Hybrid cloud connectivity best practices and considerations
Private and public clouds stress networks in different ways and don't always play well together. Here's what to know to set up a cost-effective hybrid cloud network architecture.
Whether it's a LAN that supports a private or public cloud -- or the vast global WAN that supports a hybrid cloud -- network connectivity drives cloud resources and services.
Cloud architects must evaluate the capabilities, configurations and corresponding costs of LAN and WAN connectivity to ensure adequate, reliable and cost-effective hybrid cloud strategy and deployment.
Review the key elements of hybrid cloud connectivity and explore parameters and best practices to secure your connection.
What are the key elements of hybrid cloud connectivity?
There are three principal areas of concern in hybrid cloud connectivity: LAN, WAN and the public cloud provider.
LAN
An existing private corporate network is rarely enough to support a private cloud over the long term. Cloud resources must be available on demand, but IT teams cannot easily predict usage patterns and load levels in this model. Network bottlenecks can emerge as users carve out resources.
From a physical standpoint, the portion of a LAN committed to a private cloud must be evaluated and upgraded to support scalability and flexibility. This might include redundant switches, multiple WAN gateways and ample bandwidth to handle peak workload demands. Strategic traffic monitoring should help identify bottlenecks and justify upgrades or architectural changes.
This article is part of
What is hybrid cloud? The ultimate guide
WAN
The easiest way to connect a private cloud to one or more public clouds is through the internet. Although ISPs offer tremendous bandwidth at manageable prices, the internet is subject to disruptions and congestion. In addition, it can expose unencrypted network traffic to security threats.
To address these issues, keep an application and its data in the same place, whether that's in the public cloud or on premises. Also, consider the value of a dedicated WAN connection between a private cloud and the public cloud provider. AWS, Microsoft and Google each support dedicated connection services.
Public cloud
Although an organization can't augment or change a cloud provider's LAN, it is still crucial to consider the implementation of provider-side cloud services.
Services and actions in the public cloud, such as creating virtual private clouds (VPCs) and subnets, are often incorporated into automated policies and workflows. This effectively treats the public cloud as an extension of the private cloud. It is critical to develop and maintain this consistency to maintain smooth and secure workflows and interoperability between private and public clouds in a hybrid cloud environment.
Hybrid cloud connectivity considerations and prerequisites
To establish and maintain a connection between a private and public cloud, you need to understand network requirements around data volume, speed, security and performance. Consider the following five key parameters.
Bandwidth
This is, typically, the most common parameter involved in connectivity. Ideally, it represents the volume of data a network connection can handle over time, usually measured in gigabits per second. Consequently, an enterprise's WAN bandwidth needs are influenced by the amount of traffic that must flow between private and public clouds.
Data-intensive workloads and multiple applications that simultaneously share available bandwidth can drive higher traffic volumes. In general, start an enterprise hybrid cloud with a modest, low-cost bandwidth connection and scale up as needed.
Latency
This represents the measurable delay from when a packet is sent to when it is received. As latency increases, the apparent responsiveness of an application decreases. This is undesirable for user satisfaction and time-sensitive tasks, such as IoT data processing.
The main factors that influence latency are the physical distance between endpoints, and all of the switches, routers, gateways and other network appliances that interact with a packet. To reduce the latency of a hybrid cloud connection, minimize the distance between clouds. For example, connect the private cloud to the closest public cloud region and employ a dedicated connection that minimizes the amount of networking gear between sites.
Availability
If the network connection is down, a hybrid cloud is at best impaired, but more likely, whatever is on the public cloud is unavailable -- data, applications or both. A single point of failure introduces risk, and single connection between a private and public cloud cannot provide 100% availability. For example, 99.95% availability equates to 21.91 minutes of downtime per month.
Evaluate the availability and reliability of your connections, as well as the guaranteed uptime in your provider's service-level agreement. To enhance availability, establish redundant connectivity to avoid single points of failure.
Security
Although security is not a physical network characteristic, you must evaluate its role in network traffic. For example, as a general rule, you should encrypt application data both at rest and in transit -- and always encrypt command, control and configuration data. Use common technologies, such as SSL or TLS to prevent snooping and interception. Try to locate data in the same place as the application to minimize data transfers between private and public cloud infrastructures.
Costs
A dedicated connection through a major regional ISP, such as Verizon or AT&T, can be expensive. Costs can also surge for high-bandwidth connections, especially redundant connections.
