Multi-Cloud Operations: Letting Go and Thinking Differently
The old ways of doing IT business are gone.
Cloud computing has ushered in an era of nearly unlimited choice for IT professionals, developers and business decision makers. For those that are used to being masters of their domain, it's a scary time. I spend a lot of time meeting with IT organizations and one phrase that I often hear is "We need to regain control." That phrase carries a lot of weight -- as well as uncertainty. Some control is good; you can't have your organization's data just anywhere, fully unprotected and ungoverned.
No More Playing it Safe
That said, it's an exercise in futility to honestly believe that an IT decision-maker can own total control of how all technology is consumed across the organization. With so many choices out there and constant pressures for speed and agility just for businesses to remain competitive, slow, safe, methodical IT just doesn't cut it anymore.
Most IT organizations are seeing some of their customers vote with their feet. When the central IT organization cannot meet their developers' and business unit leaders' requirements, those customers take their business to a public cloud service that can meet those requirements.
Rather than embark on a struggle for total control, consider a strategy of selective control and just enough management. That will require two guiding principles:
- Some management and operational functions will be decentralized
- Some members of the organization will go outside of the IT-sanctioned portal to procure new resources
Decentralization can be a scary concept, but it's often practical. For example, most organizations don't just have DBAs. Database administration is specialized such that they have Oracle DBAs or SQL DBAs, for example. Some aspects of cloud administration are specialized and provider-centric, resulting in organizations that already have Amazon and Azure specialists today.
What's On Your Network?
Understanding the administrative tasks unique to a particular provider is a key first step in forming a cloud operational strategy and identifying product and feature requirements. In addition, we can no longer pretend that any amount of corporate policy will mandate 100 percent perfect behavior.
Instead, our future solutions should be designed with the expectation that some employees will go outside of IT and independently consume cloud services for one reason or another. That means that going forward, intelligent automated discovery will become a key requirement to any multi-cloud management and operational solution.
To make some sense out of the multi-cloud operational challenge, Figure 1 provides some high level architectural components.
A cloud broker or portal is the central requirement for many organizations that I consult with. They envision a future where policy -- not people -- determine workload placement. That could include multiple public cloud IaaS or PaaS offerings, as well as internal datacenters or private clouds.
Policy, Identity, Cost Containment
Policy is critical for decision making, such as determining workload placement based on factors like cost, compliance, software licensing optimization, latency requirements between application tiers and so on. Operational management is required to ensure that appropriate service levels are being met, and even to help optimize VM or container sizes across clouds in order to reduce costs. For example, a developer may provision an extra-large sized VM, when in reality a lower cost medium-sized VM is all that a particular application requires.
Federated identity is essential to operating across multiple clouds for the sake of simplicity and consistent integration with various management tools, internal applications, reporting, and other IT or business functions.
In addition, cost management and accounting has been a source of pain for many early public cloud adopters. Some want a high level of sophistication in managing costs, such as not just understanding the cost for a particular VM size, but instead collecting cost information in terms of price-per-performance, because a small VM on one provider will not perform exactly the same as a small VM on another provider's infrastructure. Understanding public and private cloud cost and having the broker provision a workload to the best option in terms of cost is a requirement that I frequently hear.
Providing a consistent network and security fabric across multiple clouds, private data centers and extending down to individual apps (traditional, mobile, Web and so on) is a logical next step in how we look at network and security architecture and management.
Redeploying or moving workloads shouldn't require days or weeks of processing for support tickets for things like IP address changes and new firewall rules. Those configurations should simply travel with the app, regardless of where it runs. Every organization I have met with has lamented that fact that security is decentralized and that there is no consistent way to enforce network and security policy across multiple clouds.
Furthermore, concerns over data privacy remain. The capability to have encryption for both data-in-motion and data-at-rest across clouds is high on many organizations' wish lists, and many would prefer the capability to own the encryption keys to remove the ability for a service provider to read the organization's private data.
Centrally managing data, archive, backup, disaster recovery, and data migration across clouds and private resources is also problematic. We can't force a single data standard on all providers; we need to creativity manage and govern data across a variety of de-facto data storage standards.
There are a significant number of problems to solve as we look at operating and governing IT services in the cloud era. Over the next several months, I plan to dive deep into the topics that I covered in this column. What am I missing? What else is at the top of your mind as you look at operating across multiple clouds? I'd love to hear your thoughts.
Learn more about "Software-Defined Shifts: Multi-Cloud Operations and the Mythical Single Pane of Glass" on VMware Radius.
Chris Wolf is VMware's CTO, Global Field and Industry.