ra2 studio - Fotolia
For most enterprises, it's no longer a question of if, but when, they will begin to shift a portion of their workloads to the cloud. For Adobe Systems, that migration has meant a journey to a multi-cloud architecture that began two years ago.
When Adobe realized its developers were working on code in the Amazon Web Services (AWS) public cloud but also keeping workloads in a private cloud, the creative content, design and marketing software company had no good way to interconnect the two platforms. That's when Adobe decided to build its own routing fabric to connect AWS virtual private clouds in the public cloud space.
The result was a multi-cloud architecture that created a seamless environment for both Adobe's developers and Adobe Marketing Cloud customers, who use the cloud to develop and manage marketing content, said Matt McBride, senior manager of network services at Adobe. "If we're having issues in the data center, the [digital marketing] app is agile and highly available and living in a multi-cloud world." (For more information on Adobe's efforts, see The Subnet.)
More and more enterprises are migrating workloads to the cloud, according to Uptime Institute, an advisory and standards development group headquartered in Seattle. In its "2017 Data Center Industry" survey with more than 1,000 respondents, Uptime said 67% reported workloads that previously resided in their own data centers now are in the cloud. Larger organizations are 10% more likely to deploy to the cloud than smaller enterprises.
That growth has sparked interest in developing a multi-cloud architecture resilient enough to permit companies to work seamlessly across many different cloud providers, distributing services and workloads for optimized performance. To that end, enterprises are considering how that migration may affect a host of networking strategies, among them security, management and provisioning. Yet the answers -- ironically, perhaps -- are still up in the cloud.
Multi-cloud architecture still misunderstood
The confusion about how to achieve an optimal multi-cloud strategy, according to Eric Hanselman, chief analyst with New York City-based 451 Research, is due in part to the fact that the networking options needed to build a multi-cloud architecture are still not well understood.
Enterprises have a number of choices when networking for the cloud: a public internet connection, a private connection like MPLS or a hybrid of the two.
Public connections rely on encrypted VPNs among clouds; a VPN could link a company's data center to cloud resources spun up on AWS or Google Cloud, for example. Or a VPN could stitch together services running in one cloud to those running in another. Private connections use direct connections or connect clouds through a cloud exchange. Hybrid connections can also be networked through cloud exchange providers like Equinix Cloud Exchange or by going through data center exchanges like AT&T NetBond or Verizon Secure Cloud Interconnect. In data center exchanges, enterprises lease a port on a service provider's router in the data center and have a direct connection pulled from that to a cloud service provider router.
"What's likely to become faster and easier is setting up the multi-cloud infrastructure as cloud management platforms take up the burden of generating any and all virtual/public connectivity," said John Burke, CIO and principal analyst at Nemertes Research Group Inc. in Mokena, Ill. Burke added that if the work-order process for private direct connectivity gets fully automated, private connections could get easier as well.
True multi-cloud architecture also means having the ability to distribute a single business function across multiple cloud platforms, as well as having the policy controls in place to automate it and manage performance, Hanselman said. Realistically, when most enterprises today say they have a hybrid cloud, they mean they have a VPN connection from AWS back to their environment.
But having that full multi-cloud approach "really requires you have performative, predictive interconnection among all those environments," Hanselman said.
Five years ago, enterprises were turning to the public cloud because their own legacy infrastructure wasn't prepared to handle similar capabilities in-house, said Mark Harris, vice president of Uptime. It was easier to turn to AWS, which was extensive, supportable and cookie-cutter.
Over time, CIOs wanted infrastructure like AWS' in their own IT departments. As the private cloud developed alongside the more mature public cloud, companies have been able to get the best of both worlds to create a scalable, more nimble cloud model, Harris said.
Enterprises are embarking on this multi-cloud architecture because it works well with data analytics to identify where workloads are. "Now you can make decisions on blending the two to optimize the costs of business and delivery services," Harris said.
