Hybrid cloud is becoming a standard operating model for many organizations. But how can you realize the expected agility when there are so many challenges ahead of you? In this series of articles, we’ve dissected each challenge and proposed some corresponding solutions. Whether you’re facing security and network concerns, or integration and system management issues, it’s critical to have a proactive plan in place. This final article rounds out the discussion by looking at ways to address the issues around portability, compatibility, and your existing toolset.
Solutions to Hybrid Cloud Challenges
In many cases, a hybrid cloud is the combination of complimentary – but not identical – computing environments. This means that processes, techniques, and tools that work in one place may not work in another.
Compatibility. Gluing together two distinct environments does not come without challenges. Now, it’s possible that you have the same technology stack in both the public and private cloud environment, but the users, technology, and processes may be dissimilar!
- Move above the hypervisor. Even if your public cloud provider supports the import and export of virtual machines in a standard format, no legitimate public cloud exposes hypervisor configurations to the user. If you want to have a consistent experience in your hybrid cloud, avoid any hypervisor-level settings that won’t work in BOTH environments. Tune applications and services, and start to wean yourself off of specific hypervisors.
- Consider bimodal IT needs. If you subscribe to the idea of bimodal IT, then embrace these differences and don’t try to force a harmonization where none exists. Some traditional IT processes may not work in a public cloud. If the more agile groups at your organization are most open to using the public cloud and setting up a hybrid cloud, then cater more to their needs.
- Be open to streamline, and compromise. The self-service, pay-as-you-go, elastic model of public cloud is often in direct conflict with the way enterprise IT departments manage infrastructure. Your organization may have to loosen the reigns a bit and give up some centralized control in order to establish a successful hybrid cloud. Look over existing processes and tools, and see which will not work in a hybrid environment, and incubate ways to introduce new efficiencies.
Portability. One perceived value of a hybrid cloud is the ability to move workloads between environments as the need arises. However, that’s easier said than done.
- Review prerequisites for VM migration. A virtual machine in your own data center may not work as-is in the public cloud. Public cloud providers may have a variety of constraints around choice of Operating System, virtual machine storage size, open ports, and number of NICs.
- Embrace standards between environments. Even if virtual machines are portable, the environmental configurations typically aren’t. Network configurations, security settings, monitoring policies, and more are often tied to a specific cloud. Look to multi-cloud management tools that expose compatibility layers, or create scripting that re-creates an application in a standard way.
Tooling and Skills. Even if you have plans for all of the items above, it will be hard to achieve success without robust tooling and talented people to design and operate your hybrid cloud.
- Invest in training. Your team needs new skills to properly work in a hybrid cloud. What skills are most helpful? Your architects and developers should be well-versed in distributed web application design and know what it means to build scalable, resilient, asynchronous applications. Operations staff should get familiar with configuration management tools and the best practices for repeatedly building secure cloud environments.
- Get hands on experience. Even if you’re using a private cloud hosted by someone else, don’t outsource the setup! Participate in the hybrid cloud buildout and find some initial projects to vet the environment and learn some do’s and don’ts..
- Modernize your toolset. The tools that you used to develop and manage applications 5-10 years ago aren’t the ones that will work best in the (hybrid) cloud today, let alone 5-10 years from now. Explore NoSQL databases that excel in distributed environments, use lightweight messaging systems to pass data around the hybrid cloud, try out configuration management platforms, and spend time with continuous deployment tools that standardize releases.
Taking the Next Steps
Hybrid cloud can be a high risk, high reward proposition. If you do it wrong, you end up with a partially useful but frustratingly mediocre environment that doesn’t stop the growth of shadow IT in the organization. However, if you build a thoughtfully integrated hybrid cloud, developers will embrace it, and your organization can realize new efficiencies and value from IT services. How can CenturyLink help? We offer an expansive public cloud, a powerful private cloud, and a team of engineers who can help you design and manage your solutions.
Many organizations are adopting hybrid clouds – a bridge of public and private cloud environments – but there are many pitfalls along the way. In the first part of this article series, we looked at the challenges that any organization faces in their hybrid cloud journey. Now it’s time to see how to overcome these challenges. In this second of four articles, we will revisit the first set of hybrid cloud challenges and discuss strategies for success.
Solutions to Hybrid Cloud Challenges
Lasting success with a hybrid cloud requires strategic planning, investment, and yes, some compromise. By definition, you are using services that are outside of your control. Hence, existing processes and technologies may need to be revisited if you want meaningful integration and the flood of efficiencies that follow.
Keep in mind that every part of your organization cannot accommodate the same level of change associated with a hyper-efficient hybrid cloud. Lydia Leong of Gartner points out that organizations with “bimodal IT” – where pockets of traditional IT and agile IT co-exist – are most successful when they do NOT have a universal set of processes, tools, and skills. If your IT organization is bimodal, consider which parts of the organization are most equipped to take advantage of a hybrid cloud, and align more closely to their way of working.
Let’s jump in.
Security. How do we handle the myriad of security challenges in a hybrid cloud? Piece by piece, and with some overarching principles in mind. I like how Trend Micro’s Mark Nunnikhoven put it in a recent article on cloud security: adopt a shared responsibility model where you “trust but verify” the portion of the cloud run by others, and shift the security controls to areas you own. What are some specific things you should do?
- Incorporate single sign on (SSO). One of the best things you can do for hybrid cloud adoption is make access easy! Not only does SSO increase user satisfaction, it creates a more secure environment. Employees have fewer passwords to remember, and access to the cloud platform is controlled by a shared identity store.
- Assess data encryption options. Clouds often provide varying levels of data encryption support, so assess what solutions you can bring to the table. Consider agent-based solutions that encrypt and decrypt virtual machine volumes and give YOU control over the encryption key. In this case, you can likely use the same solution across public and private environments.
- Provision hardened machines via automation. One of the easiest ways for users to breach all your well-intentioned “secure computing” guidelines is to manually configure resources. To avoid human error, use automated provisioning solutions. Whether your cloud has a build automation engine like CenturyLink Cloud Blueprints, or you use popular configuration management tools like Chef, look for ways to turn provisioning into a repeatable activity through automation. This way, you can have confidence that important monitoring agents are installed, unnecessary ports are closed, and only required services are running.
- Monitor key activities. Don’t let your public cloud provider be a passive participant in your overall security governance process! Use APIs (and webhooks, if you’re using CenturyLink Cloud) to find out when new users are added to the cloud, and what permissions they have. Regularly extract your organization’s public cloud audit trail and load into a data warehouse for correlation and analysis.
- Leverage managed services to offload responsibility. Whether you have a large or small fleet of servers to manage, ongoing maintenance is a big part of staying secure. Servers need to be patched, upgraded, and monitored frequently. If you’re concerned that your existing staff can’t take on management of the public cloud servers in a hybrid environment, look at using managed services to shift that responsibility to your cloud provider.
Networking. Networking is one of the most important – and difficult – aspects of hybrid cloud configuration. Why is it difficult? It so easy to take things for granted when working solely with a local, closed network with geographically-coupled resources.
- Co-locate chatty application components. You know that high performing system sitting in your data center? How well does it work when some components are in the public cloud and some reside in your private environment? A hybrid cloud can expose applications that require a lot of back-and-forth communication that degrades over long distances. For applications like this, commit to putting them entirely in one environment or another.
- Be flexible on IP ranges. While some clouds let you add public servers to a specific subnet, you may be forced to use the cloud provider’s IP address space. Work with your cloud provider to design a topology that provides the most trust and continuity between your networks, even if IP ranges differ.
- Don’t abandon good isolation practices. System administrators are used to crafting a network layout that puts servers with similar isolation needs on the same VLAN. Try to follow this practice throughout your hybrid cloud environment by using the same rigor in your public cloud.
- Establish network trust and keep the front door closed. You know what’s not a good idea? Putting a public IP address on a server and doing remote administration through well known ports. This sloppy practice opens you up to hack attempts! Make sure that your hybrid cloud is configured with persistent, secure connectivity between environments. Look for site to site VPNs, MPLS connectivity, or even cross connects to establish trust. Then, developers and administrators can access servers through the private network and keep the public attack surface to a minimum.
A well-built hybrid cloud helps you deliver services efficiently, securely, and at scale. Security and network challenges are just two of the many areas to focus on when planning a hybrid cloud. In the next article, we’ll share tips for application integration and system management. Looking for help with your hybrid cloud plans? Reach out to us and we can help you design the solution that meets you need!
Public cloud is an important part of enterprise IT. Why? Self-service. APIs. Automation. Access to new features regularly. Global reach. Outsourcing of infrastructure management. OpEx consumption.
But it’s not the be-all, end-all.
Enterprise apps will always require a range of infrastructure options – Hybrid IT – including bare metal, traditional hosting…and private cloud.
The private cloud market is relatively immature (more on this in a forthcoming blog post). The more we looked at this segment, the more we saw an opportunity to offer customers a unique value proposition.
“You got chocolate in my peanut butter…”
With CenturyLink Private Cloud, we’ve combined our approach to public cloud with the most important elements of a private cloud.
Public cloud-style agility, scale, and automation – running on dedicated hardware with physical isolation. Available in over 55 data centers worldwide. That’s CenturyLink Private Cloud.
We spare customers from the drudgery of infrastructure management, while offering more control over what truly matters: everything that happens from the platform up.
For example, administrators dictate who has access to the pod and what they can do on it – while wielding complete authority to govern how the node is used day-to-day. If an instance in the public cloud is an apartment in a large building, CenturyLink Private Cloud makes you the landlord, where you handpick the tenants as you see fit.
Most importantly, the product offers this enhanced control without compromising self-service, scale, and automation.
Ten Ways CenturyLink Simplifies Private Cloud
Let’s step through ten important CenturyLink Private Cloud product attributes, and how they make life easier:
- Dedicated hardware & physical isolation. Compute, storage, and network are all dedicated to you, physically isolated from other deployments. Table stakes for a private cloud.
- We’ll Deploy Where You Want. Place your node close to employees, users, or partners, in over 55 of our state-of-the-art data centers. You get unparalleled geographic flexibility and support for advanced networking and geographic flexibility. Plus, this helps us offer the best SLAs possible, compared to customer premises models.
- Administrative control of your users and their deployments, with an enterprise permissions model. IT already has a way they want segment access across a global employee base. We help you do that with point-and-click ease at a granular level.
- Easy oversight and day-to-day management of deployed apps. Our management interface – the Control Portal – is a breakthrough experience for managing cloud environments at scale. In way less time that you thought possible.
- Self-service access. This is why employees turned to public cloud in the first place – servers in minutes, so they can get on with their jobs. CenturyLink Private Cloud offers self-service to users via our Control Portal and with an API.
- Chargebacks, governance & detailed internal usage tracking. As IT aligns closer with the business, chargebacks and showbacks become crucial to embracing cloud. Our built-in account hierarchies and granular invoices combine to offer you unprecedented detail to your employees about their usage.
- 99.99% SLAs & CenturyLink Cloud management of infrastructure. The point of cloud is to get out of the infrastructure management, remember? Private cloud doesn’t change that. We have deep expertise in running cloud at scale, and that expertise goes to work for you here.
- Elastic compute, storage, and network. Sure, capacity is fixed within the physical environment. But you can ratchet resources up and down for each app that’s hosted there. And our Service Engineering team will help you capacity plan as you go.
- Regular access to new features and innovation. Our private cloud is updated with new features every 21 business days, just like our public cloud. And because of our DevOps expertise, the downtime for your apps is negligible. So when we add new features (like Group-based autoscaling), private cloud customers have them at the same time. The update schedule for most other public clouds – let alone the other private cloud vendors – is not nearly as aggressive as what CenturyLink offers.
- OpEx model consumption. CenturyLink Private Cloud is a pure operational expense, offering flexibility and freedom when compared to capital-intensive alternatives.
One other element of why we think this approach works so well – CenturyLink Private Cloud is federated into our public cloud network. That means that hybrid configurations become dramatically simpler. Deploy apps across our public nodes and your private nodes, just like you would any other multi-data center configuration (even using Blueprints if you want!). Create firewall rules to govern access between public and private.
Hybrid IT has been a big focus for CenturyLink in the recent past, and it’s intensifying.
CenturyLink Private Cloud is a product will appeal to those enterprises that want a “transformational private cloud” (using Forrester’s excellent private cloud framework), where the goal is control and agility.
Want to know more? Check out the product page, or reach out to our private cloud sales team. We are looking forward to helping you advance your cloud strategy!
Last year, we made 12 predictions about what would happen in the cloud space in 2013. As the year comes to a close, it’s only fair for us to assess our hits and misses to see how well we did.
Recap and Scorecard
PREDICTION #1: 2013 will be the year of cloud management software.
REALITY: Hit. We saw this come true on multiple fronts. First, cloud management providers Enstratius and ServiceMesh were acquired by Dell and CSC, respectively. Tier 3 – known for the sophisticated management software that runs our IaaS – was acquired by CenturyLink. On top of this, Gartner estimates that a new vendor enters the cloud management space every month, and nearly every cloud provider is constantly beefing up their own management offerings. This shows the strategic value of comprehensive management capabilities in a cloud portfolio. Customer adoption of these platforms is also on the rise and Gartner sees 60% of Global 2000 enterprises using cloud management technology (up from 30% in 2013).
PREDICTION #2: While the largest cloud providers duke it out on price and scale, smaller cloud providers see that enterprise adoption really depends on tight integration with existing tools and processes.
REALITY: Mixed. Of course, cloud prices definitely declined in 2013 and massive scale continued to be a key selling point. Hybrid cloud picked up momentum this year as more companies looked to establish an IT landscape that leveraged on-premises assets while taking advantage of cloud scale. In order to maximize the efficiency of hybrid scenarios, companies need consistency in processes and tools. While cloud management platforms have helped with this a bit, there wasn’t a wholesale move by cloud providers to seamlessly integrate their core offerings with established products.
PREDICTION #3: Enterprises move from pilots to projects, and architecture takes a front seat.
REALITY: Hit. There’s been much less gnashing of teeth on “should I use the cloud” this year, and much more discussion about how to capitalize on the cloud. We’ve seen our customers move to more substantial solutions and ask for more sophisticated capabilities, such as self-service networking. Throughout the industry, we’re seeing more enterprise-class case studies where customers are putting mission critical workloads in the cloud. However, outages still occur on any cloud, and providers are publishing guidelines on how to properly architect for high availability. The recent AWS conference was full of sessions on architecture best practices, and developers are hungry for information about how those best practices are applied.
PREDICTION #5: Standalone, public PaaS offerings will be slow to gain enterprise adoption.
REALITY: Hit. In 2013 we saw renewed discussion on what PaaS actually is and what it SHOULD be. Longtime PaaS providers Microsoft and Google added IaaS products to their portfolio, while smaller firms like Apprenda saw success in private PaaS. Our sister company, AppFog, has launched over 100,000 apps, including some impressive enterprise deployments. Former Tier 3 colleague Adron Hall asked whether PaaS was still “a thing” or whether new container technologies like Docker were going to replace it. However, as some like our own Jared Wray and Red Hat’s Krish Subramanian have said, PaaS is about more than JUST application containers. A rich PaaS also includes the orchestration, management, and services that make it a valuable platform for web applications of any type. Either way, PaaS is still in its infancy and will continue to morph as customer scenarios take shape.
PREDICTION #6: Public goes private.
REALITY: Mixed. There were hints of this in 2013 as Amazon won a bid to win a private cloud for the CIA (and for you too if you have half a billion sitting around!), Microsoft offered a “pack” for making on-premises environments resemble their public cloud, and platforms like OpenStack gained traction as a private cloud alternative. We continued to make advances in supporting private scenarios by adding self-service site-to-site VPN capabilities to an already-robust set of connectivity options. I gave this a “mixed” score because as a whole, public cloud providers don’t yet (and may never) make it simple to run their stack in a private data center for mainstream enterprises.
PREDICTION #7: Cloud providers embrace alternate costing models.
REALITY: Hit. 2013 saw some changes to how cloud customers paid for resources. We modified our pricing to decouple some components while still making it easy to provision exactly the amount of CPU, memory and storage that you need for a given server. Google and Microsoft both launched their IaaS clouds with “per minute” pricing for compute resources. Cloud providers have yet to move to a “pay for consumption instead of allocation” model for things like storage, but overall we’ve seen a maturation of pricing considerations in 2013.
PREDICTION #8: While portability will increase at the application and hypervisor layer, middleware and environment metadata will remain more proprietary.
REALITY: Mixed. We might have been too pessimistic last year! DevOps tools have flourished in 2013 and platform adapters have made it possible to move workloads between clouds without a massive re-architecture effort. To be sure, code portability is still MUCH simpler than environment portability. Each cloud provider has their own value-added services that rarely transfer easily to other locations, and no clear IaaS standard has emerged. However, platforms like OpenStack are attempting to make cloud portability a reality, and the increasing prevalence of public APIs makes it possible for tools like Pivotal’s BOSH or Chef to orchestrate deployments in diverse provider environments.
PREDICTION #9: Global expansion takes center stage.
REALITY: Hit. One of the first questions we hear from prospective customers is “where are your data centers?” This year, almost all of the leading cloud providers expanded their footprint around the globe. For our part, we added data centers in Canada, the UK, and Germany. Now, as part of CenturyLink, we have major expansion plans in 2014.
PREDICTION #10: IaaS providers who don’t court developers get left behind.
REALITY: Hit. In 2013, Stephen O’Grady wrote that developers are the “new kingmakers” and this was reinforced by Gartner analyst Lydia Leong who wrote that IT operations no longer has a monopoly on cloud procurement. Developers are now running the show – bringing in vendors that meet their unique criteria. Consequently, a new crop of developer-centric cloud providers has popped up. While they don’t offer managed services or sophisticated resource management, they DO help developers get going quickly in the cloud. We wooed developers with new self-service capabilities, API improvements, and with new features like Autoscale and webhooks. Developers will continue to be a focus for us at CenturyLink and we plan on continuing our regular Open Source contributions!
PREDICTION #11: Clouds that cannot be remotely managed through an API will fall behind.
REALITY: Hit. APIs are the gateway to modern services and allow ecosystems to flourish. Consider the vibrant crop of cloud management platforms discussed in prediction #1. And that is just one small example. The vast majority of clouds listed in Gartner’s 2013 Magic Quadrant for Cloud Infrastructure have public, comprehensive APIs that developers can use to consume the cloud in whatever way they want. In 2013, we started an effort to replace our existing API with an even more expansive offering that offers complete parity with our industry leading Control Portal user interface. That effort will continue into the next year. When complete, a new host of capabilities will be accessible for CenturyLink, our partners, and mostly important, our customers.
PREDICTION #12: Usability and self-service become table stakes for cloud providers.
REALITY: Mixed. In 2013, we seemed to hit the point where “clouds that aren’t really clouds” struggled as the market began to demand more. Customers expected more and more self-service capabilities, and Tier 3 – along with most every other major provider – focused heavily on that in 2013. Platform usability was a lesser focus this year. While new clouds from Microsoft and Google included relatively straightforward user experiences, few providers made any massive visual improvements. While the CenturyLink Cloud continues to be lauded for an easy to use, powerful interface, we haven’t stood still. A major redesign is underway that will surface more data, simplify activities, and improve performance.
2013 was an important year in the maturation of the cloud industry. New vendors were introduced, popular platforms were acquired, and consumption of cloud services skyrocketed. What will happen in 2014? Stay tuned for our predictions!
For the 3rd straight year, CenturyLink Cloud was recognized by Gartner in its influential Magic Quadrant (MQ) for Cloud Infrastructure-as-as-Service. Readers of the MQ don’t just like it because it summarizes an entire industry with a single visual representation. Rather, its real value is derived from the deep analysis of vendors and market dynamics. Each year, the criteria for inclusion gets tougher as the demands of enterprise customers mature. In 2013, vendors can’t simply offer a warmed-over virtualization environment and brand it a cloud.
Download Report >>
Gartner went hands-on with our platform and came away impressed.
CenturyLink Cloud combines an excellent, highly differentiated set of features on a well-engineered platform with an easy-to-use self-service portal. It is one of the few services with both cloud-native capabilities that are attractive to developers and the governance and management features needed by large enterprises.
In fact, one of their “cautions” about our company included an important compliment. Gartner says that we “will be challenged to match the engineering resources available to the market leaders, and therefore challenged to maintain its platform lead.” We aren’t a big company, but our engineering team has accepted that challenge head on. We look forward to building on this lead in the months and years ahead.
How does Gartner see the market evolving, and what does that mean for CenturyLink Cloud and our customers?
The MQ flags important trends enterprise customers to consider. Many of them map closely to our product strategy.
- Gartner Take: Cloud IaaS is not a commodity. . All clouds are not created equal, and each cloud has their own set of value-added features. While this can limit portability between providers, this issue isn’t a unique to the cloud and is an accepted aspect of most IT vendor relationships. We’re obsessed with automation and user experience, and this manifests itself through a set of services that you can’t easily get elsewhere. It needs to be easy for customers to enter – and exit – our cloud, but our product and roadmap is full of customer-driven features that make it easier to create and manage sophisticated infrastructure environments.
- Gartner Take: Hybrid cloud is not yet a reality. Gartner’s point here is simply that it’s not easy to migrate or manage servers that reside in disparate (cloud) environments. That said, from a different perspective of hybrid cloud, we’re seeing a measurable uptick in requests for deep integration between on-premises and cloud environments. Our recent introduction of self-service networking features, coupled with our VPN and Direct Connect capabilities, makes it possible for enterprises to truly treat the CenturyLink Cloud cloud as a close knit extension of their existing data centers – complex network topology and all.
- Gartner Take: One size does not fit all. Customer needs are far from uniform. Gartner points out that for any given workload, the priority could be performance, availability, security, customer service, ease of use, or something completely different. Not every cloud is suited for each dimension. While we like to think that we can run most any workload, we’ve optimized the platform for business applications, enterprise development and testing, ISV-to-SaaS transformation, and resellers looking to expand their portfolio of services.
- Gartner Take: IaaS can be used to run a wide range of workloads. In 2013, the cloud isn’t just a playground for prototypes. Not only is it ideal for applications architected specifically for cloud-scale, but also for existing systems that reside in corporate data centers. Our reliable cloud services are there for applications that have to scale out *or* up. We work with numerous enterprise customers who don’t have cloud-native applications but still see significant value in running it in an agile cloud environment (The most common motivation is to accelerate the transition to IT-as-a-service). In those cases, there’s a premium placed on chargebacks, reliability and management of relatively static resources.
- Gartner Take: Buying centers for IaaS are diverse. We are excited that our bet on developers as the new kingmakers is paying off. But while engineering plays a HUGE role in cloud adoption, Gartner recognizes that many cloud initiatives are led by business or IT operations. We have won several big accounts because of our sophisticated capabilities around account management, billing, rebranding, auditing, governance, and network management. Unless an organization is ONLY run by developers (like an early stage startup), there’s a need for automation, and practical capabilities that reduce the human cost of using the cloud..
- Gartner Take: The cloud IaaS market is more similar to a software market than a traditional IT services market. Our interpretation: self-service and automation are critical to a successful cloud implementation. We couldn’t agree more. There’s a massive, unseen human cost to cloud that isn’t reflected in the cold costs of CPUs and RAM. Staff has to be trained to administer and manage the shared pool of resources. Automation provides the only way that an organization can successfully secure, patch, and manage their cloud environment. Our cloud services are chock full of ways to automate deployments and maintenance and we’re adding more every month!
Each year, the Gartner MQ gives IT leaders a pragmatic and unbiased way to get a handle on a very fluid industry. We’re proud of our strong showing in the last 3 editions, but don’t take Gartner’s word for it; try our cloud out for yourself! And if you love the idea of working on leading-edge technology for a hot-shot cloud company, join our team!