No Site VPN for Cloud Data Centers
A site to site VPN is the standard solution for connecting several physical data center locations. Going to the Cloud, the first idea that comes to mind is to also connect the Cloud "data center" with a site VPN to the existing physical data centers. All Cloud providers offer such a feature. But is such a VPN infrastructure also a "good idea"? Will it help us or hinder us in the future? I actually believe that for having many data centers a site VPN infrastructure is a dangerous tool. On the good side it is very convenient to have and to set up and it simplifies a lot of things. On the other side it is also very easy to build a world-wide mesh of dependencies where a VPN failure can severly inhibit data center operations or even take down services. It also lures everybody into creating undocumented backend connection between services. The core problem is in my opinion one of scale. Having a small number (3 to 5) of locations is fundamentally different from h