Hybrid cloud is becoming a standard operating model for many organizations. But how can you realize the expected agility when there are so many challenges ahead of you? In this series of articles, we’ve dissected each challenge and proposed some corresponding solutions. Whether you’re facing security and network concerns, or integration and system management issues, it’s critical to have a proactive plan in place. This final article rounds out the discussion by looking at ways to address the issues around portability, compatibility, and your existing toolset.
Solutions to Hybrid Cloud Challenges
In many cases, a hybrid cloud is the combination of complimentary – but not identical – computing environments. This means that processes, techniques, and tools that work in one place may not work in another.
Compatibility. Gluing together two distinct environments does not come without challenges. Now, it’s possible that you have the same technology stack in both the public and private cloud environment, but the users, technology, and processes may be dissimilar!
- Move above the hypervisor. Even if your public cloud provider supports the import and export of virtual machines in a standard format, no legitimate public cloud exposes hypervisor configurations to the user. If you want to have a consistent experience in your hybrid cloud, avoid any hypervisor-level settings that won’t work in BOTH environments. Tune applications and services, and start to wean yourself off of specific hypervisors.
- Consider bimodal IT needs. If you subscribe to the idea of bimodal IT, then embrace these differences and don’t try to force a harmonization where none exists. Some traditional IT processes may not work in a public cloud. If the more agile groups at your organization are most open to using the public cloud and setting up a hybrid cloud, then cater more to their needs.
- Be open to streamline, and compromise. The self-service, pay-as-you-go, elastic model of public cloud is often in direct conflict with the way enterprise IT departments manage infrastructure. Your organization may have to loosen the reigns a bit and give up some centralized control in order to establish a successful hybrid cloud. Look over existing processes and tools, and see which will not work in a hybrid environment, and incubate ways to introduce new efficiencies.
Portability. One perceived value of a hybrid cloud is the ability to move workloads between environments as the need arises. However, that’s easier said than done.
- Review prerequisites for VM migration. A virtual machine in your own data center may not work as-is in the public cloud. Public cloud providers may have a variety of constraints around choice of Operating System, virtual machine storage size, open ports, and number of NICs.
- Embrace standards between environments. Even if virtual machines are portable, the environmental configurations typically aren’t. Network configurations, security settings, monitoring policies, and more are often tied to a specific cloud. Look to multi-cloud management tools that expose compatibility layers, or create scripting that re-creates an application in a standard way.
Tooling and Skills. Even if you have plans for all of the items above, it will be hard to achieve success without robust tooling and talented people to design and operate your hybrid cloud.
- Invest in training. Your team needs new skills to properly work in a hybrid cloud. What skills are most helpful? Your architects and developers should be well-versed in distributed web application design and know what it means to build scalable, resilient, asynchronous applications. Operations staff should get familiar with configuration management tools and the best practices for repeatedly building secure cloud environments.
- Get hands on experience. Even if you’re using a private cloud hosted by someone else, don’t outsource the setup! Participate in the hybrid cloud buildout and find some initial projects to vet the environment and learn some do’s and don’ts..
- Modernize your toolset. The tools that you used to develop and manage applications 5-10 years ago aren’t the ones that will work best in the (hybrid) cloud today, let alone 5-10 years from now. Explore NoSQL databases that excel in distributed environments, use lightweight messaging systems to pass data around the hybrid cloud, try out configuration management platforms, and spend time with continuous deployment tools that standardize releases.
Taking the Next Steps
Hybrid cloud can be a high risk, high reward proposition. If you do it wrong, you end up with a partially useful but frustratingly mediocre environment that doesn’t stop the growth of shadow IT in the organization. However, if you build a thoughtfully integrated hybrid cloud, developers will embrace it, and your organization can realize new efficiencies and value from IT services. How can CenturyLink help? We offer an expansive public cloud, a powerful private cloud, and a team of engineers who can help you design and manage your solutions.
Many organizations are adopting hybrid clouds – a bridge of public and private cloud environments – but there are many pitfalls along the way. In the first part of this article series, we looked at the challenges that any organization faces in their hybrid cloud journey. Now it’s time to see how to overcome these challenges. In this second of four articles, we will revisit the first set of hybrid cloud challenges and discuss strategies for success.
Solutions to Hybrid Cloud Challenges
Lasting success with a hybrid cloud requires strategic planning, investment, and yes, some compromise. By definition, you are using services that are outside of your control. Hence, existing processes and technologies may need to be revisited if you want meaningful integration and the flood of efficiencies that follow.
Keep in mind that every part of your organization cannot accommodate the same level of change associated with a hyper-efficient hybrid cloud. Lydia Leong of Gartner points out that organizations with “bimodal IT” – where pockets of traditional IT and agile IT co-exist – are most successful when they do NOT have a universal set of processes, tools, and skills. If your IT organization is bimodal, consider which parts of the organization are most equipped to take advantage of a hybrid cloud, and align more closely to their way of working.
Let’s jump in.
Security. How do we handle the myriad of security challenges in a hybrid cloud? Piece by piece, and with some overarching principles in mind. I like how Trend Micro’s Mark Nunnikhoven put it in a recent article on cloud security: adopt a shared responsibility model where you “trust but verify” the portion of the cloud run by others, and shift the security controls to areas you own. What are some specific things you should do?
- Incorporate single sign on (SSO). One of the best things you can do for hybrid cloud adoption is make access easy! Not only does SSO increase user satisfaction, it creates a more secure environment. Employees have fewer passwords to remember, and access to the cloud platform is controlled by a shared identity store.
- Assess data encryption options. Clouds often provide varying levels of data encryption support, so assess what solutions you can bring to the table. Consider agent-based solutions that encrypt and decrypt virtual machine volumes and give YOU control over the encryption key. In this case, you can likely use the same solution across public and private environments.
- Provision hardened machines via automation. One of the easiest ways for users to breach all your well-intentioned “secure computing” guidelines is to manually configure resources. To avoid human error, use automated provisioning solutions. Whether your cloud has a build automation engine like CenturyLink Cloud Blueprints, or you use popular configuration management tools like Chef, look for ways to turn provisioning into a repeatable activity through automation. This way, you can have confidence that important monitoring agents are installed, unnecessary ports are closed, and only required services are running.
- Monitor key activities. Don’t let your public cloud provider be a passive participant in your overall security governance process! Use APIs (and webhooks, if you’re using CenturyLink Cloud) to find out when new users are added to the cloud, and what permissions they have. Regularly extract your organization’s public cloud audit trail and load into a data warehouse for correlation and analysis.
- Leverage managed services to offload responsibility. Whether you have a large or small fleet of servers to manage, ongoing maintenance is a big part of staying secure. Servers need to be patched, upgraded, and monitored frequently. If you’re concerned that your existing staff can’t take on management of the public cloud servers in a hybrid environment, look at using managed services to shift that responsibility to your cloud provider.
Networking. Networking is one of the most important – and difficult – aspects of hybrid cloud configuration. Why is it difficult? It so easy to take things for granted when working solely with a local, closed network with geographically-coupled resources.
- Co-locate chatty application components. You know that high performing system sitting in your data center? How well does it work when some components are in the public cloud and some reside in your private environment? A hybrid cloud can expose applications that require a lot of back-and-forth communication that degrades over long distances. For applications like this, commit to putting them entirely in one environment or another.
- Be flexible on IP ranges. While some clouds let you add public servers to a specific subnet, you may be forced to use the cloud provider’s IP address space. Work with your cloud provider to design a topology that provides the most trust and continuity between your networks, even if IP ranges differ.
- Don’t abandon good isolation practices. System administrators are used to crafting a network layout that puts servers with similar isolation needs on the same VLAN. Try to follow this practice throughout your hybrid cloud environment by using the same rigor in your public cloud.
- Establish network trust and keep the front door closed. You know what’s not a good idea? Putting a public IP address on a server and doing remote administration through well known ports. This sloppy practice opens you up to hack attempts! Make sure that your hybrid cloud is configured with persistent, secure connectivity between environments. Look for site to site VPNs, MPLS connectivity, or even cross connects to establish trust. Then, developers and administrators can access servers through the private network and keep the public attack surface to a minimum.
A well-built hybrid cloud helps you deliver services efficiently, securely, and at scale. Security and network challenges are just two of the many areas to focus on when planning a hybrid cloud. In the next article, we’ll share tips for application integration and system management. Looking for help with your hybrid cloud plans? Reach out to us and we can help you design the solution that meets you need!
