Bumblebee Global Private Link connects applications securely, privately and with cloud scale no matter where they are. Internet connectivity is all you need. It's easy, fast and secure. No network routing involved.
1. How does Global Private Link compare to AWS PrivateLink?
Private link, first developed by AWS by the name of AWS PrivateLink, is a new type of connectivity model designed to connecting private applications. It is easy to use because it does connectivity without using routing and VPN gateways. Private link service is in sync with the zero-trust model movement as it is by design a zero-trust solution: application consumers can only reach the designated application and nothing else, no possibility of lateral movement. Private Link Service gained fast adoptions and since then Azure, Google and other cloud providers all have all released their version of private link service.
Bumblebee Global Private Link takes the private link service concept to the next level. It expands the private link functionalities and user experience to cross regions, multi-cloud, on-prem and individual users. It provides packet encryption and cloud scale high performance, unlike the VPN gateway of 2Gbps throughput. In addition, it supports regional failover and bring your own PKI enterprise capabilities.
Below is a table of comparisons to other cloud provider's private link services.
Functions | AWS Private Link | Azure Private Link | Global Private Link |
Ease of use | yes | yes | yes |
Request & approval workflow | yes | yes | yes |
Same cloud region | yes | yes | yes |
Performance | Cloud scale | Cloud scale | Cloud scale |
Tenancy | multi-tenants | multi-tenants | multi-tenants |
Visibility & troubleshooting | no | no | yes |
Cross regions | no | no (not cross tenants) | yes |
Multi cloud | no | no | yes |
Encryption | no | no | yes |
On-prem support | no | no | yes |
Region failover | no | no | yes |
End user agent | no | no | yes |
Protocol | TCP | TCP & UDP | All IP |
2. How does Global Private Link compare to cloud gateway based networking?
Dimensions | Key Points | Cloud gateway based solution | Global Private Link |
Operations | Managing gateways | yes | no |
Additional infra | controller instance | SaaS | |
Redundancy | active/standby | active/active | |
Performance | 1.5Gbps | Unlimited | |
Overlapping network address | configure SNAT/DNAT | built-in support | |
Security | Provider control | no | yes |
Tunneling protocol | IPSec | TLS1.3 | |
Public IPs | yes | no | |
Network segmentation | additional policy | built-in support |
3. How does Global Private Link compare to on-prem Site-to-site VPN?
The key difference is ease of use and performance. Standard software based IPSec VPN has a limited throughput of 1.5Gbps. This is because IPSec is a tunneling protocol and as such at the receiving end only one CPU core can be leveraged to process the IPSec tunnel no matter how many cores the CPU has.
Dimensions | Key points | IPSec solution | Global Private Link |
Operations | Managing connections | At CLI configuration level, difficult to delete | At partner level, easy to add or delete |
Configuration change on one end | Lead to change on the other end | No change on the other end | |
Vulnerability patching & upgrade | Restart the device | Automatic and hitless | |
Skills to operate & troubleshoot | Network experts (IPSec, NAT & routing) | Sys Admin level (IP & DNS) | |
Performance | 1.5Gbps | scale to many Gbps | |
Redundancy | active/standby | active/active | |
Scalability | single device | cluster of VMs or devices | |
Automation | difficult | python SDK | |
Deployment | Co-exists with existing solution | N/A | yes |
Potential disruption to networks | Yes (routing effects) | No (not a router) | |
Onboarding agility | Multi meetings and negotiations | self-service | |
Overlapping network addresses | configure SNAT and DNAT | built-in support | |
Form factor | VMs and hardware devices | VMs and hardware devices | |
Connectivity type | network to network | network to apps | |
Additional infra | controller or orchestrator | SaaS | |
Security | Provider control | No | Approval, suspend & resume |
Network segmentation | Additional policy configurations | Built-in zero trust policy | |
Tunneling protocol | IPSec | TLS1.3 | |
Encryption | it depends | AES-256-GCM | |
Firewall rules | Requires inbound & outbound ports open | Requires outbound ports open | |
Public IPs | may need public IP | no public IP |