.
  • They present huge surface areas with many attack vectors for hackers to exploit.
  • VPN vendor hardware and software are not always interoperable or compatible. A particular VPN architecture may not be suitable across multiple VPN vendors.
  • They are not easy to manage in an agile, constantly changing federated environment.
  • VPNs may require additional infrastructure for mobile devices that experience disconnects, cross-application network connection retries, additional security, etc.
  • Even one VPN can be quite difficult for a business unit to deploy and maintain while also understanding the security issues. In a business-driven cloud services world, this reduces agility for the revenue generators in an enterprise.
  • VPN products typically offer poor user experiences.
  • TCP and Web VPN requirements are not necessarily the same. This drives up costs.
  • Do legacy VPNs really fit in a multi-cloud, on-demand, microservices world?

Certainly feels time for a makeover, doesn't it?

Standard Orbit with Kaazing Webocket Intercloud Connect (KWIC)
The web standards bodies (IETF and W3C) blessed the WebSocket standard back in 2011. And right after those standards came out, we saw simple web push applications with WebSocket replacing Comet/Reverse-AJAX on some websites.  

But note WebSocket is not just a formal, standard API; it is also an application protocol similar to HTTP. It provides on-demand, fat pipe connectivity that's web-friendly. Think about that for a few milliseconds (about the same amount of time it takes a message to flow over a WebSocket across the web).

WebSocket is a full-throttle, TCP-like connection that is web-friendly. It is not just for merely pushing data to a browser.

WebSocket is an excellent foundational substrate to use for agile connectivity for the modern enterprise. This is the basis of KWIC and why it's perfectly suited for today's A2A connectivity. Secure connectivity to any enterprise service on the planet should be as on-demand as simply visiting a web page.  Azure cloud services can now reach back on-premises to access Active Directory (LDAP), SQL Server, real-time infrastructure monitoring, risk management events, enterprise publish/subscribe data, etc. And no VPN installation is required.

The same KWIC instance can provide these services to a collection of applications and users; no unique solutions to manage different services are necessary. KWIC adds specialized software security that cloaks back-end services from unauthorized users without the need for additional hardware. 

This helps CIOs and CISOs sleep well at night.

The Discussion

Add Your 2 Cents