Hybrid cloud is becoming a standard operating model for many organizations. But how can you realize the expected agility when there are so many challenges ahead of you? In this series of articles, we’ve dissected each challenge and proposed some corresponding solutions. Whether you’re facing security and network concerns, or integration and system management issues, it’s critical to have a proactive plan in place. This final article rounds out the discussion by looking at ways to address the issues around portability, compatibility, and your existing toolset.
Solutions to Hybrid Cloud Challenges
In many cases, a hybrid cloud is the combination of complimentary – but not identical – computing environments. This means that processes, techniques, and tools that work in one place may not work in another.
Compatibility. Gluing together two distinct environments does not come without challenges. Now, it’s possible that you have the same technology stack in both the public and private cloud environment, but the users, technology, and processes may be dissimilar!
- Move above the hypervisor. Even if your public cloud provider supports the import and export of virtual machines in a standard format, no legitimate public cloud exposes hypervisor configurations to the user. If you want to have a consistent experience in your hybrid cloud, avoid any hypervisor-level settings that won’t work in BOTH environments. Tune applications and services, and start to wean yourself off of specific hypervisors.
- Consider bimodal IT needs. If you subscribe to the idea of bimodal IT, then embrace these differences and don’t try to force a harmonization where none exists. Some traditional IT processes may not work in a public cloud. If the more agile groups at your organization are most open to using the public cloud and setting up a hybrid cloud, then cater more to their needs.
- Be open to streamline, and compromise. The self-service, pay-as-you-go, elastic model of public cloud is often in direct conflict with the way enterprise IT departments manage infrastructure. Your organization may have to loosen the reigns a bit and give up some centralized control in order to establish a successful hybrid cloud. Look over existing processes and tools, and see which will not work in a hybrid environment, and incubate ways to introduce new efficiencies.
Portability. One perceived value of a hybrid cloud is the ability to move workloads between environments as the need arises. However, that’s easier said than done.
- Review prerequisites for VM migration. A virtual machine in your own data center may not work as-is in the public cloud. Public cloud providers may have a variety of constraints around choice of Operating System, virtual machine storage size, open ports, and number of NICs.
- Embrace standards between environments. Even if virtual machines are portable, the environmental configurations typically aren’t. Network configurations, security settings, monitoring policies, and more are often tied to a specific cloud. Look to multi-cloud management tools that expose compatibility layers, or create scripting that re-creates an application in a standard way.
Tooling and Skills. Even if you have plans for all of the items above, it will be hard to achieve success without robust tooling and talented people to design and operate your hybrid cloud.
- Invest in training. Your team needs new skills to properly work in a hybrid cloud. What skills are most helpful? Your architects and developers should be well-versed in distributed web application design and know what it means to build scalable, resilient, asynchronous applications. Operations staff should get familiar with configuration management tools and the best practices for repeatedly building secure cloud environments.
- Get hands on experience. Even if you’re using a private cloud hosted by someone else, don’t outsource the setup! Participate in the hybrid cloud buildout and find some initial projects to vet the environment and learn some do’s and don’ts..
- Modernize your toolset. The tools that you used to develop and manage applications 5-10 years ago aren’t the ones that will work best in the (hybrid) cloud today, let alone 5-10 years from now. Explore NoSQL databases that excel in distributed environments, use lightweight messaging systems to pass data around the hybrid cloud, try out configuration management platforms, and spend time with continuous deployment tools that standardize releases.
Taking the Next Steps
Hybrid cloud can be a high risk, high reward proposition. If you do it wrong, you end up with a partially useful but frustratingly mediocre environment that doesn’t stop the growth of shadow IT in the organization. However, if you build a thoughtfully integrated hybrid cloud, developers will embrace it, and your organization can realize new efficiencies and value from IT services. How can CenturyLink help? We offer an expansive public cloud, a powerful private cloud, and a team of engineers who can help you design and manage your solutions.
Many organizations are adopting hybrid clouds – a bridge of public and private cloud environments – but there are many pitfalls along the way. In the first part of this article series, we looked at the challenges that any organization faces in their hybrid cloud journey. Now it’s time to see how to overcome these challenges. In this second of four articles, we will revisit the first set of hybrid cloud challenges and discuss strategies for success.
Solutions to Hybrid Cloud Challenges
Lasting success with a hybrid cloud requires strategic planning, investment, and yes, some compromise. By definition, you are using services that are outside of your control. Hence, existing processes and technologies may need to be revisited if you want meaningful integration and the flood of efficiencies that follow.
Keep in mind that every part of your organization cannot accommodate the same level of change associated with a hyper-efficient hybrid cloud. Lydia Leong of Gartner points out that organizations with “bimodal IT” – where pockets of traditional IT and agile IT co-exist – are most successful when they do NOT have a universal set of processes, tools, and skills. If your IT organization is bimodal, consider which parts of the organization are most equipped to take advantage of a hybrid cloud, and align more closely to their way of working.
