Hybrid MultiCloud
IBM Hybrid MultiCloud Strategy
From time to time, we invite industry thought leaders to share their opinions and insights on current technology trends to the IBM Systems IT Infrastructure blog. The opinions in these posts are their own, and do not necessarily reflect the views of IBM.
New technologies breed new buzzwords and terminology, and sometimes it can be difficult to keep up with what it all means. For example, I’m sure you’ve heard the term “hybrid multicloud,” but have you ever really stopped to think about what it means and what it implies for IT in your organizations?
Developing Secure Multi-Cloud Kubernetes Applications
What does it mean?
First let’s take a moment to break down the term Hybrid Multicloud.
Hybrid implies something heterogeneous in origin or composition. In other words, it is something that is composed of multiple other things. Multicloud is pretty simple, and refers to using more than one cloud computing service.
So, when you use the term “hybrid” in conjunction with “multicloud,” it implies an IT infrastructure that uses a mix of on premises and/or private / public cloud from multiple providers.
This is a sensible approach for many organizations because it enables you to maintain and benefit from the systems and data that you have built over time. And, to couple it with current best practices for reducing cost and scaling with cloud services where and when it makes sense.
No one single system or technology is the right solution for every project. No matter what the prognosticators are saying, we will not be moving everything to the cloud and abandoning every enterprise computing system we ever built in the past. But the cloud offers economies of scale and flexibility that make it a great addition to the overall IT infrastructure for companies of all sizes.
With a hybrid multicloud approach, you can choose what makes sense for each component, task, and project that you tackle. Maintain existing platforms to benefit from their rich heritage and integrate them with new capabilities and techniques when appropriate.
Another way of saying this is that you utilize the appropriate platform and technology for the task at hand.
The mainframe is a vital component
For large enterprises, the mainframe has been a vital cog in their IT infrastructure for more than 50 years. Mainframes continue to drive a significant portion of mission critical workload for big business.
Mainframes house more of the world’s structured enterprise data than any other platform. A large percentage of all enterprise transactions run on or interact with the mainframe to conduct business. The mainframe is used by 44 out of the top 50 worldwide banks, 10 out of the top 10 insurers and 18 out of the top 25 retailers.[1]
Clearly the mainframe continues to be an important platform for hosting and developing critical business applications. As such, it is a critical component that should be considered for enterprise hybrid multicloud implementations.
Application-Level Data Protection on Kubernetes
Challenges of system change
As we embark on our hybrid multicloud journey, we must embrace the challenges that are involved in integrating, managing, and utilizing a complex heterogeneous system of different platforms and technologies.
The goal is to bring order, control and insight to disparate environments. This means building resiliency and business continuity into the applications and systems. An outage anywhere in the hybrid multicloud should not cause transactions and business to cease operating.
Furthermore, security and data protection must be part of your strategy. Your customers do not care about the technology you use–they expect to be able to access your systems easily and for their data to be protected. Furthermore, with regulations like HIPAA, PCI-DSS, GDPR and more, your hybrid multicloud must be secure.
It is also challenging to manage systems that rely on multiple cloud service providers, Each provider will have different configuration and security requirements, along with separate development and deployment techniques and requirements.
And let’s not forget that we are integrating many disparate components in a hybrid multicloud infrastructure, not just cloud providers. These are typically implemented, managed, and monitored in different ways, using different technologies. It is imperative that you build and acquire management solutions that can be used to manage and orchestrate the activities and projects across your environment with minimal disruption.
A rigorous plan for choosing multicloud management solutions that understand the cloud providers and on-premises technology that you use can be the difference between success and failure. Plan wisely!
The bottom line
Tackling modern technology is not as simple as “throw out the old and bring in the new.” You have to integrate the old and the new in order to continue to build business value. That means adopting a hybrid multicloud approach. This can deliver the most value to your organization, but it also requires being cognizant of the challenges and making plans to overcome them for your business.
