Network Evolution

Building the infrastructure for the changing face of IT


Get started Bring yourself up to speed with our introductory content.

Hybrid cloud: Who's in control when public and private clouds collide?

There's plenty of potential in unifying public and private cloud resources, but there are also hybrid cloud challenges that make the IT team question its role.

The exponential growth of hybrid cloud leaves IT shops grappling with crucial questions, including: What is the role of the enterprise network in this shared scenario? Is software-defined networking (SDN) suddenly necessary? And perhaps the trickiest of all -- when enterprise IT teams and service providers share environments, who's responsible for what?

Hybrid cloud infrastructure is defined by the U.S. National Institute of Standards and Technology as: "A composition of two or more distinct cloud infrastructures -- private, community or public -- that remain unique entities, but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting for load balancing between clouds)."

The key here is that "hybrid cloud is more than just a public cloud and a data center. Portability and the commonality of applications and data are the things that really distinguish it," said Mathew Lodge, vice president of cloud services for VMware.

On the networking front, "folks are surprised that they can really rebuild in a hybrid cloud exactly the same architecture they have in the data center -- completely in software, with complete freedom, and no requirement to reconfigure routers or physical network devices of any kind," Lodge said.

This is why we're seeing distinctions among public and private and hybrid cloud dissipate quickly. "Looking out at 2014 and beyond, nearly every enterprise network is going to be hybrid," said Dave Bartoletti, Forrester a principal analyst who serves infrastructure and operations professionals.

What can you do differently in a hybrid cloud?

The primary goal of the hybrid cloud is to move workloads from on-premises to the public cloud to take advantage of cloud scalability and cloud bursting, especially during massive computation or high-traffic situations.

One of the biggest differences between private and public cloud is how much of the stack you control -- and hybrid cloud is where control of these two clouds collides.

When building a private cloud, you own all the services and technologies that make the servers, storage and network act like a cloud. In the public cloud, you're consuming a service and don't have direct control over network or storage devices or even the physical servers in the public cloud.

"Once an application surpasses a certain demand threshold and you want to spin up a few more instances of it on, say, Amazon, the applications need to be able to behave [the same] way," said Bartoletti. "Look at the application architecture first to see if it works that way and can support that behavior, then look at how the network works underneath it."

Not many traditional enterprises are designed to cloud burst on their own, so during hybrid cloud planning, they've got to ask: What does the application need? What are we trying to do for the application? "In the cloud it really makes sense to take a workload-focused view," Bartoletti explained.

Once you determine the kinds of applications you want to move to the cloud, and what their specific storage and networking requirements are, then compare what you have internally to what's available in the public cloud. "The options are really all over the place," said Bartoletti.

There is such an abundance of options that Scott Sanchez, director of strategy for Rackspace, describes hybrid cloud as a giant crate of Legos in all shapes, sizes and colors that can be used to build your dream cloud -- as opposed to going to a toy store and picking out the one kit that comes closest to meeting your needs.

"Now you can actually assemble your best-fit solution," Sanchez said. "In the past, you had to settle for a solution that gave you maybe 60% of what you wanted. With hybrid cloud, you can get to 100% -- exactly what you want."

SDN's role in hybrid cloud

Take a look around and you'll quickly discover that SDN is playing a huge role in the hybrid cloud. In fact, you can thank SDN for enabling the richness of options available.

NTT Communications executive vice president of data center services Chris Eldredge likens SDN's optimum routing capabilities to a highway with five lanes, where if four lanes are full, SDN automatically routes you over to the fifth lane to give you improved performance. "We're seeing more requests for SDN infrastructure every day," he noted.

VMware, which offers vCloud software and its own public cloud service, uses its new SDN-based network virtualization platform, NSX, to provide the service. "As a whole, NSX essentially gives you the programmable network control and separation -- moving away from command-line to programmatic control of the network and network virtualization," said Lodge.

That's important to VMware's customers for two reasons. "First, how can they join or connect their existing data center network that's out in the cloud? In VMware's case, they can do it with our vCloud Hybrid Service," Lodge said. "The second is they want to know if they can replicate all of the things they're used to being able to do in physical networks in the cloud inside vCloud Hybrid Service. The answer is yes -- SDN and NSX technologies enable it."

Rackspace's public cloud is also driven by SDN, with OpenStack baked natively in to the past few releases. "People running our products across private and public clouds can write their applications to take advantage of this application-driven networking," said Sanchez.

But, Sanchez cautioned, "None of that means a thing if the person holding the keys to your firewall won't let you connect." In other words, shifting to an SDN model requires an adjustment to the mind-set of the new model.