Let’s jump in.
Security. How do we handle the myriad of security challenges in a hybrid cloud? Piece by piece, and with some overarching principles in mind. I like how Trend Micro’s Mark Nunnikhoven put it in a recent article on cloud security: adopt a shared responsibility model where you “trust but verify” the portion of the cloud run by others, and shift the security controls to areas you own. What are some specific things you should do?
- Incorporate single sign on (SSO). One of the best things you can do for hybrid cloud adoption is make access easy! Not only does SSO increase user satisfaction, it creates a more secure environment. Employees have fewer passwords to remember, and access to the cloud platform is controlled by a shared identity store.
- Assess data encryption options. Clouds often provide varying levels of data encryption support, so assess what solutions you can bring to the table. Consider agent-based solutions that encrypt and decrypt virtual machine volumes and give YOU control over the encryption key. In this case, you can likely use the same solution across public and private environments.
- Provision hardened machines via automation. One of the easiest ways for users to breach all your well-intentioned “secure computing” guidelines is to manually configure resources. To avoid human error, use automated provisioning solutions. Whether your cloud has a build automation engine like CenturyLink Cloud Blueprints, or you use popular configuration management tools like Chef, look for ways to turn provisioning into a repeatable activity through automation. This way, you can have confidence that important monitoring agents are installed, unnecessary ports are closed, and only required services are running.
- Monitor key activities. Don’t let your public cloud provider be a passive participant in your overall security governance process! Use APIs (and webhooks, if you’re using CenturyLink Cloud) to find out when new users are added to the cloud, and what permissions they have. Regularly extract your organization’s public cloud audit trail and load into a data warehouse for correlation and analysis.
- Leverage managed services to offload responsibility. Whether you have a large or small fleet of servers to manage, ongoing maintenance is a big part of staying secure. Servers need to be patched, upgraded, and monitored frequently. If you’re concerned that your existing staff can’t take on management of the public cloud servers in a hybrid environment, look at using managed services to shift that responsibility to your cloud provider.
Networking. Networking is one of the most important – and difficult – aspects of hybrid cloud configuration. Why is it difficult? It so easy to take things for granted when working solely with a local, closed network with geographically-coupled resources.
- Co-locate chatty application components. You know that high performing system sitting in your data center? How well does it work when some components are in the public cloud and some reside in your private environment? A hybrid cloud can expose applications that require a lot of back-and-forth communication that degrades over long distances. For applications like this, commit to putting them entirely in one environment or another.
- Be flexible on IP ranges. While some clouds let you add public servers to a specific subnet, you may be forced to use the cloud provider’s IP address space. Work with your cloud provider to design a topology that provides the most trust and continuity between your networks, even if IP ranges differ.
- Don’t abandon good isolation practices. System administrators are used to crafting a network layout that puts servers with similar isolation needs on the same VLAN. Try to follow this practice throughout your hybrid cloud environment by using the same rigor in your public cloud.
- Establish network trust and keep the front door closed. You know what’s not a good idea? Putting a public IP address on a server and doing remote administration through well known ports. This sloppy practice opens you up to hack attempts! Make sure that your hybrid cloud is configured with persistent, secure connectivity between environments. Look for site to site VPNs, MPLS connectivity, or even cross connects to establish trust. Then, developers and administrators can access servers through the private network and keep the public attack surface to a minimum.
A well-built hybrid cloud helps you deliver services efficiently, securely, and at scale. Security and network challenges are just two of the many areas to focus on when planning a hybrid cloud. In the next article, we’ll share tips for application integration and system management. Looking for help with your hybrid cloud plans? Reach out to us and we can help you design the solution that meets you need!
Public cloud is an important part of enterprise IT. Why? Self-service. APIs. Automation. Access to new features regularly. Global reach. Outsourcing of infrastructure management. OpEx consumption.
But it’s not the be-all, end-all.
Enterprise apps will always require a range of infrastructure options – Hybrid IT – including bare metal, traditional hosting…and private cloud.
The private cloud market is relatively immature (more on this in a forthcoming blog post). The more we looked at this segment, the more we saw an opportunity to offer customers a unique value proposition.
“You got chocolate in my peanut butter…”
With CenturyLink Private Cloud, we’ve combined our approach to public cloud with the most important elements of a private cloud.
Public cloud-style agility, scale, and automation – running on dedicated hardware with physical isolation. Available in over 55 data centers worldwide. That’s CenturyLink Private Cloud.
We spare customers from the drudgery of infrastructure management, while offering more control over what truly matters: everything that happens from the platform up.
For example, administrators dictate who has access to the pod and what they can do on it – while wielding complete authority to govern how the node is used day-to-day. If an instance in the public cloud is an apartment in a large building, CenturyLink Private Cloud makes you the landlord, where you handpick the tenants as you see fit.
