Going from physical servers to cloud

We are a small business looking to move away from physical server devices and into the cloud so that we can accomplish two things:

1. Ability to scale and deploy virtual cloud servers at any given time.
2. Move away from the datacenter/current provider to a more reputable and recognized brand name (Softlayer, Rackspace, etc).

However, to accomplish this is a bit difficult for us as we have a few requirements:

-We announce and utilize our own ipv4 space which we want to continue doing after migrating to a cloud provider.
-We use Akamai/Prolexic for mitigating DDOS traffic via GRE tunnels setup on our router - we require this when moving to cloud as well.
-We use other DDOS defense appliances of which we must be able to utilize in a cloud too (perhaps some sort of custom cloud setup that uses some of our appliances).

I do not know what to look for when making such a switch. Can someone recommend to me what the best network setup would be in order to achieve these goals? And what company would best be able to help me accomplish this?
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Shalom CarmelCTOCommented:
Those are very tough requirements. I seriously doubt whether you will be able to address them in a cloud environment, especially when you say "must" and "require". Your requirements go against the definitions of cloud computing, which are resource sharing and virtualization.

You must talk to Rackspace / Softlayer solution architects to check what are your option regarding each problem, and I will give you a non-authoritative answer according to the best of my knowledge.

* Keeping your address space has 2 parts: assigning the address space to a cloud provider management is relatively easy though can be bureaucratically painful. Keeping it exclusively for your usage will be tough, if possible at all.

* Your cloud provider probably has something like Prolexic already in place to protect their network, you will not be able to keep your private contract with Prolexic, as you do not have BGP control when in the cloud.

* If your other solutions have cloud alternatives or virtual appliances that can run in the cloud, then all you have is a licensing issue that can be solved.

My recommendation to you is to stop looking at the technologies you have as requirements, and instead look at the problems they solve and find fresh solutions.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
btanExec ConsultantCommented:
if you are staying with Akamai, AWS will be out . The former do have a larger stake in CDN and DDoS as major lead player. Let say if we stay with Akamai, and chooses such as Azure, I think it is likely to be store your apps and services as images in Azure blob storage and enable the Azure CDN. Instead of GRE, you cann have Akamai take over to front your DNS for any public facing eServies and enforcing Akamai Siteshield back to your original servers in the cloud - Enforced via a identified single entry into your Azure cloud farm hosting those origin services. Internal to the Azure farm will be all your migrate environment with the IPv4 addressing in private LAN setup.

But the above can be managing two services so it is better to stay with one if possible unless high resiliency to even have multiple CDN is to be considered...regardless, Azure itself has the network isolation (e.g. specify an ACL for a specific remote subnet IPv4 address http://azure.microsoft.com/blog/2014/03/28/network-isolation-options-for-machines-in-windows-azure-virtual-networks/), dedicated VPN connection to on-premise and DDOS protection (ext and int). See
Azure provides two ways to connect VNETs: ExpressRoute and VPN. With VPN, there is no boundary on the region, geography or subscription, essentially the tunnel only need Gateway VIPs to see each other. In case you need more bandwidth and lower latency, you
can eventually use ExpressRoute technology to connect up to 100 VNETs (depending on bandwidth) and share circuits between them, even with different subscriptions. Before Premium add-on announced in May 2015, ExpressRoute posed limitations on geographical boundaries: now it is possible not only to connect VNETs in the same geography (US, Europe, etc.) but also across different geographies. For example, you can connect a VNET in West US to a VNET in North Europe.

Azure infrastructure is designed to protect the network from DDOS originating from the Internet and also internally from other tenants VMs, you can read the details in the white-paper below:  http://download.microsoft.com/download/4/3/9/43902EC9-410E-4875-8800-0788BE146A3D/Windows%20Azure%20Network%20Security%20Whitepaper%20-%20FINAL.docx
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Cloud Computing

From novice to tech pro — start learning today.