Cloud Provider Interconnect

Cloud Provider Interconnect (CPI) is a CDT managed statewide solution that provides customers with secure direct connectivity from the CDT Data Centers to Cloud Service Providers (CSPs) such as Microsoft Azure, Amazon Web Services (AWS), Google Cloud Platform (GCP), and Oracle Cloud Infrastructure (OCI).

The CPI service allows customers the ability to isolate their cloud connections from existing internet traffic through direct connections to CSPs. This reduces potential security exposures of the Internet and provides access to existing CDT security features. The CPI service provides secure, reliable connectivity with extreme flexibility, and grants customers the ability to: enable multi-cloud solutions, connect to multiple cloud service providers in multiple regions, and increase or decrease bandwidth as needed to support the changing demands of their cloud services.

NOTE: Although not required, CPI is recommended when confidential and/or sensitive data will be transferred.

Benefits

CPI allows customers to bypass the public Internet, providing a private and secure network experience.
Customers gain access to CSP services with more reliability, faster speeds, and lower latencies than typical Internet connections.
Available to any customer with network connectivity to CDT’s State Data Centers.

CPI leverages Service Level Agreements (SLAs) with the associated circuits, hardware and CSP connections to deliver an enterprise solution for the State of California.
Redundant and diverse interconnectivity paths to and from CSP cloud environments and CDT resources for high reliability.

Seamless, automated provisioning using integrated capabilities enables CDT and its customers to set up virtual connectivity and CSP services quickly.
Superior data privacy and security.

For a monthly per-connection subscription fee, customers gain private connectivity to one or more CSPs, including Microsoft Azure, Amazon Web Services, Google Cloud Platform, and Oracle Cloud Infrastructure.

Private connectivity – CPI allows customers to take their traffic off the public Internet
Redundant Equinix Cloud Exchange (ECX) ports and CSP connectivity for higher reliability
Wide Area Network (WAN) vendor-agnostic – any customer site(s) connected to CGEN (single vendor or multiple vendors) can utilize the service
Unlimited CPI data transfer (CSP charges for data transfer are separate)
DR/OR services are available
Ease of provisioning using integrated capabilities enables CDT and its customers to set up virtual connectivity quickly
24 x 7 x 365 CDT Service Desk support for Network connectivity
Service Level Agreements (SLAs) for the associated circuits, hardware, and CSP connections offer more reliability and performance than Internet connectivity
Multiple CSP Region availability

Security

Cloud security is a joint effort between the customer, CSPs, and CDT. CPI was developed with security in mind – allowing customers to securely and reliably take advantage of the benefits of cloud computing.

The CPI Service offers the following security features:

Part of the CDT Statewide Security Perimeter
Private connectivity – CPI allows customers to take their traffic off the public Internet and isolate cloud traffic from other traffic
Encryption (optional) – Customers or CDT can encrypt from specific network point(s) to the CSP
SLA’s
Distributed Denial of Service (DDoS) mitigation for CDT ISP customers

Note: Customers are responsible for the security of their content, platforms, applications, and systems within the CSP environment.

Topology

CPI Overview

Stage	CDT	Customer	CSP
Planning	Participate in design meetings to determine customer requirements and appropriate solutions.	Actively engage with CDT and CSP to collaboratively determine the best network connectivity option. Consider access mechanisms, security, integration, application architecture, disaster recovery, bandwidth needs, and customer specific requirements.	Provide information related to establishing private connectivity.
Provisioning	Turn up and test logical connections. Document connectivity.	Provide CDT with any CSP or customer side of network information required to provision private connectivity (subscription, IPs, etc…). Secure content, platform, applications, and systems within the cloud.	Provide portal with Application Program Interface (API) allowing private connectivity.
Support	24 x 7 x 365 CDT Service Desk support for network connectivity. Collaborate with customer and vendor partners for CPI trouble resolution. Plan and augment capacity as needed.	Monitor Customer CSP environment. Collaborate with CSP for trouble resolution.	Contingent on CSP and Customer selected service plans. Consult your CSP for further information.

CSP Availability Matrix

Cloud Provider	San Jose Region	Seattle Region	All Speeds Available	Government	Commercial	Dedicated Available
Azure	X	X	X	X	X	X
AWS	X	X	X	X	X	X
Google*	X	X	X		X	X
Oracle	X			X

*Google does not have a separate Gov Cloud, work with provider for Fed Ramp availability.

CSP Connection Options

MS Azure Express Route (PDF)

AWS Direct Connect (PDF)

GCP Interconnect (PDF)

OCI FastConnect (PDF)

What is CDT Cloud Provider Interconnect (CPI)?

