Hybrid cloud is becoming a standard operating model for many organizations. But how can you realize the expected agility when there are so many challenges ahead of you? In this series of articles, we’ve dissected each challenge and proposed some corresponding solutions. Whether you’re facing security and network concerns, or integration and system management issues, it’s critical to have a proactive plan in place. This final article rounds out the discussion by looking at ways to address the issues around portability, compatibility, and your existing toolset.
Solutions to Hybrid Cloud Challenges
In many cases, a hybrid cloud is the combination of complimentary – but not identical – computing environments. This means that processes, techniques, and tools that work in one place may not work in another.
Compatibility. Gluing together two distinct environments does not come without challenges. Now, it’s possible that you have the same technology stack in both the public and private cloud environment, but the users, technology, and processes may be dissimilar!
- Move above the hypervisor. Even if your public cloud provider supports the import and export of virtual machines in a standard format, no legitimate public cloud exposes hypervisor configurations to the user. If you want to have a consistent experience in your hybrid cloud, avoid any hypervisor-level settings that won’t work in BOTH environments. Tune applications and services, and start to wean yourself off of specific hypervisors.
- Consider bimodal IT needs. If you subscribe to the idea of bimodal IT, then embrace these differences and don’t try to force a harmonization where none exists. Some traditional IT processes may not work in a public cloud. If the more agile groups at your organization are most open to using the public cloud and setting up a hybrid cloud, then cater more to their needs.
- Be open to streamline, and compromise. The self-service, pay-as-you-go, elastic model of public cloud is often in direct conflict with the way enterprise IT departments manage infrastructure. Your organization may have to loosen the reigns a bit and give up some centralized control in order to establish a successful hybrid cloud. Look over existing processes and tools, and see which will not work in a hybrid environment, and incubate ways to introduce new efficiencies.
Portability. One perceived value of a hybrid cloud is the ability to move workloads between environments as the need arises. However, that’s easier said than done.
- Review prerequisites for VM migration. A virtual machine in your own data center may not work as-is in the public cloud. Public cloud providers may have a variety of constraints around choice of Operating System, virtual machine storage size, open ports, and number of NICs.
- Embrace standards between environments. Even if virtual machines are portable, the environmental configurations typically aren’t. Network configurations, security settings, monitoring policies, and more are often tied to a specific cloud. Look to multi-cloud management tools that expose compatibility layers, or create scripting that re-creates an application in a standard way.
Tooling and Skills. Even if you have plans for all of the items above, it will be hard to achieve success without robust tooling and talented people to design and operate your hybrid cloud.
- Invest in training. Your team needs new skills to properly work in a hybrid cloud. What skills are most helpful? Your architects and developers should be well-versed in distributed web application design and know what it means to build scalable, resilient, asynchronous applications. Operations staff should get familiar with configuration management tools and the best practices for repeatedly building secure cloud environments.
- Get hands on experience. Even if you’re using a private cloud hosted by someone else, don’t outsource the setup! Participate in the hybrid cloud buildout and find some initial projects to vet the environment and learn some do’s and don’ts..
- Modernize your toolset. The tools that you used to develop and manage applications 5-10 years ago aren’t the ones that will work best in the (hybrid) cloud today, let alone 5-10 years from now. Explore NoSQL databases that excel in distributed environments, use lightweight messaging systems to pass data around the hybrid cloud, try out configuration management platforms, and spend time with continuous deployment tools that standardize releases.
Taking the Next Steps
Hybrid cloud can be a high risk, high reward proposition. If you do it wrong, you end up with a partially useful but frustratingly mediocre environment that doesn’t stop the growth of shadow IT in the organization. However, if you build a thoughtfully integrated hybrid cloud, developers will embrace it, and your organization can realize new efficiencies and value from IT services. How can CenturyLink help? We offer an expansive public cloud, a powerful private cloud, and a team of engineers who can help you design and manage your solutions.
As hybrid cloud adoption grows, proper architecture and design of these solutions becomes critical. In the first part of this article series, we discussed the challenges any organization faces when linking public and private cloud environments. The second article outlined strategies for mitigating the network and security challenges of hybrid cloud. In this third of four articles, we will assess success strategies for application integration and system management in hybrid clouds.
Solutions to Hybrid Cloud Challenges
Data and Application Integration. Nearly every useful system is made up of data and business logic from multiple applications. Siloed, monolithic systems are fading in popularity as more dynamic systems take their place. But as you look to work with data and applications in a hybrid cloud, you need to keep a few things in mind.