Most importantly, the product offers this enhanced control without compromising self-service, scale, and automation.
Ten Ways CenturyLink Simplifies Private Cloud
Let’s step through ten important CenturyLink Private Cloud product attributes, and how they make life easier:
- Dedicated hardware & physical isolation. Compute, storage, and network are all dedicated to you, physically isolated from other deployments. Table stakes for a private cloud.
- We’ll Deploy Where You Want. Place your node close to employees, users, or partners, in over 55 of our state-of-the-art data centers. You get unparalleled geographic flexibility and support for advanced networking and geographic flexibility. Plus, this helps us offer the best SLAs possible, compared to customer premises models.
- Administrative control of your users and their deployments, with an enterprise permissions model. IT already has a way they want segment access across a global employee base. We help you do that with point-and-click ease at a granular level.
- Easy oversight and day-to-day management of deployed apps. Our management interface – the Control Portal – is a breakthrough experience for managing cloud environments at scale. In way less time that you thought possible.
- Self-service access. This is why employees turned to public cloud in the first place – servers in minutes, so they can get on with their jobs. CenturyLink Private Cloud offers self-service to users via our Control Portal and with an API.
- Chargebacks, governance & detailed internal usage tracking. As IT aligns closer with the business, chargebacks and showbacks become crucial to embracing cloud. Our built-in account hierarchies and granular invoices combine to offer you unprecedented detail to your employees about their usage.
- 99.99% SLAs & CenturyLink Cloud management of infrastructure. The point of cloud is to get out of the infrastructure management, remember? Private cloud doesn’t change that. We have deep expertise in running cloud at scale, and that expertise goes to work for you here.
- Elastic compute, storage, and network. Sure, capacity is fixed within the physical environment. But you can ratchet resources up and down for each app that’s hosted there. And our Service Engineering team will help you capacity plan as you go.
- Regular access to new features and innovation. Our private cloud is updated with new features every 21 business days, just like our public cloud. And because of our DevOps expertise, the downtime for your apps is negligible. So when we add new features (like Group-based autoscaling), private cloud customers have them at the same time. The update schedule for most other public clouds – let alone the other private cloud vendors – is not nearly as aggressive as what CenturyLink offers.
- OpEx model consumption. CenturyLink Private Cloud is a pure operational expense, offering flexibility and freedom when compared to capital-intensive alternatives.
One other element of why we think this approach works so well – CenturyLink Private Cloud is federated into our public cloud network. That means that hybrid configurations become dramatically simpler. Deploy apps across our public nodes and your private nodes, just like you would any other multi-data center configuration (even using Blueprints if you want!). Create firewall rules to govern access between public and private.
Hybrid IT has been a big focus for CenturyLink in the recent past, and it’s intensifying.
CenturyLink Private Cloud is a product will appeal to those enterprises that want a “transformational private cloud” (using Forrester’s excellent private cloud framework), where the goal is control and agility.
Want to know more? Check out the product page, or reach out to our private cloud sales team. We are looking forward to helping you advance your cloud strategy!
If you’ve been reading cloud-related news lately or you follow any developers or system admins on Twitter, then you’ve undoubtedly seen the words “container”, “Docker”, and “CoreOS” written a few thousand times over the past year or so. Chatter has particularly picked up in the last few months with Docker 1.0 being released in June and CoreOS announcing their first stable release within the past few weeks. CoreOS also received an 8 million dollar investment just a couple of months ago, and Docker just got another $40 million in funding a few days ago. And just yesterday, CenturyLink joined the container party and announced the release of the open-source Docker management platform, Panamax. Developed by the recognized thought-leaders at CenturyLink Labs, Panamax was described by RedMonk principal analyst James Governor as “Docker management for humans. It dramatically simplifies multi-container app deployment.”
This is bleeding edge technology we’re talking about here, so if you haven’t heard about any of it yet, there’s no time like the present. Docker is one of the fastest-growing open-source projects ever, with more than 550 contributors and 7 million downloads in just over a year since its release. The power of Docker lies in its ability to build and deploy applications in containers, which are extremely efficient and more portable than traditional virtual machines. This is because they abstract only the operating system kernel rather than an entire device. Of course, there are plenty of places to read up and find out more information on what all the fuss is about, and none are better than our very own CenturyLink Labs blog, where the Labs team has been pumping out exceptional content about all things Docker and CoreOS for months.
But if you’re like me, you’ll never be satisfied just reading about anything – you want to try it already! If so, I’ve got good news for you. Whether you’re looking to just get your feet wet and experiment with containers or you’re feeling ready to jump right into the deep-end and start deploying applications with them, CenturyLink Cloud has got you covered. There are at least three ways you can get Docker up and running on CenturyLink Cloud right now: install Docker on a CentOS server, provision a CoreOS server running Docker, or take advantage of Panamax and make it even easier to use Docker. Whichever route you choose, all you need is a CenturyLink Cloud account to get started.