Network costs can make hybrid cloud cost prohibitive. For example, data ingress is basically free with most cloud providers. However, data egress can prove expensive, depending on the amount of data access and volume of data that is actually moved. To mitigate this, architect your applications to minimize data egress and movement across public cloud regions.
What are hybrid cloud connectivity best practices?
No two hybrid cloud architectures are the same. Each implementation depends upon a business' specific needs and budget. Still, these best practices can set up hybrid cloud connectivity without breaking the bank.
Understand the data. Only move the minimum amount of an application's data into the cloud. Identify the correct data, secure it for flight across the network and ensure ongoing adherence to regulatory compliance requirements. Maintain encryption and verify the data is physically retained in suitable public cloud regions. Other data should remain within the local data center and LAN.
Recognize network limitations. Huge data transfers into the public cloud are typically free, but they can place a huge strain on finite LAN and WAN bandwidth. Dedicated WAN connectivity can avoid the congestion that sometimes plagues public internet connectivity, but even this is often inadequate. Consider a cloud service such as AWS Snowball or Microsoft Azure Data Box to physically transfer large volumes of data to your public cloud provider.
Consider application elasticity. While cloud bursting is difficult to implement due to fundamental differences in public and private cloud architectures and services, application elasticity is a still a common hybrid cloud use case. Redirecting additional application traffic from a private cloud to a public cloud can demand additional network bandwidth and heighten latency concerns. Implement network resources and services to support concurrent application instances, data sets and load balancing between environments.
Architect the network for scalability. It's easy to connect a LAN to a WAN. But even a single network bottleneck, such as having only one on-premises network gateway, poses challenges in scalability and reliability. When you implement hybrid cloud connectivity, architect redundancy and scalability into the design to avoid single points of failure wherever possible.
Use common configuration policies. Automation drives the configuration of VPNs, VPCs, subnets and other network resources. However, you typically spin up and manage private cloud resources differently than you would in the public cloud. This can involve different policy engines and workflows to manage the same types of activities on either side of the hybrid cloud. To mitigate these issues, use common network policies and workflows to reduce errors and accelerate responses.
Many IT vendors offer services that bring a level of parity across environments, including companies with on-premises enterprise roots such as VMware and Red Hat. AWS, Microsoft and Google also have services that extend their public cloud management tools on premises.
Measure and test. Just as you monitor an application, you should employ tools to monitor network performance and availability. This will support hybrid cloud management and enable you to take remedial action based on metrics or alerts.
The effort to obtain a good view of your LAN and your public cloud environment might require a small arsenal of tools. This could include log management, application performance management, network performance management and other open source tools to piece together an end-to-end view of the hybrid cloud network.
Tools and options for hybrid cloud connectivity
There are several fundamental considerations for hybrid clouds. Top among these are to establish the connection, select a common platform and manage the connected hybrid cloud environment.
Connections. It's a simple matter to connect a private network to the internet and then use public cloud services to create a hybrid cloud. However, the potential challenges of public internet connectivity have spawned the availability of dedicated connections. Most major telecom service providers can implement dedicated WAN connections. Alternatively, public cloud providers offer dedicated connection services such as Google Cloud Interconnect, AWS Direct Connect, Azure ExpressRoute and IBM Cloud Direct Link.
Platforms. Given the potential differences between public and private cloud architectures, cloud providers now offer "unified environments" based on well-established technologies such as Kubernetes and VMware Cloud Foundation. Cloud providers also favor the use of common technology stacks that allow public cloud environments to be replicated within an on-premises infrastructure such as AWS Outposts, Azure Arc, Azure Stack and Google Anthos. In effect, businesses that adopt such common platforms also adopt the public cloud provider's infrastructure within the private cloud to establish a uniform hybrid cloud environment with common services.
Tools. Hybrid cloud management also requires the use of tools to monitor and manage private and public components including networks and services. Many public cloud tools interoperate with private cloud environments; examples include AWS CloudWatch and CloudTrail, Google Cloud Console, and Azure standard monitoring tools. There are also many third-party tools such as CloudBolt, Cloudian, Cloudify and ManageIQ, as well as management features incorporated into major stacks such as OpenStack and Apache CloudStack.
An organization must evaluate and select the connectivity, platforms and tools that are best suited to the needs of the business and its long-term hybrid cloud strategy.