To learn more about IT infrastructure for your hybrid multicloud environment, read this Forrester paper, Assess The Pain-Gain Tradeoff of Multicloud Strategies.
https://www.ibm.com/it-infrastructure/us-en/resources/hybrid-multicloud-infrastructure-strategy/
Multi-Cloud Strategy
What is a Multi-Cloud Strategy?
Why use a Multi-Cloud Strategy?
What are the Benefits of Multi-Cloud Strategy?
How does a Multi-Cloud Strategy enable Digital Transformation?
How do you Develop a Multi-Cloud Strategy?
What are the Key Success Factors for a Multi-Cloud Strategy?
What is a Multi-Cloud Strategy?
A multi-cloud strategy is the utilization of two or more cloud computing services from any number of cloud providers, that are compatible with and extend an organization’s private cloud capabilities. Generally, this means consuming Infrastructure-as-a-Service (IaaS) services are provided by more than one cloud vendor as well as by on-premises or private cloud infrastructure.
Many organizations adopt a multi-cloud strategy for redundancy or to prevent vendor lock-in, while others adopt a multi-cloud approach for best fit-for-purpose to meet application needs for example to take advantage of capacity or features available from a particular cloud provider, or to utilize services offered in a particular geography.
Why use a Multi-Cloud Strategy?
Organizations adopt an enterprise multi-cloud strategy for a number of reasons. Utilizing multiple cloud services from a variety of providers offers these advantages, amongst others:
Modernization: As organizations increasingly adopt cloud-native applications based on containers, microservices, and APIs, a multi-cloud strategy gives access to the broadest array of services while composing new applications.
Flexibility and Scalability: Using multiple cloud providers can prevent vendor lock-in, can provider leverage during vendor negotiations, and can also expose the organization to new capabilities unique to a second or third provider. Additionally, as demand varies, multi-cloud providers can support increase or decrease in capacity virtually instantaneously.
Enhance Best Practices: Leverage best practices learned working with one cloud to other public and private clouds.
Regulatory Compliance: Not all cloud providers provide services or store data in every geography. A multi-cloud strategy can help ensure that an organization is in compliance with the broad range of regulatory and governance mandates, such as GDPR in Europe.
Deploy resilient and secure Kubernetes apps across multi-cloud
What are the Benefits of MultiCloud Strategy?
Agility and Choice: Organizations adopting a multi-cloud strategy can support the needs of an entire application portfolio, and overcome challenges of legacy infrastructure and limited in-house capacity to achieve agility and flexibility needed to remain competitive in their markets. A solid multi-cloud strategy enables organizations to methodically migrate workloads and modernize their application portfolio with cloud-specific services best suited for each application.
Utilize Best of Breed Services: Organizations can pick the best cloud platform that offers the best possible technology solution at the most attractive price. Organizations can select from the physical location, database, service level agreement, pricing, and performance characteristics of each provider while crafting an overall cloud solution to meet pressing business needs.
Modernization and Innovation: Modern orchestration tools can automate management of a multi-cloud strategy, including cloud and on-premises workloads. This can free up valuable IT resources to focus on code modernization and innovation based on new services, products, and platforms that become available on a continual basis.
Enhanced Security: Multi-cloud strategies often include adopting a zero-trust approach to cloud security, which can help ensure the security of every cloud transaction and interaction. Although every major cloud provider offers state of the art physical security, logical security remains the responsibility of each organization using cloud providers for their IaaS platforms.
Price Negotiations: Utilizing multiple cloud providers offers pricing leverage to organizations, as providers are increasingly under competitive pressure to offer IaaS services to an increasingly savvy customer base. Organizations can compare different providers to secure the best possible price and payment terms for each contract.
Risk Reduction: Utilizing multiple cloud providers helps protect against infrastructure failure or cyber-attack. Organizations can rapidly failover workloads from one cloud provider to another and fail them back once the problem is solved.
Introduction to VMware Multi-Cloud Architecture and Strategy
How does a Multi-Cloud Strategy enable Digital Transformation?
