Maturing Your Multi-Cloud Strategy Starts with the Network
Using software-defined technologies can smooth the journey.
Networking and security in the cloud era is teeming with new opportunities, new challenges, and of course the potential for new disasters. Consider the possibility of corporate data stored in a cloud that traverses only public networks where you have zero visibility. If a data breach occurs, who is responsible? One approach could be to say "I can't protect what I can't see or control, yet people are pointing fingers at me! I'm the victim here!" In all seriousness, it ultimately is the job of IT to protect, secure and ensure availability of applications and content residing in datacenters we don't own, traversing networks we don't own, and accessed by devices we don't own. This is the new world in which IT operates.
Last month I wrote and blogged about the challenges we face operating in a multi-cloud world. This new world leaves you with two choices: stand by and accept the multi-cloud world as it is, or architect a solution that provides the visibility, availability, security and assurances that organizations require, and helps centrally manage networking and security across clouds.
A software-defined, multi-cloud network fabric can become the foundation on which many multi-cloud security and management services are built. One key benefit to a distributed, virtualized multi-cloud network is that you can easily move workloads from a datacenter to a public cloud or between clouds, and preserve existing network and security settings.
Enforcing security policy and firewall rules in a new cloud could take anywhere from days to weeks, especially if new tools, APIs and processes must be learned. When those rules stay with the application container, such as a VM, no modifications are necessary. The containerization movement is all about simple, dynamic application portability. But that's only effective if operational barriers such as networking and security are equally as portable.
As with most operational innovations, a market has to evolve before the ecosystem of solutions catches up. In the case of multi-cloud networking, compelling solutions are now beginning to emerge. As you look to architect for multi-cloud operations, consider the following:
- Is support planned for all of your strategic providers? That may include local datacenters, private clouds and public cloud providers of choice.
- Centralized management and control planes: Are the management and control planes distributed, highly available, and assessable via open, well-documented APIs? Is management offered via SaaS?
- Data plane: Is the data plane managed by an independent control plane? Are open technologies such as Open vSwitch leveraged? Are Windows and Linux VMs and containers supported?
- Encryption: Can the solution encrypt data in motion and data at rest within or between clouds, as well as to individual applications such as a mobile application?
- Network services: Are core network services such as load balancing, VPN, DHCP and routing supported?
- Security: Are firewall rulesets, security groups and rules consistent across clouds?
- Service chaining: What network services are supported (e.g., NAT, load balancing, firewall, intrusion prevention) and how broad is the supported third-party ecosystem?
There is plenty to consider, and the path ahead can be daunting. That said, this isn't a path where you can simply leap forward to the end. Get SDN and network virtualization technologies in your lab now. Move some production applications to the virtual network fabric and gain experience operationalizing what is fundamentally a revolutionary technology. We have a long way to go on our multi-cloud evolution, but when it comes to modernizing networking and security, there's no time like the present.
Chris Wolf is VMware's CTO, Global Field and Industry.