Should my organization have a strategy for implementing multi-cloud? TL;DR – Yes (in fact, you probably already have implemented multi-cloud). Now that we have that out of the way, let’s talk about what you need to know to do it correctly.
The multi-cloud approach is a type of hybrid cloud architecture, hosting services across multiple cloud providers. Typically, but not always, these are public cloud providers. In practice, most companies have already implemented some sort of multi-cloud approach, even if it is not sanctioned by the IT organization. This phenomenon is known as shadow IT: for instance, employees might use Office365 and Google Drive at the same time without IT being aware of it.
Why go multi-cloud?
Without a doubt, the easiest way to implement a cloud strategy is with a single vendor that hosts all of the different services and/or microservices in one place. With a single vendor approach, in theory, DevOps and Site Reliability teams only need to know one ecosystem. A single set of APIs, a single pricing model, a single support structure, and ultimately “one throat to choke” or “one back to pat” depending on your perspective.
However, that convenience comes with major disadvantages:
- Because not all SaaS applications are hosted in the same cloud, a best-of-breed application selection strategy may not be possible.
- Not all cloud providers offer all types of services, and different departments may have critical business requirements that demand services from different providers.
- Cost considerations. The vendors that are closer to achieving a “one stop shop” for all required IaaS/ PaaS services tend to be more expensive.
- A reliance on one vendor reduces reliability (remember the S3 outage a few months back?). No matter the provider, the risk exists.
- Vendors are limited in global coverage.
- Vendor lock-in. Over time, a reliance on a single vendor can result in an amount of data that is simply too massive to migrate.
Flexibility Is Key
The flexibility of multi-cloud inherently overcomes these single-cloud limitations. There are multiple ways to implement a multi-cloud architecture, and each of them has its own pros and cons. Implementations can be architected to optimize for flexibility, resiliency, cost, or a combination of those. One organization might give different departments the freedom to choose their own cloud deployment according to their unique service needs, while another will elect to deploy an active-active or active-passive deployment over multiple providers to improve resiliency and ensure app uptime, and a third will choose to optimize cost across the different providers.
The Challenges of Implementing Multi-Cloud
No matter which deployment model is followed, the challenges in multi-cloud are always similar:
- Scalability – It can be an operational challenge for organizations to maintain multiple VPN tunnels between different virtual private clouds (VPCs) and/or branches.
- Security – Organizations need to manage a more complex security mechanism and support the security of different services across multiple clouds, usually over the public Internet.
- High availability – Continuous availability of workloads is mission-critical. Both the network and the compute resources must be resilient enough to support global production traffic without interruption.
- Application visibility – It can be challenging to find a toolset that can seamlessly monitor the performance of different SaaS/ PaaS/ IaaS components spread across multiple clouds, and visibility is critical to assure optimal service delivery and security.
- Performance – Cloud applications are delivered via the public Internet and are dependent on Internet conditions for their performance. Unfortunately, the Internet isn’t designed for high performance. (This is a topic that Teridion has covered in depth here and here). There are some ways to improve connectivity to a single cloud provider via the likes of AWS DirectConnect or Azure ExpressRoute. However, when different applications and services are distributed on different clouds, those solutions get exponentially more difficult to manage, and become very expensive. It’s not as easy to find a single solution that will improve overall performance across multiple clouds.
Key Multi-Cloud Capabilities
A measured and thoughtful approach is required to navigate through a successful multi-cloud design and deployment and mitigate these challenges. When evaluating different solutions, include these key capabilities in your checklist.
Unified policies – The enterprise should be able to extend the same user and application policies to the public cloud instances that it applies to on-premises infrastructure and remote offices.
Scalable networking – The traditional HQ-branch model that forces branch traffic to be distributed through a single on-premise datacenter or HQ is not scalable. A user must be able to directly connect from any branch to any cloud resource.
The network resource should be able to handle any amount of traffic by leveraging multiple transport types (MPLS, one or more ISPs connected to the branch, LTE, etc.) in the last mile, and assure high availability with good connectivity to different cloud providers in the middle mile.
Context-aware security – The solution should apply the same degree of security policy automation, along with virtualized security appliances, that has traditionally been found only in on-premises deployments.
Application aware networking – The solution should choose the best path according to cost or performance between each site and each individual cloud resource, with compliance to business policies and with a service level agreement in place.
How To Start
There are a lot of different reasons to implement a multi-cloud strategy, and a lot of different ways to do so. However, implementation today is still far from being easy, and performance is far from being perfect. When it comes to multi-cloud, there is no one size fits all solution, and enterprise IT must also consider organizational and cultural changes to foster a DevOps approach that supports the success of the initiative. When researching available options for multi-cloud, a good place to start is reviewing the offerings available from third generation SD WAN providers. While there is no universally accepted set of criteria for what qualifies as “third generation”, the common thread is that the provider has unified the network and security stacks in the cloud. Adopters should also carefully consider the alternatives offered by public and private cloud overlay networks, like Teridion, for acceleration of traffic from the branch and between cloud providers.