Digital Transformation is achieved by utilizing applications to deliver services to customers, and to optimize business processes and supply chain operations. As organizations undertake their digital transformation journey, application modernization and a multi-cloud strategy supports the needs of applications – new and old. Digital transformation and application modernization is an ongoing process, not a one-time task, and so new services and products offered by a range of cloud providers will factor into the continuous improvement of enterprise applications as digital transformation evolves into digital maturity.
IT organizations may find that certain workloads perform better on a given platform, while others work better with a service that is uniquely offered by a specific vendor. A multi-cloud strategy enables the development of the best possible platform for a given function.
How do you Develop a Multi-Cloud Strategy?
Organizations should start on their multi-cloud strategy by first taking an assessment of application needs, as well as technical and business requirements – both cloud and on-premises based - to understand the motivation for adopting a multi-cloud strategy. Popular motivators include:
- Lowering overall infrastructure costs by migration of workloads to the cloud provider with the most aggressive pricing models
- Speeding application delivery by provisioning development resources when needed
- Driving IT efficiency by freeing up manpower formerly utilized managing on-premises resources
- Moving to OpEx from CapEx by eliminating in-house infrastructure entirely.
- Once needs are assessed, organizations should plan which cloud services will best fill those needs. A multi-cloud strategy should consider:
- Existing applications, and whether they currently reside in a cloud provider
- Unique benefits of each cloud provider and how they map to current needs
- Overall relationship with existing cloud provider portfolio
- Whether there are concerns regarding vendor lock-in
- Strategic or business benefits from a multi-cloud strategy, such as compliance or governance issues that would be solved or addressed.
It is important to consider what roadblocks could impede a multi-cloud strategy. One of the major issues is siloed data that is locked into standalone databases, data warehouses or data lakes with both structured and unstructured data, and block storage used for persistent volumes, all of which can be difficult to migrate. Organizations must also ensure that there are more than one instance of any data set; otherwise it will be impossible to determine which is the source of truth’ and which is an echo. Also, different cloud providers have different architectures and constructs that prevent simple migration of workloads, unless there is an abstraction layer that provides a consistent infrastructure environment.
Organizations should plan on implementing a multi-cloud governance strategy to ensure that policies are applied uniformly enterprise-wide and that business units are not utilizing ‘shadow IT’ resources instead of utilizing sanctioned platforms.
In this manner, IT becomes more of a broker than developer, making cloud resources available and applying policies and best practices to ensure that each instance and deployment adhere to defined policies.
A major issue to avoid is utilizing older offerings or platform-as-a-Service (PaaS) when simple compute is required. Although PaaS offers many benefits, most offerings are not easily portable between cloud providers and should be avoided. Since many organizations utilize a multi-cloud strategy as part of an overall modernization effort, PaaS deployments should be migrated to containerized applications which inherently support multi-cloud strategies.
Finally, when selecting services, avoid the need to find the exact perfect match for every application or function. Platforms that meet all the defined needs are all an organization needs; searching for the ultimate cloud provider offering for a given application can lead to adoption of a number of one-off providers when the job could have been done just as well with existing cloud partner offerings. The old adage that ‘99 percent done is done’ should be applied.
Organizations should then utilize development of multi-cloud pilots to gain competency in managing a multi-cloud strategy to execution, including offering necessary training and education for all stakeholders as to what will change in their day to day activities.
Normalizing Multi-cloud Security Notifications
What are the Key Success Factors for a Multi-Cloud Strategy?
Know the Why of multi-cloud. Organizations must keep their objectives top of mind, whether it is modernization, cost savings, reducing vendor lock-in or eliminating on-premises IT infrastructure. This also should include buy-in from all stakeholders including executives.
Keep an eye on costs. Cloud platforms are different. Without an abstraction layer or way to create consistent operations, operations, security, and governance costs can grow with the addition of each cloud.
Plan for needed skills. Multi-cloud adds complexity – perhaps two to three times more complex than utilizing a traditional single-sourced cloud environment. Although management tools can mitigate some of this complexity new skills will be required to manage a multi-cloud environment and to take advantage of the benefits of cloud-native application strategies. Whether these skills come from training existing teams, hiring from outside, or by leveraging integration partners they will be required to get a multi-cloud strategy off the ground.