- Recognize the presence of data gravity. The concept of data gravity ñ a principle identified by Dave McCrory that claims that applications and services are drawn closer to large collections of data ñ comes to play in a hybrid cloud. Do you find yourself shuttling data back and forth over long distances? Would it make sense to move some of your large data repositories to whichever cloud most of the consuming applications are running in? Bulk data movement between on-premises and public cloud systems can get slow, so look for ways to optimize placement based on known integration points.
- Map secure integration paths. Some services in your hybrid cloud may be software-as-a-service (SaaS) products that donít offer private network tunnels for communication. When creating a hybrid application integration strategy, consider tools ñ such as the Informatica Cloud or SnapLogic ñ that make it possible to securely transfer data from public SaaS platforms to systems behind your corporate firewall.
- Know your technical constraints. The applications in your data center are probably only limited by the hardware they run on. However, most multi-tenant cloud systems apply resource governors to make sure that no single consumer can swamp the platform with requests. Make sure that you understand the constraints of each public cloud in your hybrid architecture and refactor any integration processes that would obviously violate these constraints.
- Design for failure. When systems span environments in a hybrid scenario, the risk of localized failures goes up. Microservices and distributed components make for a more flexible architecture. The flipside, however, is that your system requires greater resilience. Work with your architects and developers to ensure that hybrid cloud applications can fail fast or apply circuit breakers to bypass failed components.
System Management ñ Work Smarter, Not Harder. This seems to be one of those areas that doesnít factor heavily into a companyís first assessment of cloud ìcost.î Ongoing maintenance is a part of nearly every server environment, unless youíre among the few who successfully run immutable servers. How can you mitigate this challenge?
- Invest in configuration management. Configuration management tools like Chef, Ansible, Puppet, and Salt are now mainstream and you can find plenty of expert material on how to use each platform. Why do those tools matter? Itís one thing to have inconsistencies in a small server environment where manual intervention is annoying, but not catastrophic. Itís another thing entirely to tolerate ìconfiguration driftî at scale! If you set up configuration management across your hybrid environment, it becomes possible to manage a constantly growing fleet of servers without corresponding increases in administrator headcount.
- Look for ways to perform management in bulk. Even if you do not have a full configuration management platform in place, aggressively pursue options that let you manage your assets in bulk instead of one at a time. Use scripting to programmatically interact with many servers at once, or leverage group-based management capabilities found in platforms like CenturyLink Cloud.
- Consider agent-based monitoring solutions that feed a centralized repository. In the public cloud, you will likely not have the same level of control that you have in a private environment. Donít assume that you can tap into the underlying virtualization layer of the public cloud, but rather, use server-based agents that can provide granular machine-level statistics. If you want to apply a standardized alerting process across your hybrid cloud, collect all the monitoring data into a centralized repository where it can be analyzed and acted on.
- Make it easy to find cloud resources. Classic configuration management databases wonít survive in a hybrid environment. Clouds are defined by their elasticity, and servers will be created and torn down at will. Trying to manually keep a tracking system in place is a foolís errand. Instead, figure out how to organize and find your dynamic compute resources in a way that helps your team. In the CenturyLink Cloud, you can use Server Groups to create collections of related servers, and leverage our Global Search to quickly find assets across any data center.
System management can be an unexpected – but critical – new cost of hybrid cloud computing. Your focus should be on streamlining processes and management at scale, not preserving all aspects of the current state. Data and application integration strategies for hybrid cloud help you place workloads where they make the most sense, and not sacrifice the benefits of each environment. In our final article of the series, we wíll take a look at how to succeed in the face of compatibility, portability, and tooling challenges.
Many organizations are adopting hybrid clouds – a bridge of public and private cloud environments – but there are many pitfalls along the way. In the first part of this article series, we looked at the challenges that any organization faces in their hybrid cloud journey. Now it’s time to see how to overcome these challenges. In this second of four articles, we will revisit the first set of hybrid cloud challenges and discuss strategies for success.
Solutions to Hybrid Cloud Challenges
Lasting success with a hybrid cloud requires strategic planning, investment, and yes, some compromise. By definition, you are using services that are outside of your control. Hence, existing processes and technologies may need to be revisited if you want meaningful integration and the flood of efficiencies that follow.
Keep in mind that every part of your organization cannot accommodate the same level of change associated with a hyper-efficient hybrid cloud. Lydia Leong of Gartner points out that organizations with “bimodal IT” – where pockets of traditional IT and agile IT co-exist – are most successful when they do NOT have a universal set of processes, tools, and skills. If your IT organization is bimodal, consider which parts of the organization are most equipped to take advantage of a hybrid cloud, and align more closely to their way of working.
