Hybrid cloud architectures of the top hyperscale clouds, and some guidance for use
In our Voice of the Enterprise (VotE): Cloud Transformation, Vendor Evaluations – Quarterly Advisory Report, we asked more than 700 IT professionals how their organization will use different on-premises and off-premises cloud environments over the next two years. Among other findings, it concluded that the adoption of hybrid cloud is accelerating.
As it does, enterprises will need some guidance to help design and structure hybrid clouds. There is no standard for hybrid cloud architecture. Workload placement across multiple distributed execution venues is highly subjective to each enterprise, and depends upon a range of factors including the value/risk tied to workloads, lifecycle stages, usage patterns, application behavior characteristics, data criticality and data sovereignty, among other considerations.
So too, the hybrid offerings from cloud service providers (CSPs) vary. Each fundamentally agrees on the need for and the value of hybrid cloud architecture, but differ in their design and deployment models.
The 451 Take
It's easier for enterprises to develop, test, operate and migrate workloads across hybrid architecture when the code base of the public and private cloud offerings of a chosen CSP are the same, or at least virtualized and proven to function identically. The cloud strategies of IBM, Microsoft and Oracle support this design. The code base used by their public clouds can be installed on-premises as private clouds (within preconfigured appliances or as engineered systems) and interoperate with their respective public cloud services. Google and AWS prefer a virtual architecture where private versions of their cloud platforms can be partitioned and securely networked within their public clouds. One way for AWS users to enable a uniform hybrid code base is to run VMware as a private cloud on-premises, and link to a new VMware Cloud on an AWS offering for scale and interoperability. Google can be enabled similarly via its relationship with Red Hat. Red Hat's new OpenShift Dedicated application deployment platform runs in Google's public cloud and can link to on-premises private deployments of OpenShift. Consideration of these differences should precede any commitment by an enterprise to the hybrid architecture of any given hyperscale CSP.
Hybrid cloud transformation
The IT infrastructure that enterprises have trusted for years continues its metamorphosis. IT organizations are no longer limited to managing datacenters and a few hosted and managed services providers. Needy lines-of-business teams and impatient IT developers have procured SaaS, IaaS and PaaS cloud services to overcome resource constraints. Now all enterprise IT structure is composed of multi-clouds.
When multi-clouds enable the execution of distributed business processes, they become hybrid clouds. To be precise, hybrid cloud architecture consists of two or more distinct cloud and on-premises infrastructures that exchange and synchronize data flows and execute business processes to deliver seamless business functions.
We sought to understand the extent to which enterprises are in fact migrating to hybrid cloud architecture. In our February 2017 Voice of the Enterprise report, we asked more than 700 pre-qualified IT decision-makers, primarily based in North America and Europe, to describe how their digital transformation strategies will affect their on-premises and cloud environments over the next two years.
Figure 1 below presents the current state of affairs wherein single-cloud environments (i.e., on-premises private cloud, hosted private cloud or IaaS/public cloud) remain the prevailing cloud usage model (34% of respondents), with the 'multiple parallel cloud environment' model running a close second (29% of respondents). Nearly 40% of organizations surveyed plan to introduce various degrees of interconnectedness between their cloud environments, with 25% moving data and applications, and 13% operating business functions across different environments.
Organizations anticipating 'moderate' or 'significant' transformation in their IT environments showed considerably lower levels of single-cloud environment usage than their 'low' transformation counterparts. Additionally, 'significant transformation' respondents were more likely to implement hybrid environments over the next two years, indicating that hybrid architectures are emerging as a key element of IT transformation.
Figure 1: Multi-Cloud Hybrid Environments
CSPs and IT technology vendors have within the past two years introduced various means for hybrid and multi-cloud support. These include the creation of partnerships with key hyperscale IaaS/public cloud platform providers; the ability to manage customer deployments on third-party cloud platforms; pre-production design assistance and ongoing workload placement optimization; and interoperability and unified provisioning and management across their own cloud platforms.
As noted in Figure 1, for various reasons, on-premises and off-premises cloud environments will persist in the coming years. In response, the top hyperscale CSPs have crafted private on-premises, or virtual private cloud variants, from their public cloud offerings, and enabled them to interoperate and scale elastically. For the most part, the goal of each has been to gradually enable a common code base for their respective private and public clouds.
Their intention is to consolidate and reduce engineering efforts while eliminating the need for their customers to refactor workloads – essentially making the workloads more portable across private and public cloud deployments. The approach and architectures of each differ, and warrant awareness.
Hyperscale cloud service providers
AWS's hybrid cloud architecture does not include a private cloud, per se. There is no on-premises option. However, Amazon Virtual Private Cloud (Amazon VPC) can provision a logically isolated section of the AWS Cloud where AWS resources can be launched in a virtual network defined by an enterprise. It can enable hardware VPN connections between corporate datacenters and VPC to leverage the AWS Cloud as an extension of an existing corporate datacenter.
VMware on AWS is a native, fully managed VMware environment on the AWS Cloud. It includes the same core VMware technologies that users run in their datacenters (e.g., vSphere Hypervisor (ESXi), Virtual SAN (vSAN), and the NSX network virtualization platform). It's possible that on-premises VMware deployments can interoperate with VMware on AWS to enable an on-premises, private to public hybrid cloud architecture.
Google's hybrid cloud architecture revolves around its Virtual Private Cloud (VPC). Google VPC is an instantiation of the Google Cloud Platform (GCP) that can dedicate compute, storage and network resources to an enterprise. It's built within Google's public cloud and upon its proprietary private global network, designed for high reliability, low latency and hardened security. Kubernetes acts as the orchestration and operational backplane for hybrid implementations.