Measure Progress. Organization leaders will want to determine if a multi-cloud strategy is achieving its stated goals. Look for ways to measure the payback of this approach, either through return on investment (ROI) or by demonstrating reduced total cost of ownership (TCO) for IT over a given timeframe.
Document and report on outcomes and share the reports with stakeholders to grow confidence in the strategy enterprise-wide.
Think Modernization. If achieving modern, cloud-native operations is a goal, embrace modernization and encourage thinking outside the box as development, DevOps and deployment times all accelerate. Innovation that leads to better employee and customer engagement can pay off in improved revenue and profits, so embrace new methods of interacting such as chatbots and mobile applications.
Mastering the Hybrid Multicloud World
It’s Critical that On Premises and Cloud Work Together
It’s easy to see why today’s organizations are flocking to the cloud. Hyperscalers give software developers access to a wide scope of resources for creating and managing applications. They also enable rapid scaling, and foster innovation by making it easy for developers to incorporate new features. As millions of customers provide feedback, new iterations are constantly being built and deployed.
For organizations, it makes sense to take advantage of the cloud’s innovations and scaling capabilities by using SaaS applications for standard business functions such as Customer Relationship Management (CRM), office productivity software, and video conferencing. Fifty-four percent of businesses say they have moved on-premises applications to the cloud, and 46% have created applications expressly built for cloud use, according to the IDG 2020 Cloud Computing Survey.
In the multi-tenant public cloud, organizations also avoid the heavy capital expenses of purchasing infrastructure and pay-as-you-go pricing also allows them to avoid spending money on unused capacity.
Still, many organizations prefer to hold the more individualized and sensitive parts of their business processes – applications controlling finance, manufacturing, or supply chain operations, for example – in the data center. This hybrid cloud model allows IT to focus on hosting internally the services that make the company unique.
Hybrid- and Multi-Cloud by design - IBM Cloud and your journey to Cloud
From Hybrid Cloud to Multicloud
The norm for today’s enterprises is the MultiCloud. Fifty-five percent of companies are using at least two public clouds in addition to their own data centers, the IDG survey found.
One reason is that AWS, Microsoft Azure, and the Google Cloud each have different features and pricing structures. IT managers make choices based on the performance and services a platform offers, which vary according to application type. IT leaders also optimize costs by selecting the storage options best suited to their needs.
And because the public cloud is a dynamic environment, with providers continually creating new services, a multicloud strategy allows organizations to avoid vendor lock-in and take advantage of these innovations as they are introduced.
Multi-Cloud Kubernetes Management and Operations
Management and Data Challenges
The sprawling multi-cloud-and-on-premises environment gives IT leaders a wide array of choices for managing resources and data. While having more options is a boon, 46% of technology leaders in the survey said it has also increased management complexity.
IT teams must constantly evaluate the environment and decide where it is best to locate workloads. Some decisions are relatively straightforward. Security or compliance regulations keep certain applications on premises. Another big issue is lag. Kim Stevenson, Senior Vice President and General Manager of NetApp Foundational Data Services, points out that “Some applications don’t tolerate even a nanosecond of latency.”
But for many applications, decisions aren’t so clear-cut. Technology leaders must weigh their options, running calculations to determine the advantages and disadvantages of on premises versus Cloud A or Cloud B.
Sometimes it makes sense to move applications permanently to the cloud. Other times, it may be better to shuttle them between cloud and data center as the organization grows, tries out new services, or responds to changing demands.
“If you’re in retail, you need to do a lot more credit card processing on Black Friday. If you’re an accounting firm, you need to do a lot of tax application processing in the first quarter. At the end of the fiscal year, you may want to tier off older data to object storage,” Stevenson says.
But applications and data don’t always move smoothly between the on-premises environment and the cloud. Inconsistent data formatting can lead to confusion and errors.
