Connect Enterprise Networks to the Cloud
Bridging the Gap: How a New Patent Connects Enterprise Networks to the Cloud in 8 Steps 1. The Problem This Patent Addresses in Enterprise Networking Enterprise IT teams often struggle with connecting their private networks to public cloud environments. Traditional enterprise networks—typically built on MPLS‑based VPNs—were never designed with cloud traffic in mind[1]. When a company extends its internal network to a cloud provider’s Virtual Private Cloud (VPC), engineers must configure hardware upgrades, complex VPN tunnels, and new carrier services. For example, linking every branch office directly to an AWS VPC means spinning up separate site‑to‑site VPN tunnels, each capped at roughly 1.25 Gbps of throughput[3]. Multiply that by several branches and cloud regions, and suddenly you’re maintaining a spider web of connections that are costly and fragile. In short, enterprise and cloud networks don’t naturally speak the same language. Patent CN111742524B tackles this mismatch by proposing a scalable, software‑centric way to “stitch” an enterprise VPN to one or many cloud VPCs with far less manual effort. 2. The Core Innovation: Virtual Routing Application and Controller Approach The patent’s secret sauce is a pair of components: a Virtual Routing Application (VRA) and a VRA Controller. Think of a VRA as a software router—a virtual machine or container that lives inside a cloud VPC. It acts as an on‑demand gateway into the enterprise network. Meanwhile, the VRA Controller (running in the enterprise WAN) is mission control: it deploys VRAs, sets up secure tunnels, and programs their routing tables[2]. The magic lies in automation. Instead of hand‑crafting individual VPNs, the controller spins up VRAs wherever the business launches workloads and instantly extends the private WAN into that VPC. Together, the controller and its fleet of VRAs stitch disparate networks into one logical fabric, dynamically choosing the best path—direct fiber, leased line, or encrypted internet tunnel—to move data between office and cloud. 3. Main Components of the System Component Role in the System Enterprise VPN Network The company’s existing MPLS or SD‑WAN backbone connecting offices and data centers. Virtual Routing Application (VRA) Software router deployed inside each cloud VPC (and optionally on‑prem) that bridges cloud and enterprise traffic. VRA Controller Central control plane that launches VRAs, builds secure tunnels, and pushes route updates. Cloud VPC The isolated network inside a public cloud where the enterprise hosts apps and data. Secure Tunnels & Paths IPsec VPNs or dedicated links carrying encrypted traffic between enterprise sites and VRAs. 4. How the System Works (Step‑by‑Step) Enterprise VPN (MPLS) VRA Controller Cloud VPC VRA Simplified architecture: the VRA Controller in the enterprise VPN builds secure tunnels to VRAs inside cloud VPCs, letting office traffic reach cloud apps transparently. Step 1 – Deployment: Launch a VRA inside each cloud VPC and enable a controller in the enterprise core. Step 2 – Secure Connectivity: The controller forms encrypted IPsec tunnels—or uses direct lines—between the enterprise and each VRA[4]. Step 3 – Routing Setup: It then programs routes so cloud subnets look like local sites and vice‑versa. Step 4 – Seamless Integration: Branch traffic automatically selects the optimal tunnel to the closest VRA, bypassing cloud‑provider VPN gateways[5]. Step 5 – Ongoing Control: The controller monitors links, re‑routes on failure, and spins up new VRAs in minutes whenever business units deploy new VPCs. The result is one cohesive network stretching from branch routers to cloud workloads.