Provides managed IP (L3) connectivity to on-premises networks. This is commonly implemented using hub&spoke network architectures and a combination of VPNs or private network peerings.

🚧 This building block reference page is a draft.

If you want to be notified when the building block reference page is finished, click here.

A common approach to address on-prem connectivity is applying the Hub & Spoke design. You define a central hub in your cloud platform that actually connects to the On-Premise network. All managed tenants then connect via a Spoke network to this Hub to get access to On-Prem. Setting up the spoke must be done in a scalable way as the number of spokes grows with the number of tenants who need this access. This can be achieved by e.g. integrating the On-Prem connectivity via a Virtual Network Service.

TODO: describe IPAM integration

A key challenge with On-Premise network connections is to make them scale

1. shared vm and vm based NAT system; load balancer inside VPC

   1. cloud foundation maintains NAT

2. multiple shared VPC with VPC peering;

   1. cloud foundation maintains subnets and VPC for customer projects

3. completely isolated VPCs and projects

   1. private service connect/virtual private connect; consume them even if you do not

4. don't do onprem; use internet with API gateway

Related Tools

• GCP Fabric FAST

  On-prem VPN is offered with all 3 setups of the networking stages.

  Learn More
• GCP CFT - Example Foundation

  On-Prem connectivity is provided in 3 different ways for all network setups mentioned above.

  Learn More
• Azure LZ accelerator - ES

  You can choose to deploy the on-premises connectivity using the Virtual WAN or Azure Hub and Spoke. Here we can define a subscription specific to this connectivity appliance.

  Learn More
• Azure LZ Terraform module - ES

  You can connect to your on-premise networks by choosing the matching option and configurations. You have the option of using Virtual WAN and then you are able to make the connection between your on-premises via VPN or Express route. If you deploy the terraform module using Collie's KitBundle functionality, on-premise network functionality will not be deployed automatically.

  Learn More
• Azure CAF Terraform Modules

  You can connect to your on-premise networks by choosing the matching option and configurations. You have the option of using Virtual WAN and then you are able to make the connection between your on-premises via VPN or Express route

  Learn More
• AWS Landing Zone Accelerator

  It provides a TransitGateway in the network config to connect easily to a hub that makes the on-prem connect. As also directConnectGateways can be defined in the network config, everything that is needed to establish an on-prem connection is available.

  Learn More

Did this page help you?