Many industry projections state that enterprises will review or adopt some sort of hybrid cloud deployment this year. But a vast majority of those enterprises remain unclear on the fundamentals of hybrid cloud computing.
In this definition, NIST supposes that vendors will create these partnerships and consumers will choose a well-defined tandem public-private combination that meets their needs. In reality, though, most enterprises develop a private cloud environment and then search for a public cloud provider that will best connect the two clouds.
In reality, most enterprises develop a private cloud environment and then search for a public cloud provider that will best connect the two clouds.
Therefore, enterprises can't necessarily use the NIST definition as a basis for evaluating available options for building an effective hybrid cloud. A better approach would be to identify functions that must be addressed as the enterprise searches for a public cloud to integrate with its existing private cloud architecture. To do this, enterprises should look at three areas: security, connectivity and portability.
The more an enterprise can extend existing best practices in these three areas into a public cloud deployment, the more it can be determined how cost-effective and functional the hybrid cloud model will be. Let's take a closer look at these functions to better understand the hybrid model.
Security. Security has been and will remain the most important consideration for any cloud computing model, and that includes hybrid cloud. Because this architecture is an extension of the private cloud, enterprise IT should try to replicate those security best practices into the public cloud. Encrypting data in transit and at rest, company ownership of server keys, access management, and operational ownership issues such as change management must be considered in hybrid cloud.
Connectivity. The connection between the public and private clouds must provide isolation in transit and at the landing spot in the public cloud to assure the confidentiality of data flow, user access and application interaction. Connectivity can range from a VPN connection to a direct WAN link between public and private cloud deployments. The direct WAN connection can be provisioned independently or arranged through an approved Internet service provider. A VPN provides IPsec isolation and encryption over the Internet. Either the VPN connection or the direct WAN link must be able to connect to a virtually or physically segmented section of the multi-tenant public cloud.
Portability. Once security and connectivity issues are addressed, portability across heterogeneous clouds can be the most time-consuming work, but can yield the most strategic advantage for an organization. Being able to transfer computing resources, data, programming languages and, ultimately, applications across clouds will help enterprise realize the actual value of hybrid cloud:
- Computing resources must provide the ability to run workloads on compatible virtualized platforms, using the OS of your choice, with enough horsepower and elasticity for applications.
- Data must flow seamlessly between two clouds in an efficient and secure manner to deliver access to elastic storage and application interoperability. Both clouds must be able to support the same data warehousing policies and storage access management schemas. If you're going to use a third-party gateway device to optimize data transfers, it must be compatible with both public and private clouds.
- IT teams must have access to the same programming languages, application programming interfaces and frameworks, allowing them to migrate existing applications or integrate to a new application in the public cloud.
About the author
With a background in managing one of the largest global financial networks, Mark Szynaka brings his network monitoring, security and ITIL best practices to the cloud. He helps enterprise IT investigate and implement cloud computing architectures -- public, private and hybrid -- using Amazon Web Services, Terremark/Verizon and Rackspace technologies.
This was first published in February 2013