top of page
Writer's pictureSherry Wei

Bumblebee Global Private Link

Updated: Jul 12

Bumblebee Global Private Link connects applications securely, privately and with cloud scale no matter where they are. Internet connectivity is all you need. It's easy, fast and secure. No network routing involved.



Bumblebee Global Private Link
Bumblebee Global Private Link


1. How does Global Private Link compare to AWS PrivateLink?


Private link, first developed by AWS by the name of AWS PrivateLink, is a new type of connectivity model designed to connecting private applications. It is easy to use because it does connectivity without using routing and VPN gateways. Private link service is in sync with the zero-trust model movement as it is by design a zero-trust solution: application consumers can only reach the designated application and nothing else, no possibility of lateral movement. Private Link Service gained fast adoptions and since then Azure, Google and other cloud providers all have all released their version of private link service.


Bumblebee Global Private Link takes the private link service concept to the next level. It expands the private link functionalities and user experience to cross regions, multi-cloud, on-prem and individual users. It provides packet encryption and cloud scale high performance, unlike the VPN gateway of 2Gbps throughput. In addition, it supports regional failover and bring your own PKI enterprise capabilities.


Below is a table of comparisons to other cloud provider's private link services.


 

Functions

AWS Private Link

Azure  Private Link

Global Private Link

Ease of use 

yes

yes

yes

Request & approval workflow

yes

yes

yes

Same cloud region

yes

yes

yes

Performance

Cloud scale

Cloud scale

Cloud scale

Tenancy

multi-tenants

multi-tenants

multi-tenants

Visibility & troubleshooting

no

no

yes

Cross regions

no

no (not cross tenants)

yes

Multi cloud

no

no

yes

Encryption

no

no

yes

On-prem support

no

no

yes

Region failover

no

no

yes

End user agent

no

no

yes

Protocol

TCP

TCP & UDP

All IP


2. How does Global Private Link compare to cloud gateway based networking?



Dimensions

Key Points

Cloud gateway based solution

Global Private Link

Operations

Managing gateways

yes

no


Additional infra

controller instance

SaaS


Redundancy

active/standby

active/active


Performance

1.5Gbps

Unlimited


Overlapping network address

configure SNAT/DNAT

built-in support

Security

Provider control

no

yes


Tunneling protocol

IPSec

TLS1.3


Public IPs

yes

no


Network segmentation

additional policy

built-in support



3. How does Global Private Link compare to on-prem Site-to-site VPN?


The key difference is ease of use and performance. Standard software based IPSec VPN has a limited throughput of 1.5Gbps. This is because IPSec is a tunneling protocol and as such at the receiving end only one CPU core can be leveraged to process the IPSec tunnel no matter how many cores the CPU has.



Dimensions

Key points

IPSec solution

Global Private Link

Operations

Managing connections

At CLI configuration level, difficult to delete

At partner level, easy to add or delete


Configuration change on one end

Lead to change on the other end

No change on the other end


Vulnerability patching & upgrade

Restart the device

Automatic and hitless


Skills to operate & troubleshoot

Network experts (IPSec, NAT & routing)

Sys Admin level (IP & DNS)


Performance

1.5Gbps

scale to many Gbps


Redundancy

active/standby

active/active


Scalability

single device

cluster of VMs or devices


Automation

difficult

python SDK

Deployment

Co-exists with existing solution

N/A

yes


Potential disruption to networks

Yes (routing effects)

No (not a router)


Onboarding agility

Multi meetings and negotiations

self-service


Overlapping network addresses

configure SNAT and DNAT

built-in support


Form factor

VMs and hardware devices

VMs and hardware devices


Connectivity type

network to network

network to apps


Additional infra

controller or orchestrator

SaaS

Security

Provider control

No

Approval, suspend & resume


Network segmentation

Additional policy configurations

Built-in zero trust policy


Tunneling protocol

IPSec

TLS1.3


Encryption

it depends

AES-256-GCM


Firewall rules

Requires inbound & outbound ports open

Requires outbound ports open


Public IPs

may need public IP

no public IP


 

 


168 views0 comments

Comments


bottom of page