NOTE: This blog exists as part of a six part series.
In a recent interview, when responding to a question regarding what was top of mind with enterprise customers, a leading industry CEO responded:
“The biggest thing for them is they're migrating to the cloud at some crazy rate, and more than 40 percent of cloud migration projects get stalled because they didn't plan properly for the network.”
Designing your hybrid multi cloud network is not simple. Design involves architecting and implementing on-premises and public cloud infrastructures to work seamlessly with each other. The complexity starts at the networking layer within each cloud provider's environment. Each cloud provider has a networking product catalog available to customers for providing workload connectivity. This connectivity is generally classified as “on-net” (VPC to VPC: Intra/inter-region: across a single provider's cloud) or “off-net” (VPC to off-site locations) to remote computing resources. To provide some context, AWS's document on this subject alone covers a dozen service offerings and is forty pages long. When you toss in another cloud provider, you quickly discover that each provider's networking capabilities are not identical. For instance, AWS's transit gateways operate differently from Azure's.
Selecting the appropriate solution for multi cloud connectivity requires consideration of the following constructs (among other variables):
Using a VPN mesh over the Internet may fulfill a few simple requirements; however, the solution gets messy quickly as connectivity requirements grow. Using a VPN mesh over the Internet may fulfill a few simple requirements; however, the solution gets messy quickly as connectivity requirements grow.
A private connection is preferred for workloads with bandwidth requirements and latency sensitivities. Cloud providers facilitate this type of connectivity. However, they do not deliver the entire solution, but rely on partners to extend this connectivity beyond the meet point room outside their environment. Therefore, the customer needs to take over responsibilities in selecting diverse bandwidth providers to provide connectivity from the meet point to the remote workload locations. This process is repeated for each cloud provider environment.
As you can tell by now, even simple connectivity becomes very complicated, leading to delays. But what about an environment where dozens of workloads are distributed across multiple clouds?.
Beyond connectivity, security is critical. Security is the most significant operational challenge when moving to a hybrid multi cloud environment. The exposure to security risks increases many folds as the existing borders of the enterprise data centers now extend beyond the traditional firewalls in the data center. As with network connectivity, each cloud provider has its product catalog to address security needs. These products offer similar high-level feature functionality; however, the management and operation of these products introduce massive operational complexities. Each cloud provider's security products require the enterprise security organization to essentially learn a new product. Each provider's implementation comes with a new user interface, new vendor jargon, and new procedural steps required to apply rulesets. For example, anyone who has applied Access Control Lists across multiple firewall products understands the process is different for every vendor.
It is challenging for customers to develop consistent policies and operational procedures across all cloud providers to ensure that configuration and change management are consistent and can be applied promptly without exposing the enterprise to any additional risk. With this model, nothing is simple, development is slowed, and digital transformation is delayed.
Beyond the simple building blocks associated with hybrid multi cloud networking and security, ensuring your application workloads are appropriately placed to function correctly is essential. Additionally, it is vital that your application can withstand an underlying outage and can automatically heal to ensure application workloads continue running efficiently.
Layered on top of all the operational requirements are additional data governance and security requirements that need consideration. In addition, in many cases, several fragmented global, national, corporate, and industry-based governance and compliance issues also need addressing when operating in a split workload multi cloud environment. Some of these cloud data governance laws that require attention are:
These all need attention regarding the server placement and the network supporting them.
Let's revisit the original paragraph. It is understandable why business transformation initiatives are being held back. The question that needs to be asked is, what is the solution to this problem? Is it deploying more human resources? Is it continuing to string together old technologies? Or do we need a new approach to networking, one that is designed for the dynamic nature of cloud computing and distributed workloads? One that gives dev/ops teams the freedom to move at their own pace, while at the same time giving the networking and security teams the confidence to let them do so, knowing the network is secured.