Elasticity and scale is achieved by linking to Google public cloud services. Connectivity to VPC is enabled through IPsec tunneling or a direct connect if the user is in the vicinity of one of Google's 180 global points of presence. Other means for integration between on-premises resources, Google VPC and/or its public cloud services include its new Apigee Hybrid Gateway.
Google and Red Hat have been working together since January 2016 to bring Red Hat's OpenShift Dedicated application deployment platform to the Google public cloud. It became generally available in December 2016. It's also possible that on-premises OpenShift deployments can interoperate with OpenShift Dedicated on Google to enable consistent hybrid private-public execution venues.
IBM Bluemix is available in Local, Dedicated and Public variants, and offers a suite of instant-on services, including Watson, Data Analytics and Mobile Services. Bluemix Public includes a complete service catalog hosted by IBM, enabling developers to access runtimes, services and cloud resources they need for application development and deployment. Application and service instances can be provisioned in different geographical regions from the Bluemix portal.
Bluemix Dedicated is deployed in a single-tenant server environment that can securely connect to Bluemix Public and an enterprises' network through a virtual private network (VPN) or a direct network connection. IBM manages the hardware, platform, runtimes and services.
The Bluemix Local environment is provisioned on-premises, inside an organization's datacenter facility. It is delivered as a fully managed service, and can be provisioned on OpenStack- or VMware-driven infrastructure, or deployed on a Bluemix appliance. Bluemix Local features a service catalog of the Bluemix services. All local deployments are securely connected to Bluemix Public for access to the full Bluemix service catalog.
IBM and Cisco have partnered and offer VersaStack, which brings together Cisco Unified Computing System (Cisco UCS) integrated infrastructure (including Cisco UCS servers, Cisco Nexus switches and Cisco UCS Director Management software) with IBM software-defined storage.
VersaStack supports varied Cisco UCS servers, Cisco switches (Nexus and MDS) and IBM storage configuration options that enable enterprises to scale compute, network and storage capacity as needed. VersaStack for Hybrid Cloud is converged infrastructure with additional software components that deploy and manage applications and automate application-aware data to and between datacenter and cloud environments. The vendors refer to it as a 'converged cloud' offering.
Microsoft Azure is gaining market share and gradually catching up to AWS. Rather than avoiding a private on-premises offering like AWS, Microsoft has embraced it. Azure Stack is an on-premises private version of Microsoft's Azure public cloud offering. It's a hybrid cloud computing architecture that offers flexibility for its users to structure combinations of cloud and on-premises deployment models for applications.
It recreates the Azure public cloud experience behind the enterprise firewall, and includes Azure's IaaS and PaaS. The Azure Stack enterprise-side portal is the same as the public cloud portal providing similar administrative experiences and tools. Azure Stack runs Microsoft's Hyper-V, Windows and Microsoft networking and storage, technology.
Oracle's Cloud Platform has both public and private deployment variants. The public variant consists of a stack of integrated offerings that include IaaS, PaaS, SaaS and data-as-a-service (DaaS) offerings. Oracle Cloud Machine is an on-premises dedicated appliance managed by Oracle that uses the same code base as the public offerings. Custom engineered system deployments are also available.
The hybrid design creates a common platform for development through production with full workload portability and rapid application development across public and private clouds without refactoring. Hybrid deployments are enabled using Oracle's Enterprise Manager to automate complex management tasks.
It enables administrators to monitor, provision and maintain on-premises Oracle Databases, Engineered Systems, Oracle Applications, Oracle Middleware and a variety of third-party systems, as well as Oracle Cloud services. Enterprise Manager Cloud Control provides a uniform platform for monitoring and managing on-premises, Oracle Cloud and Oracle Cloud Machine deployments from a common management console.
IT transformation is calling for greater hybrid interoperability across clouds and on-premises infrastructures. Enterprises will be challenged to redistribute workloads to the best execution venues that suit them. As workloads shift across distributed disparate multi-cloud and hybrid cloud execution venues, it may become difficult to assure that they will perform as they should.
Different CSPs architect their offerings uniquely, with different configurations of compute, storage, network and hyper-converged systems from a range of hardware and software providers. The hybrid architectures of each vendor we noted attempt to establish uniformity across their public and private cloud offerings, but they too are in continuous metamorphosis. As they evolve, they can affect their customers' workload performance.
Perhaps the capabilities espoused in so-called serverless environments that execute workloads as functions without consideration of the underlying architecture can alleviate concern over platform performance disparity. But we now know that even the mighty hyperscale CSPs can fail. Indeed, service-level agreements offer some assurances, but when you think about it, SLAs only really guarantee reparations.
Enterprises must plan ahead to protect against the unintended consequences of workload degradation or even failure. Developers will need to instrument workloads with embedded application performance monitoring capabilities that can alert operators and/or engage automated remediation efforts when critical performance and execution metrics vary. When anomalies occur, workloads may need to shift to another execution venue in another cloud region, an on-premises private cloud or a datacenter. CSPs with private and public cloud hybrid offerings built upon the same code base may have an advantage.
In some cases, the workload may need to shift to a different CSP. In these cases, the more portable the workload the better. This can be achieved by virtualizing the workload and running it on a bare metal IaaS. Another way is to containerize the workloads. Theoretically, containers are portable and can work across a variety of IaaS clouds. In either case, the workloads should be crafted to easily and readily shift to alternative execution venues when needed.