Public cloud is an important part of enterprise IT. Why? Self-service. APIs. Automation. Access to new features regularly. Global reach. Outsourcing of infrastructure management. OpEx consumption.
But it’s not the be-all, end-all.
Enterprise apps will always require a range of infrastructure options – Hybrid IT – including bare metal, traditional hosting…and private cloud.
The private cloud market is relatively immature (more on this in a forthcoming blog post). The more we looked at this segment, the more we saw an opportunity to offer customers a unique value proposition.
“You got chocolate in my peanut butter…”
With CenturyLink Private Cloud, we’ve combined our approach to public cloud with the most important elements of a private cloud.
Public cloud-style agility, scale, and automation – running on dedicated hardware with physical isolation. Available in over 55 data centers worldwide. That’s CenturyLink Private Cloud.
We spare customers from the drudgery of infrastructure management, while offering more control over what truly matters: everything that happens from the platform up.
For example, administrators dictate who has access to the pod and what they can do on it – while wielding complete authority to govern how the node is used day-to-day. If an instance in the public cloud is an apartment in a large building, CenturyLink Private Cloud makes you the landlord, where you handpick the tenants as you see fit.
Most importantly, the product offers this enhanced control without compromising self-service, scale, and automation.
Ten Ways CenturyLink Simplifies Private Cloud
Let’s step through ten important CenturyLink Private Cloud product attributes, and how they make life easier:
- Dedicated hardware & physical isolation. Compute, storage, and network are all dedicated to you, physically isolated from other deployments. Table stakes for a private cloud.
- We’ll Deploy Where You Want. Place your node close to employees, users, or partners, in over 55 of our state-of-the-art data centers. You get unparalleled geographic flexibility and support for advanced networking and geographic flexibility. Plus, this helps us offer the best SLAs possible, compared to customer premises models.
- Administrative control of your users and their deployments, with an enterprise permissions model. IT already has a way they want segment access across a global employee base. We help you do that with point-and-click ease at a granular level.
- Easy oversight and day-to-day management of deployed apps. Our management interface – the Control Portal – is a breakthrough experience for managing cloud environments at scale. In way less time that you thought possible.
- Self-service access. This is why employees turned to public cloud in the first place – servers in minutes, so they can get on with their jobs. CenturyLink Private Cloud offers self-service to users via our Control Portal and with an API.
- Chargebacks, governance & detailed internal usage tracking. As IT aligns closer with the business, chargebacks and showbacks become crucial to embracing cloud. Our built-in account hierarchies and granular invoices combine to offer you unprecedented detail to your employees about their usage.
- 99.99% SLAs & CenturyLink Cloud management of infrastructure. The point of cloud is to get out of the infrastructure management, remember? Private cloud doesn’t change that. We have deep expertise in running cloud at scale, and that expertise goes to work for you here.
- Elastic compute, storage, and network. Sure, capacity is fixed within the physical environment. But you can ratchet resources up and down for each app that’s hosted there. And our Service Engineering team will help you capacity plan as you go.
- Regular access to new features and innovation. Our private cloud is updated with new features every 21 business days, just like our public cloud. And because of our DevOps expertise, the downtime for your apps is negligible. So when we add new features (like Group-based autoscaling), private cloud customers have them at the same time. The update schedule for most other public clouds – let alone the other private cloud vendors – is not nearly as aggressive as what CenturyLink offers.
- OpEx model consumption. CenturyLink Private Cloud is a pure operational expense, offering flexibility and freedom when compared to capital-intensive alternatives.
One other element of why we think this approach works so well – CenturyLink Private Cloud is federated into our public cloud network. That means that hybrid configurations become dramatically simpler. Deploy apps across our public nodes and your private nodes, just like you would any other multi-data center configuration (even using Blueprints if you want!). Create firewall rules to govern access between public and private.
Hybrid IT has been a big focus for CenturyLink in the recent past, and it’s intensifying.
CenturyLink Private Cloud is a product will appeal to those enterprises that want a “transformational private cloud” (using Forrester’s excellent private cloud framework), where the goal is control and agility.
Want to know more? Check out the product page, or reach out to our private cloud sales team. We are looking forward to helping you advance your cloud strategy!
