The cloud consumer gateway (CCG) is a secure network router anchored on the cloud consumer side of a cloud provider connection. The CCG is a hardware or software-based appliance located on the consumer premises that serves as a bridge between local networks and remote cloud-based networks. Optimally, gateway encryption is managed by the cloud consumer and is required by many industry compliance regulations.

Figure 1 - An example of an on-premise cloud consumer gateway connected to a cloud.

In Figure 1, a CCG is established at the cloud consumer side and connected to a virtual private cloud (VPC) on the cloud provider side using encryption. To protect against a loss of connectivity if the consumer gateway fails, a second VPN connection can be established for traffic balancing or failover to a warm standby. If a firewall is in place between the Internet and the consumer gateway, rules must be configured to establish the VPN tunnels.

Related Patterns: