Recognizing the Challenges of Hybrid Cloud – Part IV

Hybrid cloud is becoming a standard operating model for many organizations. But how can you realize the expected agility when there are so many challenges ahead of you? In this series of articles, we’ve dissected each challenge and proposed some corresponding solutions. Whether you’re facing security and network concerns, or integration and system management issues, it’s critical to have a proactive plan in place. This final article rounds out the discussion by looking at ways to address the issues around portability, compatibility, and your existing toolset.

Solutions to Hybrid Cloud Challenges

In many cases, a hybrid cloud is the combination of complimentary – but not identical – computing environments. This means that processes, techniques, and tools that work in one place may not work in another.

Compatibility. Gluing together two distinct environments does not come without challenges. Now, it’s possible that you have the same technology stack in both the public and private cloud environment, but the users, technology, and processes may be dissimilar!

  • Move above the hypervisor. Even if your public cloud provider supports the import and export of virtual machines in a standard format, no legitimate public cloud exposes hypervisor configurations to the user. If you want to have a consistent experience in your hybrid cloud, avoid any hypervisor-level settings that won’t work in BOTH environments. Tune applications and services, and start to wean yourself off of specific hypervisors.
  • Consider bimodal IT needs. If you subscribe to the idea of bimodal IT, then embrace these differences and don’t try to force a harmonization where none exists. Some traditional IT processes may not work in a public cloud. If the more agile groups at your organization are most open to using the public cloud and setting up a hybrid cloud, then cater more to their needs.
  • Be open to streamline, and compromise. The self-service, pay-as-you-go, elastic model of public cloud is often in direct conflict with the way enterprise IT departments manage infrastructure. Your organization may have to loosen the reigns a bit and give up some centralized control in order to establish a successful hybrid cloud. Look over existing processes and tools, and see which will not work in a hybrid environment, and incubate ways to introduce new efficiencies.

Portability. One perceived value of a hybrid cloud is the ability to move workloads between environments as the need arises. However, that’s easier said than done.

  • Review prerequisites for VM migration. A virtual machine in your own data center may not work as-is in the public cloud. Public cloud providers may have a variety of constraints around choice of Operating System, virtual machine storage size, open ports, and number of NICs.
  • Embrace standards between environments. Even if virtual machines are portable, the environmental configurations typically aren’t. Network configurations, security settings, monitoring policies, and more are often tied to a specific cloud. Look to multi-cloud management tools that expose compatibility layers, or create scripting that re-creates an application in a standard way.

Tooling and Skills. Even if you have plans for all of the items above, it will be hard to achieve success without robust tooling and talented people to design and operate your hybrid cloud.

  • Invest in training. Your team needs new skills to properly work in a hybrid cloud. What skills are most helpful? Your architects and developers should be well-versed in distributed web application design and know what it means to build scalable, resilient, asynchronous applications. Operations staff should get familiar with configuration management tools and the best practices for repeatedly building secure cloud environments.
  • Get hands on experience. Even if you’re using a private cloud hosted by someone else, don’t outsource the setup! Participate in the hybrid cloud buildout and find some initial projects to vet the environment and learn some do’s and don’ts..
  • Modernize your toolset. The tools that you used to develop and manage applications 5-10 years ago aren’t the ones that will work best in the (hybrid) cloud today, let alone 5-10 years from now. Explore NoSQL databases that excel in distributed environments, use lightweight messaging systems to pass data around the hybrid cloud, try out configuration management platforms, and spend time with continuous deployment tools that standardize releases.

Taking the Next Steps

Hybrid cloud can be a high risk, high reward proposition. If you do it wrong, you end up with a partially useful but frustratingly mediocre environment that doesn’t stop the growth of shadow IT in the organization. However, if you build a thoughtfully integrated hybrid cloud, developers will embrace it, and your organization can realize new efficiencies and value from IT services. How can CenturyLink help? We offer an expansive public cloud, a powerful private cloud, and a team of engineers who can help you design and manage your solutions.

Recognizing the Challenges of Hybrid Cloud – Part II

Many organizations are adopting hybrid clouds – a bridge of public and private cloud environments – but there are many pitfalls along the way. In the first part of this article series, we looked at the challenges that any organization faces in their hybrid cloud journey. Now it’s time to see how to overcome these challenges. In this second of four articles, we will revisit the first set of hybrid cloud challenges and discuss strategies for success.

Solutions to Hybrid Cloud Challenges

Lasting success with a hybrid cloud requires strategic planning, investment, and yes, some compromise. By definition, you are using services that are outside of your control. Hence, existing processes and technologies may need to be revisited if you want meaningful integration and the flood of efficiencies that follow.