CIOs are adopting the hybrid cloud paradigm in droves, as we recently pointed out in a Forbes.com contributing article. As public cloud adoption continues to surge, organizations are turning their attention to connecting public compute resources to infrastructure residing in on-premises data centers. Can you just set up a VPN between the sites and call it a day? Hardly. Establishing a meaningful hybrid cloud requires considerate planning across many dimensions. How will you secure it? What does it mean to maintain services across organizational boundaries? Are workloads portable between environments? In this first of four blog articles, we’ll look at some of the biggest challenges that you’ll face as you set up a hybrid cloud environment.
What Challenges Will You Face?
Any vendor or consultant who promises a “seamless and straightforward” hybrid cloud is not being realistic. There are technical, cultural, and logistical challenges that await you. Let’s discuss a few that you should prepare for.
Security. This is usually the first item in any list regarding cloud computing, so why not this one too? As you plan out or mature your hybrid cloud, issues like compliance, identity management, and data protection will be front and center. Can you ensure data sovereignty policies are followed once a workload leaves your local infrastructure? Does your cloud environment require unique credentials that don’t meet your corporate complexity requirements? Do users of your public cloud environment have more permission than they should, especially compared to your private cloud? “Security” is an umbrella term for a wide range of considerations that may impact your vendor choice and implementation strategy.
Networking. Meaningful hybrid integration requires thoughtful network design. What is the impact of latency between the public cloud location(s) and your private infrastructure? Do you have chatty applications that will struggle to work over wide area networks? Is there proper bandwidth for transferring large data sets? Can the hybrid network topology use your existing IP blocks? Do the same network security appliances you leverage in your private cloud work in the public environment? Cloud providers are increasingly offering sophisticated networking options, but you’ll likely find it challenging to natively extend your existing topology to the cloud.
Data and Application Integration. This is one of the first areas of integration between public and private environments that organizations focus on, but you still will face challenges when doing hybrid integration. Does the public cloud platform throttle inbound queries? Can you use the same patterns and tools to move data or process business events regardless of where the application resides? Can applications gracefully handle downtime of individual components that reside in different parts of the hybrid cloud? It’s wonderful to have a choice of which workloads to run where, but the nature of the integration with that workload may be a deciding factor in selecting a host.
System Management. Lifecycle management of hybrid cloud systems can be gruesome if done incorrectly. How can you do effective configuration management when infrastructure resources are provisioned in a self-service fashion across environments? Are you capable of securing and patching servers that sit across multiple environments? The nature of capacity planning changes when dealing with elastic resource pools, but nothing is truly infinite. Each environment has unique, natural constraints that have to be taken into account when assessing planned usage. When it comes to monitoring, all environments aren’t equal. The public cloud environments may only track a subset of monitors that you are used to capturing, and you might be faced with using multiple tools for monitoring system health. Depending on how tightly you’ve set up your network integration, it may not be possible to monitor, configure, or administer cloud servers with the same tools and processes you use for the private cloud.
Compatibility. There’s a good chance that your public and private clouds are running different infrastructure and software stacks. If you have an existing dependency on a particular hypervisor, you may face challenges when dealing with a public cloud that uses a different hypervisor – or doesn’t expose one to you at all! Can you use the same change management processes across your hybrid cloud, or are each unique depending on the provider? Core services and capabilities will probably differ greatly in a hybrid environment as a web-scale public cloud environment is inherently built differently than most any private cloud. Check your expectations with regards to compatibility, and expect to face challenges when the inevitable mismatch surfaces.
Portability. Is portability a holy grail of private cloud? To be sure, many start down the hybrid cloud path with visions of moving workloads easily between hosts as the business need dictates. Moving virtual machines and applications between clouds has gotten easier, but you will struggle to move metadata and configurations seamlessly between environments. If the hybrid cloud is based on identical platforms on both ends, this wont’ be as big of a challenge, but if there’s any compatibility mismatch, this will turn into an area of frustration.
Tooling and Skills. Hybrid cloud skills – and cloud skills in general – are in high demand. Some are finding it very difficult to find people with the architectural skills needed to deploy a successful hybrid cloud. A hybrid cloud plan requires expertise in infrastructure configuration, network architecture, application design, and business process automation. Do you have the skills and courage necessary to remake IT in a way that can advantage of the new cloud model? Gartner points out the difficulty of the cultural transformation needed to take advantage of private and hybrid clouds.
