No one in our line of work likes to hear the phrase “massive redesign,” but if you’re part of an enterprise that isn’t planning for multicloud network architecture, it’s a phrase you better get used to. There’s no way a single cloud, let alone an on-prem solution, can support the ongoing needs of any large, competitive enterprise in this age of digital transformation.
It’s better to accept this now and begin planning accordingly than to experience the inevitable chaos as your core melts down trying to hold an aging topology together with patches. In this short post, we will go over the principal design considerations you should prioritize during this critical phase of your continuing digital transformation.
SEE: Hiring Kit: Cloud Engineer (TechRepublic Premium)
The good news is that — in addition to the inevitable long term imperative — there are substantial short term benefits to migrating to a multicloud environment, including significantly improved scalability, security, and disaster avoidance and recovery. In addition, you’ll be able to write applications once and deploy them across multiple regions and in multiple clouds. Finally, committing to a multicloud architecture will allow you to avoid vendor lock-in.
How to think about a multicloud architecture
As with any construct, the foundation is critical. In this case, your foundation is your transit network. You should ensure that it’s sufficiently high-performance and scalable, that you have end-to-end security embedded in the network and that it provides multicloud support. Your network infrastructure should not be a blocker.
Another thing you should emphasize is consistency. Whatever you build in region one, you should be able to consistently deploy the same thing in region two, or maybe in multi-cloud.
You’ll want to extend this consistency to an automation and orchestration engine which should be agnostic of the cloud. It rapidly becomes unsustainably complex when you have to use a different automation and orchestration engine for each cloud in each region. You are looking for a centralized automation and orchestration engine to make sure you can operationalize your applications and visualize your entire network with a single cloud-agnostic approach.
Next, consider availability. Things like your control plane, data plane and management plane should all be highly available.
Going hand in hand with availability is business continuity. Here, we’re talking about your applications. Applications should be resilient, and they should be available in multiple availability zones, multiple regions and multiple clouds.
One of the most common blockers I see is security. There’s a tendency to make security an afterthought or bring an old, on-prem approach to security. It’s easy to overcomplicate your environment or increase costs by bringing an old on-prem mentality to multicloud environments. Don’t backhaul everything to a customer premises with chassis-based firewalls inspecting all the traffic that will only increase latency.
As with other elements of your multicloud network, aim for consistency with your security application. The best way to achieve this is to have security embedded in your network. The advantages are numerous, including operational visibility and a zero-trust architecture, while fulfilling all your compliance requirements and giving you not just encryption, but high-performance encryption. In addition, when your users — your SREs — are logging in, you can create policy-based profiles for them, allowing them access to their own resources, and nothing else.
Service extension frameworks
Finally, you need to think about service extension frameworks. It’s naive to believe a single vendor can fulfill all of an enterprise’s requirements. It’s never the case, and it will never be the case. Your network architecture should provide you with a service extension framework so you can easily insert your services without losing any performance.
How to ensure a successful multicloud transition
At the onset of your transition to multicloud, you may find the number of considerations daunting — especially if you find yourself reacting to the demands created by business decisions over which you have little control.
One way to avoid finding yourself in an undesirable situation is to engineer a robust, cloud-agnostic approach to operationalizing your applications. First, start from the ground up with a transit network that provides enterprise-grade speed, stability and security. Then, identify and deploy cloud-agnostic tools that give you high availability single-interface management panes providing complete visibility across your entire network.
Finally, consider avoiding CSP-native services. Instead, maintain an architecture that includes service extension frameworks.
Take these considerations into account as you plan your multicloud network architecture. You’ll find your journey toward Day 2 multicloud operations will be a lot less painful than you might imagine.
Saad Mirza is Senior Director Solutions Architecture at Aviatrix, a cloud networking firm. More than 600 customers worldwide, including 63 of the Fortune 500, leverage Aviatrix and its multicloud network reference architecture to design, deploy and operate a repeatable network and security architecture that is consistent across any public cloud. Prior to Aviatrix, he held solutions architect roles at organizations including VMWare, Cisco, Brocade and BT.