Keep in mind that every part of your organization cannot accommodate the same level of change associated with a hyper-efficient hybrid cloud. Lydia Leong of Gartner points out that organizations with “bimodal IT” – where pockets of traditional IT and agile IT co-exist – are most successful when they do NOT have a universal set of processes, tools, and skills. If your IT organization is bimodal, consider which parts of the organization are most equipped to take advantage  of a hybrid cloud, and align more closely to their way of working.

Let’s jump in.

Security. How do we handle the myriad of security challenges in a hybrid cloud? Piece by piece, and with some overarching principles in mind. I like how Trend Micro’s Mark Nunnikhoven put it in a recent article on cloud security: adopt a shared responsibility model where you “trust but verify” the portion of the cloud run by others, and shift the security controls to areas you own. What are some specific things you should do?

  • Incorporate single sign on (SSO). One of the best things you can do for hybrid cloud adoption is make access easy! Not only does SSO increase user satisfaction, it creates a more secure environment. Employees have fewer passwords to remember, and access to the cloud platform is controlled by a shared identity store.
  • Assess data encryption options. Clouds often provide varying levels of data encryption support, so assess what solutions you can bring to the table. Consider agent-based solutions that encrypt and decrypt virtual machine volumes and give YOU control over the encryption key. In this case, you can likely use the same solution across public and private environments.
  • Provision hardened machines via automation. One of the easiest ways for users to breach all your well-intentioned “secure computing” guidelines is to manually configure resources. To avoid human error, use automated provisioning solutions. Whether your cloud has a build automation engine like CenturyLink Cloud Blueprints, or you use popular configuration management tools like Chef, look for ways to turn provisioning into a repeatable activity through automation. This way, you can have confidence that important monitoring agents are installed, unnecessary ports are closed, and only required services are running.
  • Monitor key activities. Don’t let your public cloud provider be a passive participant in your overall security governance process! Use APIs (and webhooks, if you’re using CenturyLink Cloud) to find out when new users are added to the cloud, and what permissions they have. Regularly extract your organization’s public cloud audit trail and load into a data warehouse for correlation and analysis.
  • Leverage managed services to offload responsibility. Whether you have a large or small fleet of servers to manage, ongoing maintenance is a big part of staying secure. Servers need to be patched, upgraded, and monitored frequently. If you’re concerned that your existing staff can’t take on management of the public cloud servers in a hybrid environment, look at using managed services to shift that responsibility to your cloud provider.

Networking. Networking is one of the most important – and difficult – aspects of hybrid cloud configuration. Why is it difficult? It so easy to take things for granted when working solely with a local, closed network with geographically-coupled resources.

  • Co-locate chatty application components. You know that high performing system sitting in your data center? How well does it work when some components are in the public cloud and some reside in your private environment? A hybrid cloud can expose applications that require a lot of back-and-forth communication that degrades over long distances. For applications like this, commit to putting them entirely in one environment or another.
  • Be flexible on IP ranges. While some clouds let you add public servers to a specific subnet, you may be forced to use the cloud provider’s IP address space. Work with your cloud provider to design a topology that provides the most trust and continuity between your networks, even if IP ranges differ.
  • Don’t abandon good isolation practices. System administrators are used to crafting a network layout that puts servers with similar isolation needs on the same VLAN. Try to follow this practice throughout your hybrid cloud environment by using the same rigor in your public cloud.
  • Establish network trust and keep the front door closed. You know what’s not a good idea? Putting a public IP address on a server and doing remote administration through well known ports. This sloppy practice opens you up to hack attempts! Make sure that your hybrid cloud is configured with persistent, secure connectivity between environments. Look for site to site VPNs, MPLS connectivity, or even cross connects to establish trust. Then, developers and administrators can access servers through the private network and keep the public attack surface to a minimum.

What’s Next?

A well-built hybrid cloud helps you deliver services efficiently, securely, and at scale. Security and network challenges are just two of the many areas to focus on when planning a hybrid cloud. In the next article, we’ll share tips for application integration and system management. Looking for help with your hybrid cloud plans? Reach out to us and we can help you design the solution that meets you need!

CenturyLink Makes Massive Private Cloud Massively Easy - Deploy in Over 55 Locations in 7 Countries

Public cloud is an important part of enterprise IT.  Why?  Self-service.  APIs.  Automation.  Access to new features regularly.  Global reach. Outsourcing of infrastructure management.  OpEx consumption.

But it’s not the be-all, end-all.

Enterprise apps will always require a range of infrastructure options – Hybrid IT – including bare metal, traditional hosting…and private cloud.

