Hybrid Cloud Deep Dive: Hybrid-Cloud Networking
Cloud Services Gateways and their relevance in a Hybrid-cloud world
Hi Again – Previously we have discussed the hybrid-cloud capabilities that can be utilised as extensions of existing on premises or colocation private cloud deployments. This also included the specific scenario where the existing infrastructure footprint was physically located within a Macquarie Cloud Services colocation facility. Today let’s talk about hybrid-cloud networking, something that was touched on in those articles, because there is no cloud without a network (well if there is, it’s going to be pretty secure).
Having worked with a number of our clients and prospects finding the right blend of cloud-based products and services to incorporate into the larger technology solution, the following considerations are critical.
I will also make the assumption at this point that you have a valid reason to be using cloud products. There’s no point building a road to a destination no-one visits.
The true backbone and facilitator of cloud. To a large extent one could argue that internet is all you need for hybrid-cloud networking. The main downside however is cost. Especially in Australia internet is still really expensive (we can put that down to our physical location “down under”).
Because of this, the trick with internet is to use it as little as possible to optimise costs. Outside of carriage itself, building highly resilient multi site networks is expensive in the context of networking and security infrastructure. That’s one of the reasons cloud services are so appealing. You don’t have to worry about scaling the cloud-side core infrastructure, that’s their problem. You just need to ensure you get your users there as quickly and efficiently as possible.
Flexibility and cost
Some use cases are short term and others become part of the longer term technology estate. This means that ideally you can have the best of both worlds to simplify the choices for either scenario.
As it turns out this is something you can expect. Internet services and non-traditional network providers, many with native SD-WAN implementations mean that not only can your contracts be flexible in the context of term, but the underlying technology is capable of rapid scale up or down. This can facilitate more transient, project based requirements or in some cases massive fluctuations in throughput requirements that may be caused by expected or unexpected circumstances. This could be everything from a marketing campaign driving unusually high web traffic to e-commerce systems or events such as natural disasters (thinking back to last summers’ bushfires) where hundreds of thousands of households and businesses are dependent on online information and alerting. Even more commonly, but not as frequently, massive customer data migrations have a huge networking requirement as workloads are shifted between clouds.
Rapidly scalable, hybrid-cloud networking has a huge role to play here, especially where workloads between cloud providers and software as a service providers are critical to the end to end system capability.
Hybrid-Cloud adoption and Networking Skills
Something I often find a little surprising is how few people working in the technology industry understand networking really well. To some extent this problem has been simplified by the way products are packaged up these days.
But that doesn’t mean it’s a simple problem to solve in the bigger context. A massive swing towards SaaS, PaaS and hosted workloads has simplified the user/consumer side of the equation but has pushed the complexities to the cloud and network providers as they manage ever growing volumes of traffic riddled with ever evolving security threats and challenges.
To that point, where you are implementing hybrid-cloud you really need to have a clear understanding of how to reduce risk, maintain performance and set yourself up for success both technically and commercially.
It still plays well to reduce your attack surface wherever possible, the art is not letting that erode the flexibility of cloud.
Security and Resilience
This is an enormous consideration for so many reasons, and increasingly there is more scrutiny on the security aspect of networking (and everything else) than ever before.
The idea of solely perimeter based security is a thing of the past. As hybrid-cloud adoption has become the norm, we have had to find ways consolidate a security management and monitoring capability across multiple, often greatly varied infrastructure stacks.
This means that all deployments need to be thought through and implemented with a security conscious mindset. In doing so, you are well served to establish foundational networking capabilities, quite possibly at very low bandwidths (and subsequently very low costs) that can be scaled up when needed rather than provisioned and configured (think complex FW rulesets) when needed (that all takes time).
Many times I have implemented a tertiary network service for a client as part of a deployment that was deemed unnecessary at the time, only for this addition to save the day when their primary (and in some cases secondary) network paths suffered outages (yes, we allow BYO WAN and Internet deployments where customers have existing incumbent network providers).
What this avoids though is a huge change control mess in the heat of battle. These services are already deployed, configured (and secured) and documented. They just weren’t active during BAU.
Evolution of the WAN
Wide area networks have been going through their own evolution over the last decade based largely on cloud adoption. In our experience we’ve seen 80% of traffic now being bound for the internet (in contrast to the corporate network – think back to core applications sitting in-house) networks have changed to accommodate this. Rather than aggregating all internet bound traffic via a WAN and then through head office or datacentre firewalls, networks are more web centric now offering more direct paths to SaaS and PaaS providers.
The success of this deployment model is based on centralised access policy management allowing network administrators to have granular controls and visibility of traffic flows, balancing end user experience and security. This is something our wider Macquarie Telecom business unit has been rolling out via their SD-WAN offering over the past few years. We now have the largest managed SD-WAN install base in APAC, with 6,000 sites deployed. As you would expect, that means we’ve been busy productising and implementing SD-WAN virtual appliances across our cloud services product portfolios to provide end to end policy management and network flow optimisation across your hybrid-cloud estate.
For all of the reasons above, and more, MCS has developed a range of networking products including our Cloud Services Gateway (CSG) portfolio to facilitate business grade hybrid-cloud networking capabilities.
Let our networking product development make your hybrid cloud adoption affordable, secure and flexible enough to help you solve problems, not create them.