Certainly the technologies to deliver private cloud are relatively immature and evolving, and many enterprises find that custom work is required to meet their needs, but much more difficult are the transformational adjustments needed to use the technology. Cloud services require operational processes that are designed for speed and customized for the services offered. An ingrained IT culture focused on technical expertise doesn’t fit a fully automated, self-service model that requires a service-oriented, team approach.
Even if this transformation is under way, you’ll be challenged to find tools that offer the same capabilities across clouds. Ideally you can employ the same tools that your organization has already invested in, but it may be difficult to avoid new tools (and training) required to properly deliver hybrid cloud services.
Setting Yourself Up for Success
A hybrid cloud brings all sorts of complexity along with its tangible business benefits. Organizations are adopting hybrid clouds because they need the agility that the cloud paradigm brings. However, it takes thoughtful consideration and ongoing effort to stand up a maintainable, functional, integrated hybrid cloud that delivers on its promised efficiency. The good news is that there are answers to each of the challenges listed above! Join us for part two of this series where we provide some practical solutions to each challenge you face on your hybrid cloud journey.
Last year, we made 12 predictions about what would happen in the cloud space in 2013. As the year comes to a close, it’s only fair for us to assess our hits and misses to see how well we did.
Recap and Scorecard
PREDICTION #1: 2013 will be the year of cloud management software.
REALITY: Hit. We saw this come true on multiple fronts. First, cloud management providers Enstratius and ServiceMesh were acquired by Dell and CSC, respectively. Tier 3 – known for the sophisticated management software that runs our IaaS – was acquired by CenturyLink. On top of this, Gartner estimates that a new vendor enters the cloud management space every month, and nearly every cloud provider is constantly beefing up their own management offerings. This shows the strategic value of comprehensive management capabilities in a cloud portfolio. Customer adoption of these platforms is also on the rise and Gartner sees 60% of Global 2000 enterprises using cloud management technology (up from 30% in 2013).
PREDICTION #2: While the largest cloud providers duke it out on price and scale, smaller cloud providers see that enterprise adoption really depends on tight integration with existing tools and processes.
REALITY: Mixed. Of course, cloud prices definitely declined in 2013 and massive scale continued to be a key selling point. Hybrid cloud picked up momentum this year as more companies looked to establish an IT landscape that leveraged on-premises assets while taking advantage of cloud scale. In order to maximize the efficiency of hybrid scenarios, companies need consistency in processes and tools. While cloud management platforms have helped with this a bit, there wasn’t a wholesale move by cloud providers to seamlessly integrate their core offerings with established products.
PREDICTION #3: Enterprises move from pilots to projects, and architecture takes a front seat.
REALITY: Hit. There’s been much less gnashing of teeth on “should I use the cloud” this year, and much more discussion about how to capitalize on the cloud. We’ve seen our customers move to more substantial solutions and ask for more sophisticated capabilities, such as self-service networking. Throughout the industry, we’re seeing more enterprise-class case studies where customers are putting mission critical workloads in the cloud. However, outages still occur on any cloud, and providers are publishing guidelines on how to properly architect for high availability. The recent AWS conference was full of sessions on architecture best practices, and developers are hungry for information about how those best practices are applied.
PREDICTION #5: Standalone, public PaaS offerings will be slow to gain enterprise adoption.
REALITY: Hit. In 2013 we saw renewed discussion on what PaaS actually is and what it SHOULD be. Longtime PaaS providers Microsoft and Google added IaaS products to their portfolio, while smaller firms like Apprenda saw success in private PaaS. Our sister company, AppFog, has launched over 100,000 apps, including some impressive enterprise deployments. Former Tier 3 colleague Adron Hall asked whether PaaS was still “a thing” or whether new container technologies like Docker were going to replace it. However, as some like our own Jared Wray and Red Hat’s Krish Subramanian have said, PaaS is about more than JUST application containers. A rich PaaS also includes the orchestration, management, and services that make it a valuable platform for web applications of any type. Either way, PaaS is still in its infancy and will continue to morph as customer scenarios take shape.
PREDICTION #6: Public goes private.
