17 March 2021

Hybrid Cloud and Multi-Cloud the Future says IBM

 

IBM Hybrid Cloud and Multi-Cloud the Best Cloud Platform Sofar


Hybrid cloud is an IT architecture that incorporates some degree of workload portability, orchestration, and management across 2 or more environments. Depending on whom you ask, those environments may need to include:

  • At least 1 private cloud and at least 1 public cloud
  • 2 or more private clouds
  • 2 or more public clouds
  • A bare-metal or virtual environment connected to at least 1 cloud—public or private

These varying requirements are an evolution from the earlier age of cloud computing, where the differences between public clouds and private clouds were easily defined by location and ownership. But today’s cloud types are far more complex, because location and ownership are abstract considerations. 


Schlumberger, IBM and Red Hat Announce Major Hybrid Cloud Collaboration for the Energy Industry

This is why it can be more helpful to define hybrid cloud computing by what it does. All hybrid clouds should:

  • Connect multiple computers through a network.
  • Consolidate IT resources.
  • Scale out and quickly provision new resources.
  • Be able to move workloads between environments.
  • Incorporate a single, unified management tool.
  • Orchestrate processes with the help of automation.
Open hybrid cloud: Red Hat's vision for the future of IT

How do hybrid clouds work?

The way public clouds and private clouds work as part of a hybrid cloud are no different than how standalone public clouds or private clouds work:

A local area network (LAN), wide area network (WAN), virtual private network (VPN), and/or application programming interfaces (APIs) connect multiple computers together.

Virtualization, containers, or software-defined storage abstract resources, which can be pooled into data lakes.

Management software allocates those resources into environments where applications can run, which are then provisioned on-demand with help from an authentication service.

Separate clouds become hybrid when those environments are connected as seamlessly as possible. That interconnectivity is the only way hybrid clouds work—and it’s why hybrid clouds are the foundation of edge computing. That interconnectivity is how workloads are moved, management is unified, and processes are orchestrated. How well-developed those connections are has a direct impact on how well your hybrid cloud works.

Make Hybrid Cloud Work for Your Business

Modern hybrid cloud architecture

Today’s hybrid clouds are architected differently. Instead of connecting the environments themselves, modern IT teams build hybrid clouds by focusing on the portability of the apps that run in the environments.

Think about it like this: Instead of building a local 2-lane road (fixed middleware instances) to connect 2 interstate highways (a public cloud and a private cloud), you could instead focus on creating an all-purpose vehicle that can drive, fly, and float. Either strategy still gets you from one place to another, but there's a lot less permitting, construction, permanancy, and ecological impact if you focus on a universally capable vehicle.

IBM Data and Multi-Cloud and Hybrid Cloud


Modern IT teams build hybrid clouds by focusing on the car—the app. They develop and deploy apps as collections of small, independent, and loosely coupled services. By running the same operating system in every IT environment and managing everything through a unified platform, the app's universality is extended to the environments below it. In more practical terms, a hybrid cloud can be the result of:

  • Running Linux® everywhere
  • Building and deploying cloud-native apps
  • Managing everything using an orchestration engine like Kubernetes or Red Hat OpenShift®

Using the same operating system abstracts all the hardware requirements, while the orchestration platform abstracts all the app requirements. This creates an interconnected, consistent computing environment where apps can be moved from one environment to another without maintaining a complex map of APIs that breaks every time apps are updated or you change cloud providers.

It starts with Linux

This interconnectivity allows development and operations teams to work together in a DevOps model: A process by which teams work collaboratively across integrated environments using a microservice architecture supported by containers.

Operating system

Every cloud is unique. That means you need an OS that can do anything. And the only ones that can do everything are open source software, like Linux. So start with Red Hat Enterprise Linux. It lets you run cloud-native apps with the control, confidence, and freedom that comes from a consistent foundation across any cloud deployment.

As the most deployed commercial Linux distribution in the public cloud, Red Hat Enterprise Linux is certified to run on hundreds of public cloud and service providers and is built off the native Linux OS containers are supposed to run on. Plus, customers running Red Hat Enterprise Linux gain economic advantages of more than US$1 trillion each year, just because of the OS.

Practical DevOps in a Hybrid World

The new generation of hybrid cloud enables you to build and manage across any cloud with a common platform. That means you can skill once, build once and manage from a single pane of glass. ... IBM also offers IBM Cloud Pak® solutions, an AI-infused software portfolio that runs on Red Hat OpenShift.