Agility: Ground zero for Adobe's cloud
The key to Adobe's multi-cloud architecture routing system, which it uses in conjunction with AWS' Direct Connect service, is what the company calls "multi-cloud transport." The virtual private cloud (VPC) -- essentially a data center running in AWS -- hosts all computing, storage, security, identity management resources and related features. Hundreds of such VPCs can exist within a network. But without a native application from AWS to allow the VPCs to move information, Adobe would be spending countless hours connecting each one individually, McBride said.
To permit the separate VPCs to communicate, Adobe developed a virtual routing fabric -- based on Cisco's Cloud Services Router 1000V series -- to provide VPC transit using a hub-and-spoke topology. "This allows multiple VPCs to share data and workloads while enforcing security and applying routing policy in the hub," McBride said.
Adobe used a similar hub-and-spoke approach to construct a multi-cloud infrastructure to connect with Microsoft Azure VNet. "The clouds are a little different, but we re-engineered that," and now Adobe's delivering services to end users via Azure, McBride said.
Building the routing fabric to interconnect the virtual environment was easier with AWS than Azure, McBride said, because of the maturity of the platform. But at the same time, Azure's approach was better for Adobe in some ways because Microsoft has more of its networking technologies in its cloud platform, and from a networking perspective, it's better than the AWS approach, he added.
Indeed, enterprises will have to be flexible as they sketch out their multi-cloud architecture strategies. "It's creating this interesting shift for a lot of companies," McBride, said, adding that vendors and cloud providers have to retool their platforms to make it easier for enterprises to work in a multi-cloud environment. "Everyone really has to be thinking about how to re-engineer things to work in the different worlds."
To that end, Adobe is seeing the industry move toward software-based routing and open source technologies as viable options for connecting to multiple cloud providers.
Integrating the multi-cloud
Whatever approach enterprises decide to take with their multi-cloud architecture strategies, they must understand how to integrate the platforms, Nemertes' Burke said. Otherwise, companies may find themselves mired in costly technologies with little awareness of how to maintain control.
Cloud platforms vary widely -- ranging from software as a service and platform as a service to infrastructure as a service (IaaS) -- according to Nemertes' "2017-18 Cloud and Network Benchmark" report. Half of the respondents reported use of IaaS -- a multi-cloud approach.
The use of cloud platforms is growing, Burke said. "It's a question of how much, and for [enterprises], how they're taking advantage of those platforms."
Visibility into multiple clouds is another issue that needs to be sorted out, said Hanselman at 451 Research. "Too often, network performance is presumed to be sufficient, unless something breaks. Enterprises have to know what their current use is and how well it's performing. That can help them understand trends and plan capacity."
That becomes more complicated if there are multiple cloud providers, particularly for SaaS deployments. "Full application offerings may not provide network statistics," he said. "That can require monitoring tools to check availability and performance. You don't want a failure to be the first indication that you've reached a capacity limit."
In the meantime, savings resulting from hybrid cloud are far from being guaranteed. "Unless people rethink how they're architecting their solution, when they migrate it into cloud they're likely to pay more," said Burke. "You'll only see significant and ongoing savings if you restructure what you're doing -- if you take advantage of what cloud can do that most data centers can't."
Adobe's McBride agreed. The company didn't take the plunge into cloud for the savings. "In my opinion, Adobe is going to see a sticker shock at some point and see public cloud is 'X' more expensive than running it on our own data centers," he said. But network migration to the cloud is a must, he added because the advantage of seamlessly moving workloads among public and private clouds is lower latency and getting the data closer to the customer. That's better achieved through a multi-cloud architecture.
"Ultimately, it's about the end users," McBride added. "They just want their services up. It doesn't matter to the end user where it lives, as long as it's up, it's available and it functions as it's supposed to."
Now that your enterprise has decided to move data off the group and into the cloud, how can you determine which cloud platform if the right one?
With many cloud providers in the mix, API management can get complicated. Learn how to build an effective API management system for multicloud.
Looking to move a network hybrid cloud architecture? Fortunately, problems are easy to avoid -- if you plan ahead.
- Cloud App Networking Trends –NetFoundry
- 5 Network Metrics For Evaluating Network Performance In The Cloud –AppNeta
- Tips for your Cloud Network Migration –NetFoundry
- Check the network before moving to the cloud –SearchSecurity.com