The private cloud market is relatively immature (more on this in a forthcoming blog post).  The more we looked at this segment, the more we saw an opportunity to offer customers a unique value proposition.

“You got chocolate in my peanut butter…”

With CenturyLink Private Cloud, we’ve combined our approach to public cloud with the most important elements of a private cloud.

Public cloud-style agility, scale, and automation – running on dedicated hardware with physical isolation.  Available in over 55 data centers worldwide.  That’s CenturyLink Private Cloud.

We spare customers from the drudgery of infrastructure management, while offering more control over what truly matters: everything that happens from the platform up.

For example, administrators dictate who has access to the pod and what they can do on it – while wielding complete authority to govern how the node is used day-to-day.  If an instance in the public cloud is an apartment in a large building, CenturyLink Private Cloud makes you the landlord, where you handpick the tenants as you see fit.

Most importantly, the product offers this enhanced control without compromising self-service, scale, and automation.

Ten Ways CenturyLink Simplifies Private Cloud

Let’s step through ten important CenturyLink Private Cloud product attributes, and how they make life easier:

  1. Dedicated hardware & physical isolation. Compute, storage, and network are all dedicated to you, physically isolated from other deployments.  Table stakes for a private cloud.
  2. We’ll Deploy Where You Want.  Place your node close to employees, users, or partners, in over 55 of our state-of-the-art data centers.  You get unparalleled geographic flexibility and support for advanced networking and geographic flexibility.  Plus, this helps us offer the best SLAs possible, compared to customer premises models.
  3. Administrative control of your users and their deployments, with an enterprise permissions model. IT already has a way they want segment access across a global employee base.  We help you do that with point-and-click ease at a granular level.
  4. Easy oversight and day-to-day management of deployed apps.  Our management interface – the Control Portal – is a breakthrough experience for managing cloud environments at scale.  In way less time that you thought possible.
  5. Self-service access.  This is why employees turned to public cloud in the first place – servers in minutes, so they can get on with their jobs.  CenturyLink Private Cloud offers self-service to users via our Control Portal and with an API.
  6. Chargebacks, governance & detailed internal usage tracking. As IT aligns closer with the business, chargebacks and showbacks become crucial to embracing cloud.  Our built-in account hierarchies and granular invoices combine to offer you unprecedented detail to your employees about their usage.
  7. 99.99% SLAs & CenturyLink Cloud management of infrastructure.  The point of cloud is to get out of the infrastructure management, remember?  Private cloud doesn’t change that.  We have deep expertise in running cloud at scale, and that expertise goes to work for you here.
  8. Elastic compute, storage, and network.  Sure, capacity is fixed within the physical environment.  But you can ratchet resources up and down for each app that’s hosted there.  And our Service Engineering team will help you capacity plan as you go.
  9. Regular access to new features and innovation.  Our private cloud is updated with new features every 21 business days, just like our public cloud.  And because of our DevOps expertise, the downtime for your apps is negligible.  So when we add new features (like Group-based autoscaling), private cloud customers have them at the same time.  The update schedule for most other public clouds – let alone the other private cloud vendors – is not nearly as aggressive as what CenturyLink offers.
  10. OpEx model consumption.  CenturyLink Private Cloud is a pure operational expense, offering flexibility and freedom when compared to capital-intensive alternatives.

One other element of why we think this approach works so well – CenturyLink Private Cloud is federated into our public cloud network.  That means that hybrid configurations become dramatically simpler.  Deploy apps across our public nodes and your private nodes, just like you would any other multi-data center configuration (even using Blueprints if you want!).  Create firewall rules to govern access between public and private.

Hybrid IT has been a big focus for CenturyLink in the recent past, and it’s intensifying.

CenturyLink Private Cloud is a product will appeal to those enterprises that want a “transformational private cloud” (using Forrester’s excellent private cloud framework), where the goal is control and agility.

Want to know more?  Check out the product page, or reach out to our private cloud sales team.  We are looking forward to helping you advance your cloud strategy!

Recognizing the Challenges of Hybrid Cloud – Part I

CIOs are adopting the hybrid cloud paradigm in droves, as we recently pointed out in a contributing article. As public cloud adoption continues to surge, organizations are turning their attention to connecting public compute resources to infrastructure residing in on-premises data centers. Can you just set up a VPN between the sites and call it a day? Hardly. Establishing a meaningful hybrid cloud requires considerate planning across many dimensions. How will you secure it? What does it mean to maintain services across organizational boundaries? Are workloads portable between environments? In this first of four blog articles, we’ll look at some of the biggest challenges that you’ll face as you set up a hybrid cloud environment.

What Challenges Will You Face?