Option #1 – Installing Docker on CentOS
You might not be too familiar with CoreOS, so if you want to get started using Docker on a more familiar Linux distribution, you can easily use our Docker blueprint to install it on any CentOS server running on CenturyLink Cloud. You’ll even get the option to deploy a Hello World container so you can see a simple example of how Docker containers work and get started building your own.
Option #2 – Installing CoreOS
Interested in CoreOS? This lightweight Linux distribution is optimized for massive server deployments and it comes with Docker preinstalled because it’s designed specifically to run applications as containers. You can follow our step-by-step instructions or watch our how-to video for using blueprints to build a CoreOS server cluster on CenturyLink Cloud and start deploying your applications on Docker in minutes.
Option #3 – Installing Panamax on CoreOS
Maybe you like the idea of Docker and CoreOS, but you’re not a Linux expert and you’re a little afraid of getting too into the weeds on the command line. If so, CenturyLink Labs has developed just the answer for you: Panamax. Panamax is a single management platform for creating, sharing, and deploying Docker-containerized applications. By following similar steps to our CoreOS deployment above and selecting the “with Panamax” version of the blueprint, you can have a CoreOS server up and running with Panamax installed in no time, and there’s no easier way to get started with Docker.
Not only can you use Panamax to deploy images from Docker’s repository, you can also deploy complex multi-container Dockerized apps from Panamax’s Open-Source Application Template Library. Think of these templates as collections of Docker images that work together to form the complete architecture of an application, with separate containers for the database vs. web tiers, for example.
If you’re looking to deploy one of the available template options like Wordpress or Drupal, you’ll have it working with a single click in seconds flat. However, you can also choose to define your own custom templates to use and even add custom repositories to search as the Panamax community grows. There’s no easier or faster way to start using Docker containers than with Panamax, and it’s built to leverage the power and scale of CoreOS.
Have a server already? Install Docker! Curious about CoreOS? Provision it! Feeling overwhelmed? Try Panamax. With CenturyLink Cloud, you’ve got lots of ways to get started using Docker right now, so no more excuses! Sign up for a CenturyLink Cloud account today and add containers to your repertoire of application deployment options today and start enjoying their power, performance, and portability.
Related Resources: Cloud Server, Private Cloud, Object Storage, Cloud Orchestration
New cloud node in Toronto gives customers more choice and flexibility for Canadian-based cloud services
The CenturyLink Cloud global footprint expansion continues.
Today, we’re excited to give customers a new public cloud deployment option in Canada. Effective immediately, customers can deploy and manage virtual resources in our “CA3” cloud node in our CenturyLink Toronto “TR1” facility.
For businesses based in Canada, and those that do business in Canada – this new CenturyLink Cloud node offers several benefits: data sovereignty (for compliance), performance (host your apps close to your users) and the best aspects of having the CenturyLink Cloud available in a CenturyLink facility:
- Scale. The CA3 node is built to handle the pent-up demand for cloud services in Canada.
- Advanced connectivity. CenturyLink customers who already deploy resources in our TR1 location can now connect existing infrastructure to our public cloud offering. Customers using nearby TR3, our new Toronto data center opening later this year, will also be able to take advantage of this capability.
- Self-service access to a robust set of cloud services.Users have Lots of options to build and manage enterprise cloud environments, including Hyperscale instances with 100% flash storage for Hadoop and NoSQL workloads.
Have additional questions? We’ve got answers!
What cloud services are available in this location?
Our new CA3 facility boasts the full CenturyLink Cloud product catalog, including:
- Compute. Deploy servers with custom CPU and RAM dimensions. Recent benchmarking results by third parties show how powerful our servers are – see for yourself here.
- Storage. Block storage for app data. Customers can opt for our premium storage option that auto-replicates data from our Toronto facility to our Vancouver location. This provides geo-redundancy and preserves data sovereignty for mission-critical workloads. Object storage is not available in this facility, but it is available in Canada.
- Networking. Create and manage complex network topologies all via self-service - load balancers, VPNs, and firewalls.
I’m a CenturyLink customer with deployments in Toronto. What capabilities does this new node offer?
Good news – you can now extend these environments to CenturyLink Cloud via direct connect and IPSEC VPNs in some cases. This configuration delivers better performance (via ultra-low latency connections), robust security (new security add-ons are available), and lower cost (since the public Internet is bypassed, thereby lowering bandwidth fees).
Are cloud-based managed services available in this location on CenturyLink Cloud?
Today managed services on CenturyLink Cloud are available in Santa Clara and Sterling. Look for them in Canada in coming months.