CW Asia-Pacific
Rawpixel - Fotolia
Follow these hybrid cloud infrastructure best practices
Although a hybrid cloud approach can seem daunting, it enables enterprises to get the best of both worlds -- if managed correctly. Learn the dos and don'ts of hybrid cloud deployments.
Enterprises often look to deploy hybrid cloud infrastructure because they want the benefits of the public cloud but aren't ready -- or willing -- to shut down their legacy data center.
A hybrid cloud architecture, however, isn't easy to implement. IT teams need to be aware of a number of considerations and best practices, including networking, cost, management and security, before they get started.
Review these four hybrid cloud infrastructure tips to strengthen your strategy.
Choose the right hybrid cloud model
Once you choose to adopt a hybrid approach, decide which type of hybrid cloud infrastructure to deploy -- heterogeneous or homogeneous -- based on budget, performance and management needs.
A homogenous hybrid cloud is typically cheaper and easier when it comes to installation, operations and management. In this model, a single vendor provides the software, which is engineered to operate the same on premises and in the cloud.
With services like Azure Stack, AWS Outposts and Google Cloud Anthos, interest in homogenous hybrid cloud architecture continues to increase. Although appealing for their lack of complexity, these deployment models present vendor lock-in risks.
On the other hand, a heterogeneous hybrid cloud is built with the private and public environments coming from different providers, such as AWS paired with OpenStack. The heterogeneous approach is more complicated upfront, but users have more control over infrastructure changes in the future. IT staff may require more formal training due to the differences in vendor services and complexities in marrying the two.
Prepare for hybrid cloud implementation
Once you've selected a hybrid cloud infrastructure model, map out workflows to avoid network and performance issues. Overcome these common challenges with four steps.
First, define where application components are hosted to keep performance up and costs down. Divide the components into three groups based on where they run best: the public cloud, the data center or both. After components are assigned, design workflows and network connectivity.
Next, define and create the workflow crossing points between the cloud front end and the data center back end. Centrally control these workflows to ensure appropriate performance and to retain the elasticity benefits of the public cloud, as well as the security benefits of the private data center.
Then, manage the VPN address space. Typically, enterprises establish their VPNs with private IP addresses and should define IP subnets for users and applications. Follow the container model, and create private subnets for each application, with only external interfaces translated to a VPN address space. Assign subnets to each application component to ensure they're always accessible, even when shared by multiple apps.
Lastly, it's not uncommon for a hybrid cloud strategy to include scalable applications that run in the data center and the cloud. This can create address management problems, so ensure your load balancer is equipped for complex configurations.
Review data placement
The trick to a successful hybrid cloud strategy is to learn where to store data and how to retrieve it -- all while minimizing costs. Data movement can lead to high cloud bills, so it's crucial to place data wisely.
Organizations can host data in the cloud, a data center or both. Most hybrid apps use the public cloud as the front-end transaction source and the data center for processing the transactions. Ingress traffic is generally free, so it is more cost-effective to have the cloud receive data from the data center. Increased movement between environments creates the need for a larger -- and more expensive -- connection between the cloud and data center.
Think carefully about database hosting. Smaller databases can run in parallel in both environments, and summary databases can run on the public cloud. But it's not feasible to place larger systems in the cloud because it would result in high egress fees for processing data on premises.
Alter your security approach
Hybrid clouds involve many moving parts, which can make them more susceptible to breaches than the public cloud alone. Learn the potential vulnerabilities that are specific to hybrid cloud infrastructure, such as data transfers between the public cloud and on-premises resources.
A lack policies and formal processes can create risks; unify security controls across a hybrid cloud architecture, rather than maintain separate ones for different environments.
Although there are notable challenges for admins, they can secure hybrid deployments with certain tools and best practices, such as data encryption and zero-trust models. In addition, IT teams should familiarize themselves with emerging security practices, such as DevSecOps, to ensure cloud data is safe.
