Sunday, 4 August 2019, a part of Java experienced an 8 hours power outage, including Jakarta, the capital of Republic of Indonesia. Approximately more than 100 million people were affected by the blackout which occurred in many areas across West Java, Banten and Greater Jakarta.
One of them was a past client of mine, one of Southeast Asia’s leading unicorns who wanted to launch a financial services application in Indonesia. Their entire application and its operation got heavily impacted by the intermittent connectivity loss which messed up multiple systems such as dns, data transfer, among others.
Major reason among others was that they did not have a dedicated and resilient connectivity between their data centers. They were dependent on internet based communication. They needed an ISO 27001 compliant infrastructure with an RTO & RPO of 4 hrs and 15 mins respectively. And not just on papers, it had to be proven with real time DR Drills before they could get certified by the OJK (The Financial Services Authority in Indonesia).
The biggest challenge here was to ensure all the infrastructures and the data were back up within the said benchmarks. That means there has to be real time data replication between multiple sites, which in this case was a DC(Primary Datacenter) and a DRC(Disaster Recovery Center).
Any kind of network based data transfer requires a latency of less than 1 ms. The lower the better. This is a standard benchmark used in almost all kinds of inter communication systems.
This “1 ms ultra low latency” cannot be achieved over the public internet based connections like VPNs. For this you need dedicated peer to peer connections or interconnected physical links a.k.a Private links.
Direct Connect with Private Links:
For peer to peer connectivity and data transmission especially when you are running your services in a hybrid cloud model or if in a DC/DRC setup you need to have direct private links between your clouds or sites. This is also important if you care about integrating with a large number of third party apis.
Another important reason why dedicated links are necessary is for ensuring security of data in transit. In one of my recent projects with a bank, it was necessary to have secured links to connect between the Banks network and the third party network like the Switching gateway and Central Identity Registry of the respective country. Hence we had to provision dedicated peer to peer links between these locations and the Bank’s network.
There must be a reason why even public cloud providers offer private links options right. For instance, AWS PrivateLink or GCP Interconnect. It's because they too have realised that our digital world has expanded beyond a single single, it has grown to multi cloud or hybrid cloud setups.
If you are running your services in a hybrid cloud model or if you are in a DC and DR setup you need to have direct links between your clouds or sites for the below reasons:
👉 Minimum latency, better performance If you have third party connections.
👉 Privacy of data in transit between the sites to avoid man in the middle attacks.
👉 Be the owner of your entry points.
👉 Fault tolerance with dual ISP links so that if one path fails, another is available.
👉 For data replication you need to have a latency < 1 ms between both sites. This can only be achieved through a direct dedicated connection. For example, MPLS, GCP InterConnect, AWS PrivateLink or Alicloud Express Connect etc.
👉 Some people think a site to site vpn is sufficient to connect two locations, that's not enough. Remember VPN over the internet can give you secure connectivity but not the latency.
👉 Other advantages include dns caching, realtime session failover, backup and recovery.
Summary:
A robust infrastructure needs to have secure and seamless connectivity across all systems and services. For seamless connectivity Dedicated Private Links should be used for peer to peer connectivity and data transmission.
If you like this article, I am sure you will find 10-Factor Infrastructure even more useful. It compiles all these tried and tested methodologies, design patterns & best practices into a complete framework for building secure, scalable and resilient modern infrastructure.
Don’t let your best-selling product suffer due to an unstable, vulnerable & mutable infrastructure.
Thanks & Regards
Kamalika Majumder
コメント