Multicloud is a cloud approach made up of more than 1 cloud service, from more than 1 cloud vendor—public or private.

For example, your enterprise invests in expanding a cloud infrastructure. You've moved from bare-metal servers to virtualization-based workloads, and now you're evaluating public cloud options—not for everything, but to support a specific customer-facing application with highly variable use rates. After some research, you find the public cloud provider that has the right blend of service-level agreements (SLAs), security protocols, and uptime to host your custom application. You’re happy with your choice. But eventually, customers start asking for features that are only available through a different vendor’s proprietary app. Integrating these features into your custom app requires that you not only purchase the vendor’s app, but also host the app in that vendor’s proprietary public cloud—a solution that allows both apps to scale with demand.

You now have a multicloud.

Multicloud - Evolution of Core Infrastructure Strategy


What’s the difference between multicloud and hybrid cloud?

Multicloud refers to the presence of more than 1 cloud deployment of the same type (public or private), sourced from different vendors. Hybrid cloud refers to the presence of multiple deployment types (public or private) with some form of integration or orchestration between them.

A multicloud approach could involve 2 public cloud environments or 2 private cloud environments. A hybrid cloud approach could involve a public cloud environment and a private cloud environment with infrastructure (facilitated by application programming interfaces, middleware, or containers) facilitating workload portability.

These cloud approaches are mutually exclusive: You can't have both, simultaneously because the clouds will either be interconnected (hybrid cloud), or not (multicloud). Having multiple cloud deployments, both public and private, is becoming more common across enterprises as they seek to improve security and performance through an expanded portfolio of environments.

How to Create a Multi-Cloud Strategy

Managing and automating multicloud environments


IT is becoming more dynamic, based on virtual infrastructure both on-premise and off. This introduces significant complexity around self-service, governance and compliance, resource management, financial controls, and capacity planning. Cloud management and automation tools help maintain greater visibility and oversight across these disparate resources.

Automation has been used discretely within enterprises, with different tools used by different teams for individual management domains. But today’s automation technologies (like Red Hat® Ansible® Automation Platform) are capable of automating assets across environments. Adding modern automation capabilities to multicloud environments limits the environment’s complexity while enhancing workload security and performance for traditional and cloud-native applications.

Multicloud and containers

Linux® containers give enterprises choices when it comes to public cloud vendors. Because containers package and isolate apps with their entire runtime environment, users can move the contained app between clouds while retaining full functionality. This gives enterprises the freedom to choose public cloud providers, based on universal standards (e.g. uptime, storage space, cost) instead of whether it will—or won’t—support your workload due to proprietary restrictions.

This portability is facilitated by microservices, an architectural approach to writing software where applications are broken down into their smallest components, independent from each other. Containers—which are Linux—just happen to be the ideal place to run microservice-based apps. Together, they can be the key to taking your apps to any cloud.

Why Red Hat?

Multicloud helps enterprises avoid the pitfalls of single-vendor reliance. Spreading workloads across multiple cloud vendors gives enterprises flexibility to use (or stop using) a cloud whenever they want. There's nothing evil about having multiple clouds—in fact, it’s a good thing. And open source software magnifies that good. Our open source technologies bring a consistent foundation to any cloud deployment: public, private, hybrid, or multi.

Distributed Cloud for Telco Networks and Edge - Bill Lambertson, IBM

A new HPC solution from IBM Cloud

IBM has a long history of leadership in high performance computing (HPC). With ground-breaking advancements in systems, software, and services, IBM has enabled enterprises across many industries to manage distributed environments for running their HPC workloads for decades.

Customers are taking advantage of the massive computational power that cloud computing brings to HPC workloads. Identifying and scripting the necessary provisioning and configuration steps required to build scalable compute environments in the cloud can be daunting. When the need to encrypt valuable data and algorithms is added, the complexity only increases.

IBM Cloud is now announcing a new automated solution that enables customers to quickly and easily build scalable, encrypted compute environments in the IBM Cloud.

DevOps.com Webinar: Protecting OpenShift Container-Based Applications with Cloud-Native Backup

Introducing IBM Cloud HPC Cluster

IBM Cloud is excited to announce the general availability of IBM Cloud HPC Cluster. This scalable and repeatable service simplifies the process of building encrypted HPC environments in the IBM Cloud. The automated service provided by HPC Cluster eases the burden on IT administrators and shortens time to results.