For example, dates can be expressed in several different formats, making data containing them difficult to transfer. Customer records may contain 16 characters in some data stores and 20 in others. If a company moves them from a 20-character to a 16-character format, IT must pause to determine whether any important information will be lost, and if so, what to do about it.
Because data about application use and costs is scattered across public clouds and the data center, it’s tough for IT to see the big picture. Different clouds use different management tools, making it even harder to have visibility into actual IT resource usage and spend forecast predictability.
Taming Multi-Cloud, Hybrid Cloud, Docker, and Kubernetes
Improving Operations with Unified Management
Today’s technology makes managing the multicloud, hybrid environment much easier. Solutions such as NetApp ONTAP standardize data architecture, so companies can move applications at will and automatically tier off old data to cheaper storage without worrying about quality control. They have strong and consistent security protections surrounding their data wherever it goes.
IT leaders can also see and manage infrastructure both at home and across multiple public clouds – all from one central control plane. A unified management platform also enables cloud features like automation and advanced AI algorithms to be extended to applications in the data center.
“A single management console helps you do two things,” Stevenson says. “It diagnoses problems and shows you where they’re located, and it gives you the tools to solve them.”
Administrators can manage everything with a single toolset, making training easier and avoiding the confusion that can arise when switching among on-premises and public clouds.
Managers can view resources across the entire organization or parse them according to business unit or service type. This unparalleled visibility enables them to avoid guesswork when creating a technology strategy, as well as make informed decisions based on reliable and timely operational data.
The state of the cloud csa survey webinar
Businesses can also increase agility by scaling compute and storage resources separately, helping them respond better to shifting workloads and customer demands. Remote teams can collaborate seamlessly using data from both on-premises storage and the cloud.
Making Better Choices
The hybrid, multicloud environment gives companies choices, but without a coherent framework, conflicts and inefficiencies are bound to arise.
Today’s technology allows IT leaders to literally see what they’re doing and judge how one move on the chessboard will affect other pieces of the business. Whether they’re building their own private clouds or deploying resources in public ones, they can make sound, data-driven decisions about operations, costs, scaling, and services. By bringing the best capabilities of the cloud to the data center, IT leaders can finally achieve their elusive goal of aligning IT strategy with business strategy.
“The cloud and the on-premises environments will continue to coexist for a long time,” Stevenson says. “Organizations that enable them to work well together will realize the full benefits of both, giving them a competitive edge.”
Multi-Cloud Connectivity and Security Needs of Kubernetes Applications
Application initiatives are driving better business outcomes, an elevated customer experience, innovative digital services, and the anywhere workforce. Organizations surveyed by VMware report that 90% of app initiatives are focused on modernization(1). Using a container-based microservices architecture and Kubernetes, app modernization enables rapid feature releases, higher resiliency, and on-demand scalability. This approach can break apps into thousands of microservices deployed across a heterogeneous and often distributed environment. VMware research also shows 80% of surveyed customers today deploy applications in a distributed model across data center, cloud, and edge(2).
Enterprises are deploying their applications across multiple clusters in the data center and across multiple public or private clouds (as an extension of on-premises infrastructure) to support disaster avoidance, cost reduction, regulatory compliance, and more.
Applications Deployed in a Distributed Model
Fig 1: Drivers for Multi-Cloud Transformation
The Challenges in Transitioning to Modern Apps
While app teams can quickly develop and validate Kubernetes applications in dev environments, a very different set of security, connectivity, and operational considerations awaits networking and operations teams deploying applications to production environments. These teams face new challenges as they transition to production with existing applications — even more so when applications are distributed across multiple infrastructures, clusters, and clouds. Some of these challenges include:
Application connectivity across multi-cluster, multi-cloud, and VM environments
Application teams developing new applications using a microservices architecture need to be concerned about how to enable connectivity between microservices deployed as containers and distributed across multiple clouds and hybrid environments (data centers and public clouds).