Any vendor or consultant who promises a “seamless and straightforward” hybrid cloud is not being realistic. There are technical, cultural, and logistical challenges that await you. Let’s discuss a few that you should prepare for.

Security. This is usually the first item in any list regarding cloud computing, so why not this one too? As you plan out or mature your hybrid cloud, issues like compliance, identity management, and data protection will be front and center. Can you ensure data sovereignty policies are followed once a workload leaves your local infrastructure? Does your cloud environment require unique credentials that don’t meet your corporate complexity requirements? Do users of your public cloud environment have more permission than they should, especially compared to your private cloud? “Security” is an umbrella term for a wide range of considerations that may impact your vendor choice and implementation strategy. 

Networking. Meaningful hybrid integration requires thoughtful network design. What is the impact of latency between the public cloud location(s) and your private infrastructure? Do you have chatty applications that will struggle to work over wide area networks? Is there proper bandwidth for transferring large data sets? Can the hybrid network topology use your existing IP blocks? Do the same network security appliances you leverage in your private cloud work in the public environment? Cloud providers are increasingly offering sophisticated networking options, but you’ll likely find it challenging to natively extend your existing topology to the cloud.

Data and Application Integration. This is one of the first areas of integration between public and private environments that organizations focus on, but you still will face challenges when doing hybrid integration. Does the public cloud platform throttle inbound queries? Can you use the same patterns and tools to move data or process business events regardless of where the application resides? Can applications gracefully handle downtime of individual components that reside in different parts of the hybrid cloud? It’s wonderful to have a choice of which workloads to run where, but the nature of the integration with that workload may be a deciding factor in selecting a host.

System Management. Lifecycle management of hybrid cloud systems can be gruesome if done incorrectly. How can you do effective configuration management when infrastructure resources are provisioned in a self-service fashion across environments? Are you capable of securing and patching servers that sit across multiple environments? The nature of capacity planning changes when dealing with elastic resource pools, but nothing is truly infinite. Each environment has unique, natural constraints that have to be taken into account when assessing planned usage. When it comes to monitoring, all environments aren’t equal. The public cloud environments may only track a subset of monitors that you are used to capturing, and you might be faced with using multiple tools for monitoring system health. Depending on how tightly you’ve set up your network integration, it may not be possible to monitor, configure, or administer cloud servers with the same tools and processes you use for the private cloud.

Compatibility. There’s a good chance that your public and private clouds are running different infrastructure and software stacks. If you have an existing dependency on a particular hypervisor, you may face challenges when dealing with a public cloud that uses a different hypervisor – or doesn’t expose one to you at all! Can you use the same change management processes across your hybrid cloud, or are each unique depending on the provider? Core services and capabilities will probably differ greatly in a hybrid environment as a web-scale public cloud environment is inherently built differently than most any private cloud. Check your expectations with regards to compatibility, and expect to face challenges when the inevitable mismatch surfaces.

Portability. Is portability a holy grail of private cloud? To be sure, many start down the hybrid cloud path with visions of moving workloads easily between hosts as the business need dictates. Moving virtual machines and applications between clouds has gotten easier, but you will struggle to move metadata and configurations seamlessly between environments. If the hybrid cloud is based on identical platforms on both ends, this wont’ be as big of a challenge, but if there’s any compatibility mismatch, this will turn into an area of frustration.

Tooling and Skills. Hybrid cloud skills – and cloud skills in general – are in high demand. Some are finding it very difficult to find people with the architectural skills needed to deploy a successful hybrid cloud. A hybrid cloud plan requires expertise in infrastructure configuration, network architecture, application design, and business process automation. Do you have the skills and courage necessary to remake IT in a way that can advantage of the new cloud model? Gartner points out the difficulty of the cultural transformation needed to take advantage of private and hybrid clouds.

Certainly the technologies to deliver private cloud are relatively immature and evolving, and many enterprises find that custom work is required to meet their needs, but much more difficult are the transformational adjustments needed to use the technology. Cloud services require operational processes that are designed for speed and customized for the services offered. An ingrained IT culture focused on technical expertise doesn’t fit a fully automated, self-service model that requires a service-oriented, team approach.

Even if this transformation is under way, you’ll be challenged to find tools that offer the same capabilities across clouds. Ideally you can employ the same tools that your organization has already invested in, but it may be difficult to avoid new tools (and training) required to properly deliver hybrid cloud services.

Setting Yourself Up for Success

A hybrid cloud brings all sorts of complexity along with its tangible business benefits. Organizations are adopting hybrid clouds because they need the agility that the cloud paradigm brings. However, it takes thoughtful consideration and ongoing effort to stand up a maintainable, functional, integrated hybrid cloud that delivers on its promised efficiency. The good news is that there are answers to each of the challenges listed above! Join us for part two of this series where we provide some practical solutions to each challenge you face on your hybrid cloud journey.