The HPC Cluster service includes two deployment plans: Encrypted Bare Metal HPC Cluster and Encrypted VSI HPC Cluster.  The HPC Cluster service is ideal for users who require high levels of security and encryption for their computationally intensive workloads. It enables customers to bring their own encrypted operating system image and bring their own keys to protect the confidential nature of data and algorithms. With the built-in security and encryption features provided by IBM Cloud HPC Cluster, customers have complete control over their HPC environment in the cloud.

IBM Cloud Pak for Applications Overview

Key benefits of IBM Cloud HPC Cluster

The HPC Cluster service greatly simplifies the process to create and manage encrypted compute environments in the IBM Cloud.

By applying advanced encryption, automation, and monitoring, customers can quickly create scalable compute environments with their choice of compute resources. These environments can be used to execute multiple HPC workloads while ensuring data privacy. The environments can be easily modified by adding and deleting compute resources depending on workload needs.

HPC Cluster key features include the following:

  • Support for bring your own encrypted operating system and Bring Your Own Key (BYOK)
  • Automated deployment and configuration of single-tenant, redundant LUNA Hardware Security Modules (HSM)
  • Automated deployment of compute resources, with boot encryption using customer provided keys
  • Integration with IBM Cloud Object Storage
  • Integration with Activity Tracker to view, manage, and audit cloud activity

The HPC Cluster service is deployed into the customer’s own IBM Cloud account and offers high degrees of customization and control, allowing clients to replicate their on-premise HPC environments in the cloud or extend their HPC workloads to the cloud. All compute configurations offered through this service provide hourly, consumption-based pricing, which helps customers to control spending.

Introducing Migration Toolkit for Virtualization - Miguel Perez Colino (Red Hat) OpenShift Commons

Hybrid cloud security is the protection of the data, applications, and infrastructure associated with an IT architecture that incorporates some degree of workload portability, orchestration, and management across multiple IT environments, including at least 1 cloud—public or private.

Hybrid clouds offer the opportunity to reduce the potential exposure of your data. You can keep sensitive or critical data off the public cloud while still taking advantage of the cloud for data that doesn’t have the same kinds of risk associated with it.

Why choose hybrid cloud for enhanced security?

Hybrid clouds let enterprises choose where to place workloads and data based on compliance, audit, policy, or security requirements.

While the various environments that make up a hybrid cloud remain unique and separate entities, migrating between them is facilitated by containers or encrypted application programming interfaces (APIs) that help transmit resources and workloads. This separate—yet connected—architecture is what allows enterprises to run critical workloads in the private cloud and less sensitive workloads in the public cloud. It’s an arrangement that minimizes data exposure and allows enterprises to customize a flexible IT portfolio.

The components of hybrid cloud security

Hybrid cloud security, like computer security in general, consists of three components: physical, technical, and administrative.

Physical controls are for securing your actual hardware. Examples include locks, guards, and security cameras.

Technical controls are protections designed into IT systems themselves, such as encryption, network authentication, and management software. Many of the strongest security tools for hybrid cloud are technical controls.

Finally, administrative controls are programs to help people act in ways that enhance security, such as training and disaster planning.

Overview of IBM Cloud Pak for Data

Physical controls for hybrid cloud security

Hybrid clouds can span multiple locations, which makes physical security a special challenge. You can’t build a perimeter around all your machines and lock the door.

In the case of shared resources like a public cloud, you may have Service Level Agreements (SLAs) with your cloud provider that define which physical security standards will be met. For example, some public cloud providers have arrangements with government clients to restrict which personnel have access to the physical hardware.

But even with good SLAs, you’re giving up some level of control when you’re relying on a public cloud provider. This means other security controls become even more important.


Technical controls for hybrid cloud security



Technical controls are the heart of hybrid cloud security. The centralized management of a hybrid cloud makes technical controls easier to implement.

Some of the most powerful technical controls in your hybrid cloud toolbox are encryption, automation, orchestration, access control, and endpoint security.

Encryption

Encryption greatly reduces the risk that any readable data would be exposed even if a physical machine is compromised.

You can encrypt data at rest and data in motion. Here’s how:

Protect your data at rest:

Full disk (partition encryption) protects your data while your computer is off. Try the Linux Unified Key Setup-on-disk (LUSK) format which can encrypt your hard drive partitions in bulk.

Hardware encryption that will protect the hard drive from unauthorized access. Try the Trusted Platform Module (TPM), which is a hardware chip that stores cryptographic keys. When the TPM is enabled, the hard drive is locked until the user is able to authenticate their login.