CPI is a CDT managed statewide solution that provides flexible and secure physical and logical connections between a customer’s network and select Cloud Service Providers (CSPs).

How does CPI work?

CPI extends a customer’s network (via CGEN) to the compute resources at select CSPs, providing customers with an efficient and highly-secure way to utilize their cloud services.

What connectivity is required to access the Cloud Provider Interconnect (CPI) Service?

The CPI service is available to any customer with network connectivity to CDT’s Statewide Data Centers.

What is the difference between Cloud Provider Interconnect (CPI), Azure Express Route, AWS Direct Connect, Google Interconnect, and Oracle Fast Connect?

Cloud Provider Interconnect (CPI) is a CDT service that provides flexible and secure physical and logical connections between a customer’s network and the selected Cloud Service Provider (CSP). Azure Express Route, AWS Direct Connect, Google Interconnect, and Oracle Fast Connect — While CPI establishes the direct physical connectivity to the CSP, CSPs require a separate subscription to utilize this connectivity for logical data transfer. Microsoft Azure Express Route, Amazon Web Services (AWS) Direct Connect, Google Interconnect, and Oracle Fast Connect are the respective brand names for this direct connection subscription service. Note: CSPs charge customers based on measured data transfer (egress) from their cloud computing environments. Please consult your CSP of choice for further information.

How is CPI billed?

CPI is predictable with flat rate billing based on subscribed bandwidth. CPI is billed per connection (primary and backup included) to a particular CSP (on a peering path basis). CPI is offered at multiple speed tiers with unlimited data transfer.

Note: Other CSP charges may apply. CSPs may charge monthly to enable a private connection, CSP may charge for ingress or egress data transfer (connecting via CPI vs. public Internet may result in lower data transfer costs). Rates for Measured Services vary among CSPs and are billed directly by CSPs to the customer. Other CSP specific requirements may need to be considered. Please consult your CSP for details.

How can I order CPI?

Customer enrollment into the Cloud Provider Interconnect (CPI) Service is a two-step process that begins with the customer submitting a request for a Cost Estimate/Design. Once the request is received, CDT will contact the customer and provide a cost estimate. If the customer approves of the cost estimate, they then submit a second request for CPI Implementation, attaching the provided cost estimate. Please contact your Account Lead should you require any assistance with the request process.

Can I connect a Transit Gateway to CPI?

Yes, there is an option to connect a Transit Gateway to CPI. You must request a dedicated physical hand off for this to work, and if you require redundancy you would need to request two connections. The Transit Gateway is not permitted to peer with any 3rd party entities.

Is there a term agreement?

No, CPI is a month-to-month service.

Which CSPs can I connect to?

The service allows connectivity to multiple CSPs in multiple regions. Currently, CDT has established connectivity with Microsoft Azure, Amazon Web Services, Google Cloud Platform, and Oracle Cloud Infrastructure.

What bandwidth options are available?

CPI is offered at ≤ 50 Mbps, 100 Mbps, 200 Mbps, 500 Mbps, 1 Gbps, 2 Gbps, 5 Gbps and higher. Traffic is not buffered and the throughput is a hard limit.

What are some of the key benefits?

CDT’s Cloud Provider Interconnect is the technical standard for Executive Branch customers connecting to the cloud. In many circumstances, private network connections can reduce costs, increase bandwidth, and provide a more consistent network experience than Internet-based connections. Key benefits include:

Network Reliability – Deliver important cloud-based business applications more quickly and with extremely high availability utilizing CDT’s low-latency, highly redundant network.
Security – Safely run your applications and move sensitive information between public and private clouds using CDT’s CPI with customer or CDT managed encrypted tunnels (optional). CDT security standards are maintained.
Expert Network Design – Collaborate with the CDT Network Engineering Team to implement a highly efficient network.
Service Level Agreements – Unlike accessing CSPs via the public internet, CPI leverages Service Level Agreements (SLAs) with the associated circuits, hardware and CSP connections to deliver an Enterprise solution for the State of California.

Additional Benefits include:

Private connectivity – CPI allows customers to take their traffic off the public Internet and isolate cloud traffic from other traffic.
Improved Performance – Redundant ECX port and CSP circuit connectivity for higher reliability.
Vendor agnostic – any customer site(s) connected to CGEN (single vendor or multiple vendors) can utilize the service
Ease of provisioning using integrated capabilities enables CDT and its customers to set up virtual connectivity quickly 24 x 7 x 365 Service Desk support
Multiple CSP Region availability
Distributed Denial of Service (DDoS) mitigation

The rate schedule represents standard CDT services. If a customer requires technology solutions that are not part of the standard, CDT will review the customer’s request and provide customized pricing as necessary.