This mind-set shift requires "simultaneously getting network gatekeepers comfortable with the fact that they can have a high level of security, potentially even better with SDN, but it's going to feel different," explained Sanchez. "You may need to break a little glass in the process, but you'll discover this is a good solution."

Hybrid cloud challenges: People -- and networks -- must change

The biggest challenge, from Rackspace's perspective, isn't the technology involved in hybrid cloud. "The companies who are succeeding with hybrid cloud are the ones with leaders willing to give some of this new stuff a try and not handcuff everyone to 10-year-old technology models," explained Sanchez.

On the technology side, networking is, of course, one of the biggest hybrid cloud issues for enterprises. Everyone needs to be able to connect their networks together, and in doing so, often run into challenges.

"These sorts of challenges include how to do VPN termination or how to configure DNS," explained VMware's Lodge. "What IP addresses and spaces you can use? How are you going to route the traffic? These are the frequent bumps in the road we see for hybrid cloud deployments. Customers are also often challenged when they have to completely re-architect their applications for the public cloud provider, which may operate in a different way and can have very different assumptions about infrastructure."

In terms of public cloud, Lodge pointed out that many enterprises rely on fairly sophisticated network topologies and configurations to do network isolation, which is critical to security segregation. "But this isn't included in many of the public clouds," he noted. "Most public clouds are a VM behind a firewall on the Internet; that's not enough protection because the only thing that should be able to talk to it is the application layer."

For cloud bursting, network challenges depend, in large part, upon the applications involved."In many cases, enterprises need to use the same IP address space, where the applications work," explained Lodge. "But many public clouds don't support foreign IP address spaces or any of the private network address spaces. We view being able to bring your own IP address as critical."

One related challenge VMware is addressing is enabling customers to stretch Layer 2 networks from their data center to the cloud across network domains. This "makes it look like both your VMs and data center are on the same network as far as the applications are concerned," Lodge said.

How are providers helping customers?

Nearly all cloud providers are offering some form of hybrid cloud service and various levels of support.

"Cloud providers are all trying to make it as easy as possible within a software-defined environment so customers can configure networks as needed," said Bartoletti. "They provide network services for defining IP addresses, setting up load balancers, etc., to give customers some control over how their public network operates in the cloud."

For its part, VMware is attempting to make life easier by extending its virtualized networking tools to work the same way across both public and private clouds.

And Rackspace, for example, is helping customers create the best-fit solution for their applications, workloads and business -- not just once, but rearranging them as needed, continuously, to solve their problems.

"The best way we can help customers is to encourage them to view hybrid cloud as an outcome, a mind-set much like happiness, as opposed to a product you can buy," explained Sanchez.

Is there a distinction of responsibilities in the hybrid cloud?

The short answer: No.

"The line is definitely blurred," Bartoletti said. "If you set up a virtual private cloud and connect it to your data center, you're still responsible for how the network behaves. While a traditional network administrator will probably spend a lot less time configuring network devices in the cloud, they're still responsible for quality of service for throughput, for bandwidth, and for latency issues. Those are still the responsibility of the owner of the application."

As network architect and "Ethereal Mind" blogger Greg Ferro put it, "There is no clear ownership -- it varies on a case-by-case basis."

For Infrastructure as a Service hybrid clouds, Ferro sees some demarcation because the VM container is usually clearly defined. But there are also storage and network considerations that he describes as difficult, if not impossible, to measure. "For Platform as a Service and Software as a Service hybrids, the lines are very blurred," he said. "You can measure service-level agreements around the delivery of some elements, but there are hundreds inside the stack that remain unresolved."

Determining who's responsible for what is an area that will continue to evolve with hybrid cloud, and hopefully, the line will eventually become clearly defined. In the meantime, there's a bit of trust involved in hybrid cloud. "But you should pay close attention to service-level agreements with providers and ask about any concerns up front," Bartoletti recommended.

About the author:
Sally Cole Johnson is a freelance writer based in New Hampshire. She specializes in physics, photonics, semiconductors and occasionally software-defined networking.

Article 1 of 5

Next Steps

Explore hybrid cloud computing's uses and best practices

Cloud storage options: Public vs. private vs. hybrid cloud storage

Three approaches to hybrid cloud technology

This was last published in December 2013

Dig Deeper on Cloud Networking

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

Is your organization using a hybrid cloud service? If so, have you faced any issues about who controls the public and private portions of your cloud?

Get More Network Evolution

Access to all of our back issues View All