Private cloud in the Hybrid Era
Additionally, some of these application components reside in VM environments. For example, a new eCommerce app designed with a microservices architecture may need to contact a database running in a VMware vSphere environment or in the cloud. The lack of seamless connectivity between these heterogeneous environments (container-based vs. VM-based) is one of the reasons that prevent enterprises from meeting time-to-market requirements and slows down their app modernization initiatives, as they are unable to re-use their existing application components.
Consistent end-to-end security policies and access controls
With heterogeneous application architectures and infrastructure environments, the trusted perimeter has dissolved, and enterprises are seeing breaches that continue to grow via exploits, vulnerabilities, phishing attacks, and more. Modern applications raise several security challenges, such as how to secure connectivity not only from end-users into Kubernetes clusters, but across clusters, availability zones, and sites and between containerized and virtual machine environments.
Consistent end-to-end security policies and access controls
Fig 2: Increased Attack Surface
Teams need to more effectively ensure that users are given the right access permissions to applications; that application components are properly ring-fenced; and that communications across hybrid infrastructures and workloads are secured. Identity based on IP addresses, and intent based on ports, are insufficient for modern applications. What is needed is end-to-end deep visibility from end-users to apps to data, and an extension of the principles of zero trust network access (ZTNA) to these modern applications.
Operational complexity — multiple disjointed products, no end-to-end observability
The responsibility for secure, highly available production rollouts of Kubernetes falls on application platform teams. However, they are confronted with a vast array of open-source components that must be stitched together to achieve connectivity, availability, security, and observability — including global and local load balancers, ingress controllers, WAF, IPAM, DNS, sidecar proxies, policy frameworks, identity frameworks, and more.
Multiple disjointed products, no end-to-end observability
Fig: 3 Multiple components need to be managed separately
Platform teams need a way to centrally control traffic management and security policies across the full application operating environment. They also need a way to gain end-to-end visibility across multiple K8s environments and entire application topologies, including application dependencies, metrics, traces, and logs. The end-result of this complexity is usually a compromise consisting of partial visibility, automation, and scalability, which ends up making a lot of projects fail.
All these challenges and more are driving us to further evolve our networking and security thinking for modern apps. We simply cannot afford to continue to rely solely on the network architectures of the last decade. More versatile and flexible models are needed to address connectivity, security, and operational requirements in this rapidly evolving world.
VMware Modern Apps Connectivity Solution
VMware is introducing a new solution that brings together the advanced capabilities of Tanzu Service Mesh and VMware NSX Advanced Load Balancer (formerly Avi Networks) to address today’s unique enterprise challenges.
The VMware Modern Apps Connectivity solution offers a rich set of integrated application delivery services through unified policies, monitoring, visualizations, and observability. These services include enterprise-grade L4 load balancing, ingress controller, global load balancing (GSLB), web application security, integrated IPAM and DNS, end-to-end service visibility and encryption, and an extensible policy framework for intelligent traffic management and security. Through the integrated solution, operators can centrally manage end-to-end application traffic routing, resiliency, and security policies via Tanzu Service Mesh.
This solution speeds the path to app modernization with connectivity and better security across hybrid environments and hybrid app architectures. It is built on cloud-native principles and enables a set of important use-cases that automates the process of connecting, observing, scaling, and better-securing applications across multi-site environments and clouds.
VMware Modern Apps Connectivity Solution
The VMware Modern App Connectivity solution works with VMware Tanzu, Amazon EKS, and upstream Kubernetes today, and is in preview with Red Hat OpenShift, Microsoft Azure AKS, and Google GKE(3). As a leader in delivering the Virtual Cloud Network, VMware understands the challenges of creating operationally simple models for modern app connectivity and security. The solution closes the dev-to-production gap caused by the do-it-yourself approach forced on many networking teams who are under pressure to launch reliable, business-critical services that work consistently across heterogeneous architectures and environments.
More Information:
https://www.ibm.com/blogs/systems/hybrid-multicloud-a-mouthful-but-the-right-approach/
https://www.ibm.com/cloud/architecture/architectures/public-cloud/