Hybrid Cloud Expert Lists Top Do's and Don'ts
Looking for guidance on how to get started with hybrid cloud computing in order to maximize the benefits of mixed public cloud/on-premises environments?
Industry expert Dave Kawula provided just that in an online summit held by Virtualization & Cloud Review titled "Expert's Top 10 Hybrid Cloud Do's and Don'ts."
Kawula, managing principal consultant at TriCon Elite Consulting, shared 10 do's and 10 don'ts in his summit presentation, which was one of three. To give you a taste of his expert insights, his remarks about the top three do's follow below.
Manage Through a Single Pane of Glass
"We always look for the kind of the utopia of trying to manage our infrastructure through a single pane of glass," Kawula said. "We've been talking about this for years in the IT industry, that we want to cut down on the amount of ancillary tools that are required to manage the solutions. And we've been trying to get to this place of a single pane of glass for for absolutely what feels like forever. And depending on the type of hybrid cloud solution that you're looking at for your organization, this may or may not be a reality for you."
One reality is Azure Stack HCI, a hyperconverged infrastructure (HCI) OS delivered as an Azure service.
"That is the really true single pane of glass from Microsoft's perspective," Kawula said. "You can now provision workloads directly from our Azure Portal directly to our on-prem infrastructure, as well as our Azure public cloud. And this unified experience, being able to manage this infrastructure, is so important for our infrastructure engineers, and administrators and cloud administrators. Because now we can actually learn a single set of tooling for looking after this long term. So I have to say that this really isn't necessarily utopia anymore, it is very possible depending on the solution that you're looking at.
"And if you're looking at other solutions that are out there, this is kind of the goal that we have to get to because I've lived in the space of hybrid cloud for probably the better part of the last 10 years. And so I've seen this grow up right from its inception to where we are today. And it can be a very painful process if you have to go troubleshoot something and you're into five, six, seven different tools. So you want to make sure that this is a high priority when you're looking at your hybrid cloud solutions available to you. And you definitely want to check out Microsoft's new dedicated SKU for Azure Stack HCI for your hybrid infrastructure, because that's gonna give you some great options."
Standardize Processes and Procedures
"We need to make sure that we standardize the processes and procedures that we have for our infrastructure teams," Kawula said. "Because when we build hybrid cloud infrastructure, the processes that we follow for on-prem infrastructure aren't necessarily going to directly map over to a full public clouds configuration. And if you don't have that fully seamless, single pane of glass, you're going to have to map over and kind of merge two sets of processes, because your infrastructure team way of doing things when they go through change control -- or they have to make configuration changes -- is going to be potentially different for them."
Standardize Disaster Recovery Plans: "I've given a lot of talks over the last couple of years on disaster recovery, disaster preparedness and ransomware prevention. And this is one that's really important to me. Because when we look at the configuration between on-prem hybrid infrastructure and full public cloud, and merging those together and having kind of a unified environment through a true hybrid cloud, DR may be slightly different from a cloud perspective."
Standardize Cyber Incident Plans: "The next one is along that same discussion topic as ransomware and cyber protection that you have to have for your infrastructure. Traditional DR plans are not the same as a cyber incident plan.
"A ransomware attack for your organization is not the same as traditional DR; it's not like you just press the big button and get yourself out of it."
Dave Kawula, managing principal consultant, TriCon Elite Consulting
"A ransomware attack for your organization is not the same as traditional DR; it's not like you just press the big button and get yourself out of it. So you want to make sure that you also have a sidecar cyber incident plan available for both your on-prem infrastructure as well as your public cloud infrastructure. And the hybrid glue that bonds those together is that, how are we going to survive one of those incidents and what does it look like. And part of that standardization is also testing and validation. We do want to make sure that we validate that those plans are viable for us."
"In today's day and age, security has never been more important for our infrastructure. And so I've been talking about this for probably two years straight now, about the role of IT administrators, IT engineers and anyone on our team. This is how it goes, is that our IT security, our sec ops team, includes everyone inside of your organization from IT's perspective, as well as all of the users. We all have to be unified and having an understanding as to what this looks like. Primarily, we don't just throw things over the fence anymore. And we don't just say, 'hey, security team, you know, we've got an incident, go take care of it.' No, we have to have a unified effort to securing and walking down this infrastructure through vulnerability assessments through infrastructure audits Do security audits, pen testing -- this has never been more important for you to look after your infrastructure.
"And when we do this, from a hybrid perspective, don't just assume that because some system is in the public cloud that it is more secure than what it is in their on-prem infrastructure. That's not true. You have to secure those workloads the same way that you have to secure your on-prem infrastructure. And you have to look at this cybersecurity initiative, organizationally as a whole. And it starts right from the top down, from your CSO all the way down to the end users. And this has to be a focus for your organizations that are out there. Because taking the security posture of, 'well, it's not going to happen to us, it only happened to the neighbors next door and the next building over or the sister companies or your business partners, it's never going to happen to us.'
But that's not the right approach, we have to take a very-much-so proactive approach, because you don't want to be caught in an unprepared state in regards to cyber security. So from a hybrid cloud perspective, make sure that security is a very, very high priority for you. And making sure that both on your on-prem side, as well as in the public cloud side, that things are secured and things are buttoned up. You have to assign separate roles, hire some staff to look after these, because it's that important to make sure that that your security posture is taken care of."
Of course, Kawula went into much more detail about all of the above and then went on to discuss the seven remaining do's:
Look for cloud native solution for new applications
- How easy is it to customize applications in the public cloud vs. private
- Check for vendor support for either public or private cloud
Always investigate integration options for your applications
- Hybrid cloud access
- Single Sign-On support
- Multi-Factor Auth
Do try out add-on features
- With thousands of options in your public cloud tenant, test them out
- Leverage machine learning, threat hunting, security AI
Train support team on new technologies
- Do assume that they need to learn new knowledge domains
Ensure you have a cyber security audit
- Review findings and apply both private and public clouds
- Be adaptive; the cyber security landscape changes FAST
- Do ask your vendors such as Microsoft for help
and his top 10 don'ts:
Don't let knowledge silos slow progress
- Individual application owners might have little motivation to change technology platforms
Don't treat public cloud the same as private cloud
- Each has their own benefits and drawbacks
Don't neglect the unique operational considerations of a hybrid cloud
- It doesn't just run itself after Next, Next, Finish
- Build operational guides for daily, weekly, monthly tasks
Don't place all workloads in the public cloud
- Some workloads belong on-prem
- Chasing this unicorn will result in project failure
- Acceptance of where workloads belong
Don't start with the biggest workloads and applications
- Start small gaining confidence and skills necessary for bigger migrations
- This will give key flight time and knowledge required
Don't reinvent the wheel
- Public cloud vendors have published blueprints for HIPPA, NIST, etc.
- Start in a certified state instead of trying to always get there
Don't recreate standards
- Try to move forward with what works on-prem when moving up to the cloud
- Tweak your policies but you don't necessarily need to reinvent them
Don't forget to enable CMBD (Configuration Management Database)
- It is available by default in Azure
- It just needs to be configured
Don't assume that just because it is in the public cloud that it is secure
- You need to secure systems in the same way as on-prem
- Secure, validate, test
Don't forget to get your cloud certifications
- Cloud certifications lead to some of the highest paying jobs in our industry right now
To see and hear Kawula flesh out all of the above items in detail, the free presentation is available on demand here, along with replays of the other two sessions, slides used by all the presenters and other resources.
Security in general is a focal point of Virtualization & Cloud Review online summits, as shown in the upcoming schedule of live events coming in the next few weeks:
David Ramel is an editor and writer for Converge360.