Deploying Docker Containers on CenturyLink Cloud

If you’ve been reading cloud-related news lately or you follow any developers or system admins on Twitter, then you’ve undoubtedly seen the words “container”, “Docker”, and “CoreOS” written a few thousand times over the past year or so. Chatter has particularly picked up in the last few months with Docker 1.0 being released in June and CoreOS announcing their first stable release within the past few weeks. CoreOS also received an 8 million dollar investment just a couple of months ago, and Docker just got another $40 million in funding a few days ago. And just yesterday, CenturyLink joined the container party and announced the release of the open-source Docker management platform, Panamax. Developed by the recognized thought-leaders at CenturyLink Labs, Panamax was described by RedMonk principal analyst James Governor as “Docker management for humans. It dramatically simplifies multi-container app deployment.”

This is bleeding edge technology we’re talking about here, so if you haven’t heard about any of it yet, there’s no time like the present. Docker is one of the fastest-growing open-source projects ever, with more than 550 contributors and 7 million downloads in just over a year since its release. The power of Docker lies in its ability to build and deploy applications in containers, which are extremely efficient and more portable than traditional virtual machines. This is because they abstract only the operating system kernel rather than an entire device. Of course, there are plenty of places to read up and find out more information on what all the fuss is about, and none are better than our very own CenturyLink Labs blog, where the Labs team has been pumping out exceptional content about all things Docker and CoreOS for months.

But if you’re like me, you’ll never be satisfied just reading about anything – you want to try it already! If so, I’ve got good news for you. Whether you’re looking to just get your feet wet and experiment with containers or you’re feeling ready to jump right into the deep-end and start deploying applications with them, CenturyLink Cloud has got you covered. There are at least three ways you can get Docker up and running on CenturyLink Cloud right now: install Docker on a CentOS server, provision a CoreOS server running Docker, or take advantage of Panamax and make it even easier to use Docker. Whichever route you choose, all you need is a CenturyLink Cloud account to get started.

Option #1 – Installing Docker on CentOS

You might not be too familiar with CoreOS, so if you want to get started using Docker on a more familiar Linux distribution, you can easily use our Docker blueprint to install it on any CentOS server running on CenturyLink Cloud. You’ll even get the option to deploy a Hello World container so you can see a simple example of how Docker containers work and get started building your own.

CentOS Blueprint Docker CentOS Blueprint


Option #2 – Installing CoreOS

Interested in CoreOS? This lightweight Linux distribution is optimized for massive server deployments and it comes with Docker preinstalled because it’s designed specifically to run applications as containers. You can follow our step-by-step instructions or watch our how-to video for using blueprints to build a CoreOS server cluster on CenturyLink Cloud and start deploying your applications on Docker in minutes.

Option #3 – Installing Panamax on CoreOS

Maybe you like the idea of Docker and CoreOS, but you’re not a Linux expert and you’re a little afraid of getting too into the weeds on the command line. If so, CenturyLink Labs has developed just the answer for you: Panamax. Panamax is a single management platform for creating, sharing, and deploying Docker-containerized applications. By following similar steps to our CoreOS deployment above and selecting the “with Panamax” version of the blueprint, you can have a CoreOS server up and running with Panamax installed in no time, and there’s no easier way to get started with Docker.

Docker Instructions

Not only can you use Panamax to deploy images from Docker’s repository, you can also deploy complex multi-container Dockerized apps from Panamax’s Open-Source Application Template Library. Think of these templates as collections of Docker images that work together to form the complete architecture of an application, with separate containers for the database vs. web tiers, for example.

Docker Management

CentOS Docker Management


If you’re looking to deploy one of the available template options like Wordpress or Drupal, you’ll have it working with a single click in seconds flat. However, you can also choose to define your own custom templates to use and even add custom repositories to search as the Panamax community grows. There’s no easier or faster way to start using Docker containers than with Panamax, and it’s built to leverage the power and scale of CoreOS.

Panamax & Docker Portal

CentOS Server

Wordpress & Drupal On Docker

Have a server already? Install Docker! Curious about CoreOS? Provision it! Feeling overwhelmed? Try Panamax. With CenturyLink Cloud, you’ve got lots of ways to get started using Docker right now, so no more excuses! Sign up for a CenturyLink Cloud account today and add containers to your repertoire of application deployment options today and start enjoying their power, performance, and portability.

Related Resources: Cloud Server, Private Cloud, Object Storage, Cloud Orchestration