vali_111 - Fotolia
Hybrid cloud adoption continues to increase, but its growing acceptance doesn't mean it's easy. Users have faced -- and will face -- a number of challenges. The good news is that careful planning can overcome them.
The various components that constitute a hybrid cloud are, and perhaps always will be, very different. While advances in virtualization make it easier to treat all resources similarly during application deployments, that uniformity can mask dramatic security, performance and cost differences between an enterprise data center and the cloud. And IT teams must always account for those differences.
Here are four steps to overcome common challenges in a hybrid cloud implementation.
1. Divide application components
The first step toward hybrid cloud is to define which application components to host where. If you treat all your hosting resources, both on premises and in the public cloud, as a single resource pool, you can more freely move components between those two environments. However, the cost and operational structures of the public cloud are different than on premises, as is the network connectivity model that you'll need to support a hybrid cloud.
The best approach is to divide your application components into groups, based on factors such as cost, connectivity requirements and governance and security policies. Your three groups should be:
- the set of components that run best in the public cloud;
- the set of components that run best in the data center; and
- those that can run in either place.
After you assign components to their groups, design your workflows and network connectivity, presuming that each application stays within its group. This means cloud bursting and failover are limited to components in the third group. If you don't plan this way, you risk facing enormous differences in how much your applications cost and perform in hybrid cloud.
2. Design workflow crossing points
Next, you'll need to define how your application workflow will cross between front-end components in the cloud and back-end components in the data center.
In a hybrid cloud implementation, most organizations use the public cloud to host front-end application components, such as those that support mobile apps or event handling, and use their data center for heavy database-centric processing. The goal is to connect these components so that you don't lose the elasticity of the public cloud or the governance and security of your data center.
Create formal crossing points where an API hosted in the cloud and an API hosted in your data center connect. Be sure to centralize control of workflows that pass between the cloud and data center boundaries. Then, ensure both the cloud- and data center-hosted components retain connections to their assigned crossing points, even if there's a redeployment to accommodate workload changes or failure. If they don't retain these connections, work can't pass between the two environments.
3. Manage your VPN address space
Generally, enterprises should establish IP virtual private networks (VPNs) with private IP addresses, and most use the Class A space 10.0.0.0. But whether you use public or private addresses, you should define IP subnets to hold users and applications. Avoid assigning users permanent IP addresses, and instead, assign them dynamically.
For application components, follow the container model, where you create a private subnet for each container app and only the interfaces used outside the containers are translated to your VPN's address space. You need to manage the addresses that connect applications and users; keep them separate, and fit them to your VPN model.
One challenge in hybrid cloud implementation -- and even with an on-premises deployment -- is when multiple applications share components, such as microservices that you manage through an API broker. One way to ensure that these components are always accessible is to assign them their own subnet and make sure firewalls always pass the shared components' addresses.
To manage addressing in the public cloud, determine how your provider assigns and translates IP addresses. Amazon, for example, offers elastic IP addresses that map your VPN addresses to the address of public cloud components, even if the components move during scaling or deployment. Be sure to map cloud application addresses consistently into your VPN address space, as well as to any address/API directories or brokers you use.
4. Evolve your load balancing
It's possible that your hybrid cloud implementation will include scalable application components that run both in the cloud and in your data center. This creates the issue of having to manage the addresses to ensure you can use both types of components for tasks such as cloud bursting.
Confirm that your load balancer can support components both in the cloud and in your data center and that you can update the component inventory the load balancer uses when you add a component to either hosting environment. Make sure whatever load balancer you pick works in this complex configuration.