Since you can't change the design you may not be able to put some kind of overlay solution in place, which is just a fancy way of saying a VPN solution. What if you look at it in a different way and put some kind of endpoint security cloud solution like Illumio. But if you at least had the freedom to put something like this: http://www.sproute.com/span in place or 20 other similar solutions. As in you do VPN, but right from the cloud instance itself or another instance. There is also a set of various solutions that do specialized metadata like Cilium, but they get into container networking and that is definitely application redesign. On Thu, May 4, 2017 at 1:08 PM, Torres, Matt <matt.torres@state.or.us> wrote:
Unfortunately, a private connection or VPN to the cloud service provider is not available right now, but I can see how that could help solve my problem. :-) ~Matt
Is it possible for you to get a private/direct connect service from your network perimeter to the cloud provider and eliminate using the public connectivity?
Or because its Internet-based you have to use public connectivity?