buchachon - Fotolia
Whether it's a LAN that supports a private or public cloud -- or the vast global WAN that supports a hybrid cloud -- network connectivity drives cloud resources and services.
Cloud architects must evaluate the capabilities, configurations and corresponding costs of LAN and WAN connectivity to ensure adequate, reliable and cost-effective hybrid cloud deployments.
Review the key elements of hybrid cloud connectivity and explore parameters and best practices to secure your connection.
Elements of hybrid cloud connectivity
LAN. An existing corporate network is rarely enough to support a private cloud over the long term. Cloud resources must be available on demand, but IT teams cannot easily predict usage patterns and load levels in this model. As a result, network bottlenecks can emerge as users carve out resources.
From a physical standpoint, the portion of a LAN committed to a private cloud must be evaluated and upgraded to support scalability and flexibility. This might include redundant switches, multiple WAN gateways and ample bandwidth to handle peak workload demands. Strategic traffic monitoring should help identify bottlenecks and justify upgrades or architectural changes.
WAN. The easiest way to connect a private cloud to one or more public clouds is through the internet. Although internet service providers (ISPs) offer tremendous bandwidth at manageable prices, the internet is subject to disruptions and congestion. In addition, it can expose unencrypted network traffic to security threats.
To address these issues, keep an application and its data in the same place, whether that's in the public cloud or on premises. Also, consider the value of a dedicated WAN connection between a private cloud and the public cloud provider. AWS, Microsoft and Google each have dedicated connectivity services.
Public cloud. Although an organization can't augment or change a cloud provider's LAN, it is still crucial to consider the implementation of provider-side services.
The services and actions in the public cloud, such as creating virtual private clouds (VPCs) and subnets, are often incorporated into automated policies and workflows so the public cloud is effectively treated as an extension of the private cloud.
Hybrid cloud connectivity considerations
To establish and maintain a connection between a private and public cloud, you need to understand network requirements around data volume, speed, security and performance. Consider these five key parameters.
Bandwidth. This is typically the most common parameter involved in connectivity. Ideally, it represents the volume of data a network connection can handle over time, usually measured in Gbps. Consequently, WAN bandwidth needs are influenced by the amount of traffic that must flow between private and public clouds.
Higher traffic volumes are often driven by data-intensive workloads or multiple applications sharing the available bandwidth simultaneously. A business with a hybrid cloud will generally start with a modest, low-cost bandwidth connection and scale up as needed.
Latency. This represents the measurable delay from when a packet is sent to when it is received. As latency increases, the apparent responsiveness of an application decreases. This is undesirable for user satisfaction and time-sensitive tasks, such as IoT data processing.
Latency is influenced by the physical distance between endpoints. It's affected by all of the switches, routers, gateways and other network appliances that interact with a packet. To reduce the latency of a hybrid cloud connection, minimize the distance between clouds. For example, connect the private cloud to the closest public cloud region and employ dedicated connections that minimize the amount of networking gear between sites.
Availability. If the network connection is down, a hybrid cloud is -- at best -- impaired. There is risk in having a single point of failure, and single connection between a private and public cloud cannot provide 100% availability. For example, 99.95% availability equates to 21.91 minutes of downtime per month.
Evaluate the availability and reliability of your connections, as well as the guaranteed uptime in your provider's SLA. To enhance availability, establish redundant connectivity to avoid single points of failure.
Security. Although security is not a physical network characteristic, you still need to evaluate its role in network traffic. For example, application data should generally be encrypted both at rest and in transit. Command, control and configuration data should always be encrypted. Use common technologies, such as SSL or TLS to prevent snooping and interception.
Costs. Dedicated connectivity through a major regional ISP, such as Verizon or AT&T, can be expensive. Costs can also jump significantly for high-bandwidth connections, especially redundant connections.
Network costs can make hybrid cloud cost-prohibitive. For example, data ingress is basically free with most cloud providers. However, data egress can prove expensive, depending on the amount of data access and volume of data that is actually moved. This can usually be mitigated by architecting applications to minimize data egress and movement across public cloud regions.
Hybrid cloud connectivity best practices
No two hybrid cloud architectures are the same. Each implementation depends upon a business' specific needs and budget. Still, these best practices can set up hybrid cloud connectivity without breaking the bank.
Understand the data. Only move the minimum amount of an application's data into the cloud. Identify the correct data, secure it for flight across the network and ensure ongoing adherence to regulatory compliance requirements. This can be done by maintaining encryption and verifying that the data is physically retained in suitable public cloud regions. Other data should remain within the local data center and LAN.
Recognize network limitations. Huge data transfers into the public cloud are typically free but can place a huge strain on finite LAN and WAN bandwidth. Dedicated WAN connectivity can avoid the congestion that sometimes plagues public internet connectivity, but even this is often inadequate. Consider services such as AWS Snowball or Azure Data Box to physically transfer data to your public cloud provider.
Consider application elasticity. While cloud bursting is difficult to implement due to fundamental differences in public and private cloud architectures and services, application elasticity is a still a common hybrid cloud use case. Redirecting additional application traffic from a private cloud to a public cloud can demand additional network bandwidth and heighten latency concerns. Implement network resources and services to support concurrent application instances, data sets and load balancing between environments.
Architect the network for scalability. It's easy to connect a LAN to a WAN. But even a single network bottleneck, such as having only one on-premises network gateway, poses challenges in scalability and reliability. When implementing hybrid cloud connectivity, architect redundancy and scalability into the design to avoid single points of failure wherever possible.
Use common configuration policies. Automation drives the configuration of VPNs, VPCs, subnets and other network resources.
However, you typically spin up and manage private cloud resources differently than you would in the public cloud. This can lead to the use of different policy engines and workflows to manage the same types of activities on either side of the hybrid cloud. To mitigate these issues, use common network policies and workflows to reduce errors and accelerate responses.
Multiple IT vendors offer services that bring a level of parity across environments, including companies with on-premises enterprise roots such as VMware and Red Hat. AWS, Microsoft and Google also have services that extend their public cloud management tools on premises.
Measure and test. Just as you monitor an application, employ tools to monitor network performance and availability. This will enable you to take remedial action when metrics or alerts demand.
It is possible to obtain a good view of your LAN and your public cloud environment. But the effort might require a small arsenal of tools. This could include log management, application performance management, network performance management and other open source tools to piece together an end-to-end view of the hybrid cloud network.