Service Description	Service Identifier	Product Name	Unit of Measurement	Rate	Service Code
Cloud Provider Interconnect 50 Mbps	Cloud Provider Interconnect Services	Network Services	Monthly/Per Connection	$390.00	N110
Cloud Provider Interconnect 100 Mbps	Cloud Provider Interconnect Services	Network Services	Monthly/Per Connection	$440.00	N111
Cloud Provider Interconnect 200 Mbps	Cloud Provider Interconnect Services	Network Services	Monthly/Per Connection	$540.00	N112
Cloud Provider Interconnect 500 Mbps	Cloud Provider Interconnect Services	Network Services	Monthly/Per Connection	$740.00	N113
Cloud Provider Interconnect 1000 Mbps	Cloud Provider Interconnect Services	Network Services	Monthly/Per Connection	$1,140.00	N114
Cloud Provider Interconnect 2000 Mbps	Cloud Provider Interconnect Services	Network Services	Monthly/Per Connection	$1,690.00	N115
Cloud Provider Interconnect 5000 Mbps	Cloud Provider Interconnect Services	Network Services	Monthly/Per Connection	$2,490.00	N116
Cloud Provider Interconnect over 5000 Mbps	Cloud Provider Interconnect Services	Network Services	Monthly/Per Connection	$3,390.00	N117
Cloud Provider Dedicated Direct Connect up to 1000 Mbps	Cloud Provider Interconnect Services	Network Services	Monthly/Per Connection	$2,940.00	N118
Cloud Provider Dedicated Direct Connect over 1000 Mbps	Cloud Provider Interconnect Services	Network Services	Monthly/Per Connection	$5,090.00	N119

Customer enrollment into the Cloud Provider Interconnect (CPI) Service is a two-step process that begins with the customer submitting a request for Design/Cost Estimate for CPI (link below). CDT will contact the customer regarding the request and provide a cost estimate. Once the cost estimate is provided, the customer submits a second request for CPI Implementation (link below), attaching the provided Cost Estimate. Please contact your Account Lead should you require any assistance with the request process.

Enrollment in the Cloud Provider Interconnect (CPI) Service

The customer submits a request case for New Network Design/Cost Estimate for CPI. A design meeting can be scheduled at the customer’s request.
CDT reviews the request and attaches a cost estimate to the case for customer review.
Request case is closed.
The customer submits a second request case, Cloud Provider Interconnect (CPI), for implementation.
CDT works with the customer and CSP to implement the design, test connectivity, and turn over administration to the customer.
Request case is closed.

Service Request Name	Link
Design and Cost Estimate for CPI Service Prior to submitting the request for CPI Implementation, customers must have completed enrollment in CDT’s Off-Premises Cloud Services and have a Cloud Service Provider (CSP) subscription.	Order CPI Design and Cost Estimate
Implement CPI	Order CPI Implementation

If you have questions or need further clarification, please contact your CDT Account Lead by using the Account Lead Directory, or call Customer Engagement at (916) 431-5390.

Service Option	Fulfillment Timeframe SLO	Notes/Dependencies
Network Cost Estimate for FRS, FRS-E, DC-to-DC, CPI, & SD-WAN	95% within 30 Calendar Days	Network Cost Estimate fulfillment timeframe is for the delivery of initial cost estimate and/or high-level network design for a single Telco vendor at one service/site location Based on complexity of customer department’s network design requirements Dependencies: Telco vendor response time – applies to SD-WAN and FRS-E only No quote/services are needed from local exchange carrier Customer availability to attend design meetings with the appropriate technical staff Customer submission of accurate information/documentation Process includes: Customer Initiates Request - Customer submits request, completes questionnaire (Avg – 3 days) CDT Network Review – Network Support review/approve, gather additional information, and conduct internal meetings with Network Engineering as needed (Avg – 5 days) Customer and CDT Network Meeting – Network design and technical requirements meeting with customer and preparation of high-level network design/topology (Avg – 10 days) Vendor Quote Submission – CDT submit and receive telco quotes from selected vendor (applies to SD-WAN and FRS-E only) (Avg – 10 days) CDT Delivery and Customer Accepts – Network provide cost estimate and/or high-level network design to customer and customer accepts (Avg – 2 days)