Let’s jump in.
Security. How do we handle the myriad of security challenges in a hybrid cloud? Piece by piece, and with some overarching principles in mind. I like how Trend Micro’s Mark Nunnikhoven put it in a recent article on cloud security: adopt a shared responsibility model where you “trust but verify” the portion of the cloud run by others, and shift the security controls to areas you own. What are some specific things you should do?
- Incorporate single sign on (SSO). One of the best things you can do for hybrid cloud adoption is make access easy! Not only does SSO increase user satisfaction, it creates a more secure environment. Employees have fewer passwords to remember, and access to the cloud platform is controlled by a shared identity store.
- Assess data encryption options. Clouds often provide varying levels of data encryption support, so assess what solutions you can bring to the table. Consider agent-based solutions that encrypt and decrypt virtual machine volumes and give YOU control over the encryption key. In this case, you can likely use the same solution across public and private environments.
- Provision hardened machines via automation. One of the easiest ways for users to breach all your well-intentioned “secure computing” guidelines is to manually configure resources. To avoid human error, use automated provisioning solutions. Whether your cloud has a build automation engine like CenturyLink Cloud Blueprints, or you use popular configuration management tools like Chef, look for ways to turn provisioning into a repeatable activity through automation. This way, you can have confidence that important monitoring agents are installed, unnecessary ports are closed, and only required services are running.
- Monitor key activities. Don’t let your public cloud provider be a passive participant in your overall security governance process! Use APIs (and webhooks, if you’re using CenturyLink Cloud) to find out when new users are added to the cloud, and what permissions they have. Regularly extract your organization’s public cloud audit trail and load into a data warehouse for correlation and analysis.
- Leverage managed services to offload responsibility. Whether you have a large or small fleet of servers to manage, ongoing maintenance is a big part of staying secure. Servers need to be patched, upgraded, and monitored frequently. If you’re concerned that your existing staff can’t take on management of the public cloud servers in a hybrid environment, look at using managed services to shift that responsibility to your cloud provider.
Networking. Networking is one of the most important – and difficult – aspects of hybrid cloud configuration. Why is it difficult? It so easy to take things for granted when working solely with a local, closed network with geographically-coupled resources.
- Co-locate chatty application components. You know that high performing system sitting in your data center? How well does it work when some components are in the public cloud and some reside in your private environment? A hybrid cloud can expose applications that require a lot of back-and-forth communication that degrades over long distances. For applications like this, commit to putting them entirely in one environment or another.
- Be flexible on IP ranges. While some clouds let you add public servers to a specific subnet, you may be forced to use the cloud provider’s IP address space. Work with your cloud provider to design a topology that provides the most trust and continuity between your networks, even if IP ranges differ.
- Don’t abandon good isolation practices. System administrators are used to crafting a network layout that puts servers with similar isolation needs on the same VLAN. Try to follow this practice throughout your hybrid cloud environment by using the same rigor in your public cloud.
- Establish network trust and keep the front door closed. You know what’s not a good idea? Putting a public IP address on a server and doing remote administration through well known ports. This sloppy practice opens you up to hack attempts! Make sure that your hybrid cloud is configured with persistent, secure connectivity between environments. Look for site to site VPNs, MPLS connectivity, or even cross connects to establish trust. Then, developers and administrators can access servers through the private network and keep the public attack surface to a minimum.
A well-built hybrid cloud helps you deliver services efficiently, securely, and at scale. Security and network challenges are just two of the many areas to focus on when planning a hybrid cloud. In the next article, we’ll share tips for application integration and system management. Looking for help with your hybrid cloud plans? Reach out to us and we can help you design the solution that meets you need!
Having been in the cloud infrastructure business since it came into existence, I’ve seen a number of different market forces shape and disrupt the industry. The business side of my brain tends to focus on everything that’s changing. But the engineering side of my brain tends to look for sustained constants in all the volatility. Sounds like a big data problem! Our data science team has crunched the numbers, and here are the key equations that help shape the managed cloud.
Ownership != Control
IT leaders often mistake having a tight grip on asset ownership with a tight grip on the steering wheel. With good but slightly misguided intentions, they want to own everything they use. This can lead to over-expenditure on common, undifferentiated hardware as well as under-utilized, over-engineered software products. The own-it-all approach also builds a strong correlation between new IT projects and business growth initiatives, a situation that leaves IT permanently behind in delivering value to the business.
