From the magazine: Why hybrid cloud is the computing platform for the digital age
Not everything belongs in a public cloud - hybrid clouds are today the most sought after networking platforms
As many forward-thinking organisations have realised, not everything belongs in a public cloud, which is why hybrid cloud environments are today the most sought after networking platforms.
A study commissioned by Nutanix, the Enterprise Cloud Index, measured enterprise plans for adopting private, hybrid and public clouds found out that enterprises plan to increase hybrid cloud usage, with 91% stating hybrid cloud as the ideal IT model. 87% of respondents said that hybrid cloud as an IT trend is having a positive impact on their businesses, and more hybrid cloud users reported all their needs were being met (49%) compared to single public cloud users (37%).
In essence, companies are both switching on to the benefits of the public cloud – on-demand scalability, pay per use economics and so on - and, at the same time, becoming wise to the fact that not all clouds are the same. Indeed, putting all their application eggs in one basket might be counterproductive, observes Aaron White, regional director, Middle East at Nutanix.
“Most CIOs have now moved beyond simple “all on-prem” or “all cloud” strategies to realise that both are powerful tools in delivering on their IT strategies. They are opting instead for a hybrid IT approach with a real commitment to using both, on-prem and cloud,” says White.
Hybrid cloud enables businesses to build and run applications anywhere, with the freedom to deploy applications in the cloud environment optimised for apps and the business, observes Ihab Farhoud, director, systems engineering, METNA, VMware Middle East, Turkey, and North Africa. Hybrid cloud also reduces complexity with consistent policies, skills, teams, and it allows organisations to leverage their proven model and existing investments in the cloud, he adds.
Hybrid cloud can also meet complex requirements for performance and compliance, and it can run apps – where needed – to protect data and reduce latency globally, Farhoud observes.
“One of the most compelling cases for hybrid cloud for many organisations is that it reduces the risk and cost of cloud migration, as consistent infrastructure enables seamless migration between clouds without rewriting apps,” says Farhoud.
Finally, hybrid cloud opens up access to innovation from any cloud provider, allowing organisations to take advantage of cloud services from global cloud providers to modernise and enhance applications, Farhoud adds.
In an ideal world, a hybrid cloud environment should offer the best of worlds. This, however, is easier said than done, and hybrid cloud poses some challenges for businesses.
First, most enterprise applications run on-premise, and migrating them to the cloud can be tricky. By that same token, most web scale applications are built in the cloud and so migrating them on-premise can be equally difficult, observes White. “Today’s organisations cannot afford disruption or downtime, making simple and agile movement of applications across different clouds a business necessity. The data that supports these applications can be a challenge to move in a controlled and efficient manner, on-premise and cloud storage have different features and APIs, rendering the development of applications that can run seamlessly across both nearly impossible,” says White.
Budgeting and managing costs in the public cloud is still a worry for many businesses
Cloud services are priced differently from the simple fixed-price models of the traditional datacentre. Budgeting and managing costs in the public cloud is still a worry for many businesses, and there are plenty of horror stories about companies that have been saddled with huge and unexpected costs, says White.
Building an effective hybrid cloud architecture requires bridging a cloud divide that exists at the application, management and storage layers, notes Patrick Smith, EMEA Field CTO, Pure Storage. “While significant technological strides have been made toward standardising at the orchestration layer, the challenge remains at the storage layer, requiring businesses to look harder to find solutions that unify cloud and deliver a common set of data services across on-premises and cloud, enabling consistent storage capabilities, APIs, and resiliency so that applications can be built once and run anywhere in the hybrid cloud,” he explains.
Cloud platforms change the application development lifecycle. To succeed, IT teams may need to become adept at using new, emerging technologies and be able to efficiently manage cloud resources during PoC, test, staging, and production—across multiple different environments. Because hiring people with these skills is a challenge, organisations may have to re-train existing staff and supplement with consultants and professional services, says White.
The 2018 Enterprise Cloud Index conducted by Vanson Bourne commissioned by Nutanix show that IT decision makers say that finding hybrid IT talent is difficult. With clear benefits to a hybrid model, respondents say scarcity of hybrid experts is a challenge, with 54% claiming talent retention is part of the problem.
“Additionally, while technologies such as containers, microservices and APIs are helping to make apps a lot more portable, deployment, monitoring, and management capabilities are lagging behind, further compounding the skills shortage,” says White.
Storing sensitive and proprietary data in external cloud environments that aren’t fully under your control carries some risks. While public clouds provide best practices guides and case studies, organisations may still be apprehensive about moving data to the cloud. “Many datasets have been exposed simply because operators weren’t familiar with the security model and tools in a given cloud versus the on-premises security environment,” White observes.
Once data is in the cloud, companies don’t have a lot of control over where it’s physically located. “Where is data getting backed up and replicated? Who can look at it? Can someone in a different country look at it? Companies often don’t have enough controls to meet compliance objectives,” says White.
Another challenge to hybrid cloud security is that each cloud environment is different
Another challenge to hybrid cloud security is that each cloud environment is different. There’s a high cost of learning how to secure everything in each environment, White observes. “What’s more, the attack surface area for cloud providers is much larger than for a single company with an on-premises data centre — which is exactly what attackers want. While your company might not be a target for hackers, Amazon for sure is,” he adds.
