For an enterprise to seriously consider adopting the hybrid cloud model, the implementation must be designed so IT pros manage it with the same veracity as an existing private cloud. Here, we examine ways to manage a hybrid cloud -- assuming that the IT teams will follow the enterprise ITIL
No matter how carefully you have selected a public cloud service and how well it matches your private cloud design, differences will inevitably exist. The greater the differences between the two clouds, the more difficult it will be to manage the two clouds as a single entity. The greatest gains will be achieved in extending, as much as possible, your existing management strategies and best practices to the hybrid cloud.
A management strategy for hybrid clouds should cover the following areas:
Configuration. IT teams must specify best practices for creating, modifying, patching and implementing a cloud installation. A version-controlled library of development and approved production images can help make configuration more effective and secure. Wherever possible, configurations should be created to run in either the public cloud or private cloud. When this isn't the case, the library system should clearly specify with which cloud the image is associated.
The greatest gains will be achieved in extending, as much as possible, your existing management strategies and best practices to the hybrid cloud.
Change control. Despite being a staple of nearly all enterprise ITIL best practices, change control seems to have been overlooked in many of the public cloud implementations. Many small IT shops look to DevOps as a way to quickly implement changes from development to production. Although the startup Software as a Service (SaaS) shop applauds this nimbleness, enterprises view it is as a dangerous shortcut that could impede adoption of the hybrid model. As enterprises agree to use a hybrid cloud model, they need to bring with them the discipline of change control in which developers submit their changes with rollback plans. Patch management will need to be completed a certain number of days from the issuance of vulnerability alerts.
Security. Hybrid cloud security includes data encryption in transit and at rest, access control policies, firewalls and network rule enforcement. The enterprise risk-management department should enforce same or similar policies across the public and private cloud. If possible, extending a method for single sign-on, such asSecurity Assertion Markup Language (SAML) or Lightweight Directory Access Protocol (LDAP), is preferred. Key encryption that is only known by enterprise IT is mandatory.
Fault monitoring. For a time, we heard cloud pundits declaring device fault monitoring was not mandatory in the public cloud. The elastic ability of resource provisioning masked underlying device failures and therefore eased the burden of stringent fault monitoring. But as recent high-profile Infrastructure as a Service (IaaS) outages have demonstrated, this is not the case. Fault and performance alerts need to be sent to the centralized manager of managers (MOM) who, in turn, opens help desk tickets. If the public cloud has a customer-facing e-commerce function, then a geographically distributed user-experience performance monitor will be required to ensure uptime.
Budgetary control. The elasticity of the cloud can be a double-edged sword regarding budgetary control. An IT pro who has inadvertently left an extra-large instance up and running without realizing it until he sees the monthly IaaS usage bill can understand this. Alerts for unused resources and alerts indicating when an IaaS or Platform as a Service (PaaS) charge exceeds a threshold will help you maintain budgetary control over cloud resources.
Eventually cloud technology will evolve enough to allow enterprises to simply extend private cloud management systems to effectively control an isolated section of the public cloud as well as the network connection binding the two clouds. Enterprise IT will most likely need to incorporate at least some the public cloud management systems to feed back into the MOM. This can occur when you are using a function such as a content distribution network or big data, which don't reside in your private cloud.
Enterprises will need to stitch these new cloud systems together with their existing centralized management system to use a single help desk and realize the total cost of ownership (TCO). IT managers have been combining management systems for years; however, cloud is a disruptive technology that's causing IT to adjust their management systems once again.
The emergence of the hybrid cloud adoption signals that cloud technology is maturing enough for enterprise IT shops, allowing them to extend sensitive applications into a multi-tenant public cloud environment. But the days of the "DevOps cloud cowboys" will fade into the sunset as the enterprise IT departments lock down data according to enterprise-grade management best practices.
About the author:
With a background in managing one of the largest global financial networks, Mark Szynaka brings his network monitoring, security and ITIL best practices to the cloud. He helps enterprise IT investigate and implement cloud computing architectures -- public, private and hybrid -- using Amazon Web Services, Terremark Verizon and Rackspace technologies.
This was first published in March 2013