The critical challenge for any IT department is to provide an agility platform that addresses the digital needs of the business under competitive pressure. The goal is to have true command and control over all IT resources, even if you don’t actually own them. In fact, true command and control comes from the de-coupling of IT infrastructure from its management systems which give operational awareness.
Public cloud is an important part of enterprise IT. Why? Self-service. APIs. Automation. Access to new features regularly. Global reach. Outsourcing of infrastructure management. OpEx consumption.
But it’s not the be-all, end-all.
Enterprise apps will always require a range of infrastructure options – Hybrid IT – including bare metal, traditional hosting…and private cloud.
The private cloud market is relatively immature (more on this in a forthcoming blog post). The more we looked at this segment, the more we saw an opportunity to offer customers a unique value proposition.
“You got chocolate in my peanut butter…”
With CenturyLink Private Cloud, we’ve combined our approach to public cloud with the most important elements of a private cloud.
Public cloud-style agility, scale, and automation – running on dedicated hardware with physical isolation. Available in over 55 data centers worldwide. That’s CenturyLink Private Cloud.
We spare customers from the drudgery of infrastructure management, while offering more control over what truly matters: everything that happens from the platform up.
For example, administrators dictate who has access to the pod and what they can do on it – while wielding complete authority to govern how the node is used day-to-day. If an instance in the public cloud is an apartment in a large building, CenturyLink Private Cloud makes you the landlord, where you handpick the tenants as you see fit.
Most importantly, the product offers this enhanced control without compromising self-service, scale, and automation.
Ten Ways CenturyLink Simplifies Private Cloud
Let’s step through ten important CenturyLink Private Cloud product attributes, and how they make life easier:
- Dedicated hardware & physical isolation. Compute, storage, and network are all dedicated to you, physically isolated from other deployments. Table stakes for a private cloud.
- We’ll Deploy Where You Want. Place your node close to employees, users, or partners, in over 55 of our state-of-the-art data centers. You get unparalleled geographic flexibility and support for advanced networking and geographic flexibility. Plus, this helps us offer the best SLAs possible, compared to customer premises models.
- Administrative control of your users and their deployments, with an enterprise permissions model. IT already has a way they want segment access across a global employee base. We help you do that with point-and-click ease at a granular level.
- Easy oversight and day-to-day management of deployed apps. Our management interface – the Control Portal – is a breakthrough experience for managing cloud environments at scale. In way less time that you thought possible.
- Self-service access. This is why employees turned to public cloud in the first place – servers in minutes, so they can get on with their jobs. CenturyLink Private Cloud offers self-service to users via our Control Portal and with an API.
- Chargebacks, governance & detailed internal usage tracking. As IT aligns closer with the business, chargebacks and showbacks become crucial to embracing cloud. Our built-in account hierarchies and granular invoices combine to offer you unprecedented detail to your employees about their usage.
- 99.99% SLAs & CenturyLink Cloud management of infrastructure. The point of cloud is to get out of the infrastructure management, remember? Private cloud doesn’t change that. We have deep expertise in running cloud at scale, and that expertise goes to work for you here.
- Elastic compute, storage, and network. Sure, capacity is fixed within the physical environment. But you can ratchet resources up and down for each app that’s hosted there. And our Service Engineering team will help you capacity plan as you go.
- Regular access to new features and innovation. Our private cloud is updated with new features every 21 business days, just like our public cloud. And because of our DevOps expertise, the downtime for your apps is negligible. So when we add new features (like Group-based autoscaling), private cloud customers have them at the same time. The update schedule for most other public clouds – let alone the other private cloud vendors – is not nearly as aggressive as what CenturyLink offers.
- OpEx model consumption. CenturyLink Private Cloud is a pure operational expense, offering flexibility and freedom when compared to capital-intensive alternatives.
One other element of why we think this approach works so well – CenturyLink Private Cloud is federated into our public cloud network. That means that hybrid configurations become dramatically simpler. Deploy apps across our public nodes and your private nodes, just like you would any other multi-data center configuration (even using Blueprints if you want!). Create firewall rules to govern access between public and private.
Hybrid IT has been a big focus for CenturyLink in the recent past, and it’s intensifying.
CenturyLink Private Cloud is a product will appeal to those enterprises that want a “transformational private cloud” (using Forrester’s excellent private cloud framework), where the goal is control and agility.
Want to know more? Check out the product page, or reach out to our private cloud sales team. We are looking forward to helping you advance your cloud strategy!