Encrypt root volumes without manually entering your passwords. If you have built a highly automated cloud environment, build upon that work with automated encryption. If you are using Linux, try the Network Bound Disk Encryption (NBDE), which works on both physical and virtual machines. Bonus: make TPM part of the NBDE and provide two layers of security (the NMDE will help protect networked environments, while the TPM will work on premises).

Protect your data in motion:

Encrypt your network session. Data in motion is at a much higher risk of interception and alteration. Try the Internet Protocol Security (IPsec) which is an extension of the Internet Protocol that uses cryptography.

Select products that already implement security standards.  Look for products that support the Federal Information Processing Standard (FIPS) Publication 140-2 which uses cryptographic modules to protect high-risk data.

Pathways to Multicloud Transformation

Automation

To appreciate why automation is a natural fit for hybrid clouds, consider the drawbacks of manual monitoring and patching.

Manual monitoring for security and compliance often has more risks than rewards. Manual patches and configuration management risk being implemented asynchronously. It also makes implementing self-service systems more difficult. If there is a security breach, records of manual patches and configurations risk being lost and can lead to team in-fighting and finger-pointing. Additionally, manual processes tend to be more error prone and take more time.

Automation, by contrast, allows you to stay ahead of risks, rather than react to them. Automation gives you the ability to set rules, share, and verify processes which ultimately make it easier to pass security audits. As you evaluate your hybrid cloud environments, think about automating the following processes:

Assembling your cloud orchestra: A field guide to multi-cloud management


Monitoring your environments

  • Checking for compliance
  • Implementing patches
  • Implementing custom or regulatory security baselines
  • Orchestration

Cloud orchestration goes a step further. You can think of automation as defining specific ingredients, and orchestration as a cookbook of recipes that bring the ingredients together.

Orchestration makes it possible to manage cloud resources and their software components as a single unit, and then deploy them in an automated, repeatable way through a template.

Orchestration’s biggest boon to security is standardization. You can deliver the flexibility of the cloud while still making sure the systems deployed meet your standards for security and compliance.

CIO Think Tank: Pathways to Multi-Cloud Transformation

Access control

Hybrid clouds also depend on access control. Restrict user accounts to only the privileges they need and consider requiring two-factor authentication. Limiting access to users connected to a Virtual Private Network (VPN) can also help you maintain security standards.

Endpoint security

Endpoint security often means using software to remotely revoke access or wipe sensitive data if a user’s smartphone, tablet, or computer gets lost, stolen, or hacked.

Users can connect to a hybrid cloud with personal devices from anywhere, making endpoint security an essential control. Adversaries may target your systems with phishing attacks on individual users and malware that compromises individual devices.

We’re listing it here as a technical control, but endpoint security combines physical, technical and administrative controls: Keep physical devices secure, use technical controls to limit the risks if a device falls into the wrong hands, and train users in good security practices.

Hybrid- and Multi-Cloud by design - IBM Cloud and your journey to Cloud

Administrative controls for hybrid cloud security

Lastly, administrative controls in hybrid cloud security are implemented to account for human factors. Because hybrid cloud environments are highly connected, security is every user’s responsibility.

Disaster preparedness and recovery are an example of an administrative control. If part of your hybrid cloud is knocked offline, who’s responsible for what actions? Do you have protocols in place for data recovery?

Hybrid architecture offers significant advantages for administrative security. With your resources potentially distributed among on-site and off-site hardware, you have options for backups and redundancies. In hybrid clouds that involve public and private clouds, you can fail over to the public cloud if a system on your private data center cloud fails.

The IBM Cloud is the cloud made for business



More Information:

https://www.redhat.com/en/topics/cloud-computing/what-is-hybrid-cloud

https://www.redhat.com/en/engage/cloud-native-meets-hybrid-cloud-strategy-guide?intcmp=701f2000001OMH6AAO

https://www.redhat.com/en/topics/cloud-computing/what-is-multicloud

https://www.ibm.com/cloud/hybrid

https://www.ibm.com/cloud/blog/ibm-cloud-raises-the-bar-for-secure-high-performance-computing

https://thenewstack.io/ibms-red-hat-buy-aims-to-bring-the-hybrid-cloud-to-the-enterprise/

https://www.redhat.com/en/engage/boost-hybrid-cloud-security

https://www.redhat.com/en/topics/security/what-is-hybrid-cloud-security

https://www.harbourit.com.au/everything-you-need-to-know-about-hybrid-cloud/

https://www.redhat.com/en/topics/security



Share:

0 reacties:

Post a Comment