By Trevor Patch, Principal Architect for Cloud Adoption
We have defined three high level cloud roadmap categories that organizations fit into. Organizational maturity often determines their initial cloud roadmap, and ultimately the solution that best meets the requirements. The key to a successful, and secure multi-cloud solution is sliding scale based on the gravity of workload placement between on-premises or cloud (see illustration below). Additionally, a major contributor to successful security & agility is operational consistency across environments through DevOps processes (DevNetOps/DevSecOps), and Infrastructure as Code (IaC). DevOps CI/CD pipelines are inherently more secure for software teams, and infrastructure teams as the pipeline automation consistently executes the desired unit testing, such as security scans, for every iteration of code.
Data Center With Public Cloud Burstable Environment
A public cloud burstable environment is an expansion of an organization’s data center. This hybrid cloud design iteration’s workload placement remains firmly over the on-prem data center, co-location, or private cloud. The public cloud environment is a temporary expansion location, as capacity is exhausted at the data center. Most organizations do not invest their capital into assets that would remain on the shelf for a seasonal event like “Black Friday” or “Open Enrollment.” However, assuming the spare capacity existed, organizations face the hurdle of mobilizing those assets in an agile manner that meets demand.
Due to the scale of public cloud infrastructure being less than 10%, organizations often deploy a fully cloud native solution through native network hubs, and complex web of IPSEC tunnels between clouds through native gateways offered by the vendor. From an infrastructure perspective, the design often means the public cloud has logically disparate networks and segmentation functions.
From our experience, organizations are challenged with the operational monitoring of applications and associated infrastructure. Presidio Federal’s services have worked with OEMs like F5, Cisco, and Splunk to build those monitoring triggers for launching the equally complex provisioning automation pipeline; followed by the redirection of traffic flows to the temporary environment. The cloud operational models between private and any public cloud often have different terminology, constructs, and overall operating models. These differences lead to failure in capturing of agile value through unnecessary complexity, and often fail to meet governing compliance/regulatory cybersecurity requirements through lack of consistency.
Our cloud burstable recommendation for solutioning is remaining cloud native. However, an organization should stretch their on-premises operating model overtop of the cloud native constructs with an OEM, such as Cisco Systems or Arista Networks. Products, such as the Cisco ACI Cloud APIC or Arista Cloud Vision Platform, have the capability of orchestrating the small footprint cloud native and removing the learning curve to many cloud and container environments.
Hybrid Multi-Cloud First Environments
Mature organizations often adopt a “cloud-first” policy and begin to forklift assets into CSPs. “Cloud-first” organizations contain the potential in their roadmap of having a significant number (greater than 10%) of workloads still located on-premises within a data center and/or co-location. Furthermore, they need a long-term transitionary architecture that unifies their operating model throughout the process to maintain steady state and remain within compliance. Hybrid multi-cloud infrastructures are inherently more complex compared to smaller cloud burstable hybrid cloud designs. Organizations significantly increase complexity when historically justified requirements remain cloud-native in their deployments. Cloud native hubs come with a quota limit that increases the potential blast radius for infrastructure modification, which often are human error prone due to every cloud native hub being mostly different. The requirements continue to drive the market from an architectural and operational model for traditional OEMs to the production of cloud native solutions that complement their on-premises counterparts. This is due to the lack of a unified solution across multiple cloud environments lessening the value proposition of going multi-cloud.
The challenges organizations face in a hybrid multi-cloud first environment is selecting a solution or a set of solutions that meet all their applications’ SLAs, cyber-security compliance requirements, and fits operational culture. As organization’s evaluate solutions from their traditional OEM vendors for cloud solutioning; They often find that most OEMs check some boxes in terms of operation consistency, high performance encryption throughput, integration of firewalls/load balancers, or integration for coordinating segmentation cloud-natively or container-natively. However, these same OEMs can leave much to be desired, unchecked, in the same criteria.
Digitally Transformed Multi-Cloud Environments
An organization running a fully digitally transformed multi-cloud environment with minimal technical debt are most often newer organizations that started in the cloud. Many mature organizations are setting goals to relieve all their technical debt and become fully cloud native. For mature organizations, the transition for infrastructure teams can be challenging as their operating model with their traditional OEM may not suffice. Traditional OEMs have the capability of orchestrating and automating the deployment of the virtual network container MOs, their virtual appliance, establishing routing adjacency with route exchanges, and even achieving micro-segmentation through AWS security groups or Azure network security groups. Many of the OEMs offer great topology views & insights. They all have some form of public repository containing software kits (Python/Golang), Terraform modules, and/or Ansible playbooks.
Read the other sections of this article:
Part 1: Background on the Need for Multi-Cloud
Part 2: Networking: A Brief History
Part 3: The Move to Zero Trust
Part 4: Public Cloud Network Topologies
Pure is redefining the storage experience and empowering innovators by simplifying how people consume and interact with data. Pure is delivering a modern data experience—empowering agencies to run their operations as a true, automated, storage as-a-service model seamlessly across all clouds
Our team doesn’t disappear after delivery. Your federal workforce and systems will be supported with the right level of resourcing and thought leadership to take your systems into the future.
We leverage the knowledge and experience of our extensive partner ecosystem to create an environment of collaborative efficiency. The teaming process is agile, accountable and transparent. We work with clients to make sure that their entire chain of command is well-informed and educated. No surprises, only mission-driven delivery of innovation.
Our solutions leverage proven Knowledge Centers to repurpose relevant past experience for efficiency, but are then customized to match the moment and unique circumstances of an agency customer. We bring the right partners to the table to collaborate around architecture and design and then innovate beyond the challenge; often introducing next-level opportunities for automation, collaboration and commerce. Our solutions address those modernization challenges that require breadth, depth and a level of technical thought leadership that comes with a team that has worked both inside and outside government. We often work with agency customers as they are thinking through a problem and arm them with the tools and knowledge to articulate project scope, timing and budget.
We are wholly mission-focused, providing our government clients with broad and deep technical expertise and independent perspective on leading technology solutions. We take the time to deeply understand client challenges from the start – as well as their definitions of success. We guide them in harnessing advances in emerging technology while also looking ahead to anticipate future applications and opportunities that are entrepreneurial, ripe for automation.