Service Option

Fulfillment Timeframe SLO

Notes/Dependencies

Network Cost Estimate for FRS, FRS-E, DC-to-DC, CPI, & SD-WAN

95% within 30 Calendar Days

Network Cost Estimate fulfillment timeframe is for the delivery of initial cost estimate and/or high-level network design for a single Telco vendor at one service/site location

Based on complexity of customer department’s network design requirements

Telco vendor response time – applies to SD-WAN and FRS-E only
No quote/services are needed from local exchange carrier
Customer availability to attend design meetings with the appropriate technical staff
Customer submission of accurate information/documentation

Process includes:

Customer Initiates Request - Customer submits request, completes questionnaire (Avg – 3 days)
CDT Network Review – Network Support review/approve, gather additional information, and conduct internal meetings with Network Engineering as needed (Avg – 5 days)
Customer and CDT Network Meeting – Network design and technical requirements meeting with customer and preparation of high-level network design/topology (Avg – 10 days)
Vendor Quote Submission – CDT submit and receive telco quotes from selected vendor (applies to SD-WAN and FRS-E only) (Avg – 10 days)
CDT Delivery and Customer Accepts – Network provide cost estimate and/or high-level network design to customer and customer accepts (Avg – 2 days)

Service Option	Fulfillment Timeframe SLO	Notes/Dependencies
Add CPI Dedicated Connection	60 Days (90%)	The timeline can be dependent on the customer’s requested date for completion. Customer Dependencies Submit a ticket Customer provides correct CPI information Knowledge of connectivity from the customer’s cloud environment connection at CDT Knowledge, skillset, and understanding of both ends of the connection for building out the CPI Customer implementation date will affect the number of days for fulfillment (if the customer does not specify a date for completion CDT’s objective is to complete within 60-days) Except for a Delete request, a “New Network Design plans/Cost Estimate/Topologies” service request for the cost estimate and evaluation must be completed and submitted in ServiceNow. All traffic destined for the public Internet must traverse the CDT network in accordance with Internet usage SAM 4985.1 unless otherwise approved. Some exceptions may apply Freeze Calendars CDT Dependencies Freeze Calendars Vendor's Dependencies CPI Dedicated connection require Interagency Agreements Seattle facility: Requires contractor to lay cables San Jose facility: CDT Staff (or contractors) to physically lay cables Other Dedicated CPI: 60 days End-to-end connectivity requires the identification of both Customer Cloud Environment to their Environment within CDT Dedicated Process: Up to 30 days to connect from CDT to the Cloud Connectivity depends on technology (e.g. CGEN, FRS/FRS-E, TMS, SD-WAN, Internet, VPN) and may take up to 30 days to implement SASE may require additional time for implementation
Add CPI Shared Connection	40 Days (90%)	The timeline can be dependent on the customer’s requested date for completion. Customer Dependencies Submit a ticket (Cost Estimate Should be Submitted) Except for a Delete request, a “New Network Design plans/Cost Estimate/Topologies” service request for the cost estimate and evaluation must be completed and submitted in ServiceNow. Customer provides correct CPI information Customer implementation date will affect the number of days for fulfillment (if the customer does not specify a date for completion CDT’s objective is to complete within 40-days) Knowledge, skillset, and understanding of both ends of the connection for building out the CPI All traffic destined for the public Internet must traverse the CDT network in accordance with Internet usage SAM 4985.1 unless otherwise approved. Some exceptions may apply Freeze Calendars CDT Dependencies Network Freezes Vendor's Dependencies Shared connection may require Interagency Agreements Seattle facility: Requires contractor to lay cables San Jose facility: CDT Staff (or contractors) to physically lay cables Other Shared CPI: 40 days 10-days for CDT to cloud and up to 30 days for customers to connect their cloud infrastructure End-to-end connectivity requires the identification of both ends for example connectivity to CGEN, FRS/FRS-E, TMS, SD-WAN, Internet, VPN, and may take up to 30 days to implement SASE/FWaaS may require additional time for implementation
Delete CPI	30 Days (90%)	Customer Dependencies Service Ticket submitted Provide the Peer IP Address Account Number / Subscription Key Provide the VLAN Name of the Cloud Provider CPI Termination Point Seattle or San Jose
Change CPI	30 Days (90%)	Customer Dependencies Service Ticket submitted Account Number / Subscription Key Provide the Peer IP Address Provide the VLAN Name of the Cloud Provider CPI Termination Point Seattle or San Jose

Our department

Community of practice

State campaigns

Website Accessibility Certification