The traditional disk and tape-based data protection model is failing to keep up with the demands of the cloud era, says Smith.
“At a minimum, enterprise applications that are in the cloud need the same capabilities for data protection and disaster recovery that they received in a data centre. Backups are necessary to enable customers to recover to a previous point in time should data corruption occur, and as a protection against malware and other malfeasance. As for cloud-native applications, because they are often architected to be resilient, the importance of data protection can get overlooked even though it remains a key aspect in protecting business data,” he adds.
As such, when a hybrid cloud strategy is being implemented, it may be wise to re-evaluate data protection and disaster recovery to ensure that the protection in place meets business needs. If a customer’s recovery objectives have changed, or data volumes have grown to such a degree that recovery is no longer fast enough to meet business demands or SLAs, it may be advisable to consider backing up to flash storage for accelerated recovery, Smith says.
“If backup data needs to be repurposed for other uses, object storage is a good option for long-term backup retention as it keeps data more accessible than tape and with significant data durability benefits,” he adds.
The simplest way to implement data protection based on flash and object storage is to move to flash storage that incorporates cloud data protection any time you refresh storage systems. The right flash systems make it simple to combine local snapshots with snapshots stored in the cloud, Smith explains.
Despite these challenges, hybrid cloud remains the most optimal IT environment for most businesses today.
Organisations can build private clouds on-premise or in hosted environments to deliver storage-as-a-service with the performance, availability and ease of use that every business needs and deserves, Smith says.
Additionally, businesses can run applications in on-prem or hosted environments, yet also run them seamlessly in the public cloud. “Having a single storage platform will deliver consistent storage services, resiliency and APIs ― meaning applications can be built once and then run anywhere in the hybrid cloud model,” Smith adds.
To get a grip costs, White recommends that organisations consider dynamically provisioning and decommissioning system resources based on parameters such as workload, user traffic, etc. “By dynamically optimising resource utilisation, you could bring down the operational costs dramatically. Advanced dashboards are needed that help you establish budgetary controls and track actual cost accruals against planned costs,” he adds.
"By dynamically optimising resource utilisation, you could bring down the operational costs dramatically."
“With a well-designed cloud architecture, and a comprehensive hybrid cloud management plan, you can not only keep private and public cloud costs under control, but you can also optimise your spending and completely avoid bill shock,” he says.
For security, White of Nutanix recommends three attributes towards an effective security strategy include.
First is having in place comprehensive security-any security plan has to address the network, endpoints and data. For the network, that includes protecting data in motion over the wide-area as well as data flowing between virtual machines inside a data centre, a gap that typical perimeter security solutions won’t likely address. Endpoint security should include an agentless architecture that’s simple for both end users and IT but protects against viruses, malware and intrusions. “Data should be protected according to consistent policies to ensure compliance, with a centralised encryption key management solution to ease administration,” says White.
Organisations also need to have in place sound security policies and processes. “Security policies and procedures developed over the years shouldn’t be abandoned in a hybrid cloud environment. Rather, they should be extended to include and apply to the cloud elements. “Customers share much of the responsibility for the security of their cloud workloads with their cloud provider,” he explains.
Organisations also require a unified security approach. One way to accomplish that is by using tools that can deal with data located both on-premises and with different cloud providers. Nutanix Beam, for example, provides insights into cloud compliance and security vulnerabilities in real-time, allowing IT managers to resolve potential threats before becoming business challenges.
In addition, automation is also key to a good security strategy. That kind of automation should apply not only in responding to security events but to applying security policy in the first place. The only way security really works is with a small set of policies applied centrally and then spread everywhere. Nutanix Calm, for example, is an application automation and lifecycle management platform that enables companies to create security rules when an application is initially developed, then ensures they are applied every time the application is deployed.
“Once you figure out the best way to secure an application, every time someone creates a new instance of the app, the security policies come along with it. It’s a cookie cutter approach that’s important to ensuring security is simple but effective,” White adds.
VMware’s software-based approach delivers a networking and security platform that enables customers to connect, secure and operate an end-to-end architecture to deliver services to the application wherever it may land, says Farhoud. “Our software-based approach enables cloud architects to design and build the next generation policy-driven data centre that connects, secures and automates traditional (hypervisor) as well as new microservices-based (container) applications across a range of deployment targets (data centre, cloud, etc.).”
“Our approach embeds security into the platform, compartmentalising the network through micro-segmentation, encrypting in-flight data and automatically detecting and responding to security threats. It delivers a WAN solution that provides full visibility, metrics, control and automation of all endpoints,” Farhoud adds.
When properly configured, hybrid cloud can be an effective networking environment that combines the best parts of multiple cloud deployments to fit an ever-changing and complex IT environment. It allows for leveraging the public cloud when the need arises, but without having to expose sensitive data to the public cloud. As enterprises pursue digital transformation, hybrid cloud offers a path those looking to ease into cloud migration while limiting data exposure and remaining compliant with security protocols and data sovereignty laws.