Professional Documents
Culture Documents
Get Started With Multicloud Integration, Management and Optimization
Get Started With Multicloud Integration, Management and Optimization
vide administrators with visualizations or agement consoles of each of the clouds programming since most modern cloud-
alerts to help them interpret the health of that it uses; in the latter case, administra- aware monitoring tools are able to extract
their environment. Since Kubernetes itself tors may find themselves having to navi- data directly from all of the major public
provides little in the way of native moni- gate between different management tools clouds.
toring tools, third-party solutions would be on different clouds in order to manage the However, it’s often necessary to do a cus-
valuable in this context. same multicloud workload. tom configuration within the monitoring
Alternately, if a business creates its own in- When it comes to monitoring a mul- tools so they work effectively with mon-
tegrations between multicloud workloads ticloud environment that is integrated itoring data that originated from multiple
using APIs, the process of managing and using APIs rather than a universal control clouds. For example, a monitoring tool
monitoring the multicloud environment plane, enterprises must typically collect may need to be configured to understand
will be less centralized and may require monitoring data directly from each cloud that two databases running on different
more manual effort (while also offering that they use, then aggregate that data in clouds are part of the same workload and
more control). The business would need a centralized monitoring tool. Fortunately, should be monitored and analyzed as such
to configure and manage workloads using this process is relatively straightforward by the APM tool.
either APIs or by working from the man- and does not require extensive custom
How to Optimize Workload
Performance in a Multicloud
Environment
The chief challenge in achieving Optimization (of workload performance,
service might introduce a new storage tier levels of network-borne threats than are management, or IAM, tools and frame-
that is a better fit for a customer’s needs, workloads that exist within a single cloud. works provided by each cloud vendor are
for example. Or it may change pricing a starting point, although enterprises can
for one of its cloud regions, giving extra Effectively addressing multicloud security also take advantage of third-party tools
incentive to move workloads to a different challenges requires taking a multilayered that can audit IAM configurations for secu-
region. approach to security by deploying tools rity problems.
In order to maintain the flexibility to The multicloud workload itself must be
modify or expand multicloud architectures secured, too, using whichever tools and
whenever needed, it is a best practice
to prefer third-party management and To optimize processes are appropriate. If a workload
consists of a virtual machine and a data-
performance,
monitoring tools whenever possible, as base, anyone responsible for securing their
opposed to the native tools offered by enterprise should take steps to detect and
cloud vendors. As noted above, third-party
enterprises must
address vulnerabilities within the operat-
tools make it easier to avoid dependency ing system running the virtual machine.
on a particular cloud. They also simplify In addition, encrypt and secure the data
the process of expanding a workload into
a new cloud.
first identify the associated with the workload.
within a multicloud
whichever cloud or clouds are hosting the
Multicloud Architecture workload. In some cases, it is possible to
Securing multicloud architectures is funda- encrypt data or manage workload security
mentally more challenging than securing
a single cloud or an on-premises environ-
workload. using a cloud vendor’s native tools, this
approach is less effective in a multicloud
ment. Multicloud architectures simply have environment, because no single native tool
more complexity, and therefore a greater and processes that address each of the will apply to all multicloud workloads.
potential to be misconfigured in a way threats that could impact a multicloud
that creates security vulnerabilities. In ad- environment. A third layer to secure is the network.
dition, because multicloud workloads are Here, multicloud security can be particu-
often distributed between different clouds The first layer to secure is the underlying larly challenging, because it is impossible
and rely heavily on the network for com- cloud infrastructures that host multicloud to define a clear network perimeter in
munication, they are exposed to greater workloads. Here, the identity and access a multicloud environment where data is
exchanged constantly between different geographic areas. Most cloud vendors it will significantly decrease performance
clouds. Thus, the workload cannot simply allow data to be distributed automatically or bloat bills. Most cloud providers don’t
be placed neatly behind a firewall in order across various data centers that they own make information about egress perfor-
to be protected from threats. in different locations, so that if one data mance and pricing particularly easy to find,
center fails, the data remains available. This so this can be an easy mistake to make.
But that does not mean firewalls have no
approach provides virtually the same level
place in multicloud environments. They are A third anti-pattern to consider: the failure
of data reliability as using multiple clouds.
still useful for helping to prevent unautho- to integrate on-premises infrastructure
rized access to resources. A general best However, georeplication features are with multicloud environments. Although
practice is to configure a firewall on each generally limited to data that is hosted in enterprises that adopt multicloud strate-
cloud that hosts a workload (or part of the cloud. They don’t support other types gies can run many or most of their work-
a workload) using a whitelist approach, of workloads, such as virtual machines. loads in the cloud, it is common for at
which means blocking all traffic by default Thus, multicloud architectures are a good least some data and applications to remain
and allowing only traffic from endpoints solution for businesses seeking to make on-premises for privacy, security, perfor-
that are known to be secure. For example, entire workloads more reliable by mirror- mance or other reasons. The specific ap-
a cloud firewall could be used to block ing them across different geographic areas. proach that businesses take to connecting
all traffic from the public Internet, except these on-premises workloads with those
Another anti-pattern to spot and break: running in different clouds will vary, so it
traffic that originates from specific end-
don’t plan adequately for data egress rates. is important to keep on-premises com-
points on an external cloud that are part Egress refers to data transferred from one patibility in mind and avoid cloud-based
of the same workload. cloud into an external environment, i.e. an adopting tools or services that cannot
on-premises server or another cloud. Not integrate with on-premises resources.
Identify Anti-Patterns in only does sending data out over the Inter-
Multicloud Architecture net introduce a risk of delays (since band- The final multicloud pattern to be wary of:
Perhaps the best way to think about width on the Internet is typically much failing to evaluate the tradeoffs of multi-
successful integration and management more limited than it is within a cloud’s cloud architectures effectively. Although
of multicloud architectures is to identify internal networks), but it can also steeply multicloud provides important workload
antipatterns, or counterproductive practic- increase cloud computing costs. That is accessibility and reliability and cost efficien-
es that businesses sometimes follow when because, in most cases, cloud providers cy, the tradeoff for these advantages, as ex-
plained above, is added complexity, greater
working with multiple clouds. charge fees every time data egress occurs.
challenges in integrating workloads togeth-
One common anti-pattern is to use a For this reason, it is critical to architect er, a greater risk of security vulnerabilities
multicloud architecture for the simple multicloud environments in ways that min- and more. Thus, it is crucial to perform a
purpose of replicating data across multiple imize data egress, especially in cases where proper cost-benefit analysis when consid-
ering a new multicloud service or work- of benefits, but they also impose unique duced by multicloud strategies.
load. Pursuing multicloud for its own sake, challenges. IT pros will have to mitigate
There is extra work involved in Integrat-
rather than because of a clear positive the performance bottlenecks and reliabil-
ity shortcomings of workloads that span ing, managing and optimizing multicloud
gain, undercuts the advantages that multi-
multiple clouds; that secure multicloud environments. But enterprises may benefit
cloud architectures can potentially confer. from reducing the risks of vendor lock-in,
environments at every level and layer of
the infrastructure and workload; and that taking advantage of vendor-specific fea-
Balancing the Benefits Against reflect an intentional, well-planned effort tures from multiple vendors, and enjoying
the Challenges to realize the benefits of multicloud, with greater accessibility and reliability among
Multicloud architectures deliver a range an understanding of the tradeoffs intro- their enterprise workloads.