REALITY: Mixed. There were hints of this in 2013 as Amazon won a bid to win a private cloud for the CIA (and for you too if you have half a billion sitting around!), Microsoft offered a “pack” for making on-premises environments resemble their public cloud, and platforms like OpenStack gained traction as a private cloud alternative. We continued to make advances in supporting private scenarios by adding self-service site-to-site VPN capabilities to an already-robust set of connectivity options. I gave this a “mixed” score because as a whole, public cloud providers don’t yet (and may never) make it simple to run their stack in a private data center for mainstream enterprises.
PREDICTION #7: Cloud providers embrace alternate costing models.
REALITY: Hit. 2013 saw some changes to how cloud customers paid for resources. We modified our pricing to decouple some components while still making it easy to provision exactly the amount of CPU, memory and storage that you need for a given server. Google and Microsoft both launched their IaaS clouds with “per minute” pricing for compute resources. Cloud providers have yet to move to a “pay for consumption instead of allocation” model for things like storage, but overall we’ve seen a maturation of pricing considerations in 2013.
PREDICTION #8: While portability will increase at the application and hypervisor layer, middleware and environment metadata will remain more proprietary.
REALITY: Mixed. We might have been too pessimistic last year! DevOps tools have flourished in 2013 and platform adapters have made it possible to move workloads between clouds without a massive re-architecture effort. To be sure, code portability is still MUCH simpler than environment portability. Each cloud provider has their own value-added services that rarely transfer easily to other locations, and no clear IaaS standard has emerged. However, platforms like OpenStack are attempting to make cloud portability a reality, and the increasing prevalence of public APIs makes it possible for tools like Pivotal’s BOSH or Chef to orchestrate deployments in diverse provider environments.
PREDICTION #9: Global expansion takes center stage.
REALITY: Hit. One of the first questions we hear from prospective customers is “where are your data centers?” This year, almost all of the leading cloud providers expanded their footprint around the globe. For our part, we added data centers in Canada, the UK, and Germany. Now, as part of CenturyLink, we have major expansion plans in 2014.
PREDICTION #10: IaaS providers who don’t court developers get left behind.
REALITY: Hit. In 2013, Stephen O’Grady wrote that developers are the “new kingmakers” and this was reinforced by Gartner analyst Lydia Leong who wrote that IT operations no longer has a monopoly on cloud procurement. Developers are now running the show – bringing in vendors that meet their unique criteria. Consequently, a new crop of developer-centric cloud providers has popped up. While they don’t offer managed services or sophisticated resource management, they DO help developers get going quickly in the cloud. We wooed developers with new self-service capabilities, API improvements, and with new features like Autoscale and webhooks. Developers will continue to be a focus for us at CenturyLink and we plan on continuing our regular Open Source contributions!
PREDICTION #11: Clouds that cannot be remotely managed through an API will fall behind.
REALITY: Hit. APIs are the gateway to modern services and allow ecosystems to flourish. Consider the vibrant crop of cloud management platforms discussed in prediction #1. And that is just one small example. The vast majority of clouds listed in Gartner’s 2013 Magic Quadrant for Cloud Infrastructure have public, comprehensive APIs that developers can use to consume the cloud in whatever way they want. In 2013, we started an effort to replace our existing API with an even more expansive offering that offers complete parity with our industry leading Control Portal user interface. That effort will continue into the next year. When complete, a new host of capabilities will be accessible for CenturyLink, our partners, and mostly important, our customers.
PREDICTION #12: Usability and self-service become table stakes for cloud providers.
REALITY: Mixed. In 2013, we seemed to hit the point where “clouds that aren’t really clouds” struggled as the market began to demand more. Customers expected more and more self-service capabilities, and Tier 3 – along with most every other major provider – focused heavily on that in 2013. Platform usability was a lesser focus this year. While new clouds from Microsoft and Google included relatively straightforward user experiences, few providers made any massive visual improvements. While the CenturyLink Cloud continues to be lauded for an easy to use, powerful interface, we haven’t stood still. A major redesign is underway that will surface more data, simplify activities, and improve performance.
2013 was an important year in the maturation of the cloud industry. New vendors were introduced, popular platforms were acquired, and consumption of cloud services skyrocketed. What will happen in 2014? Stay tuned for our predictions!