We regularly address hybrid cloud concepts and architectures as part of our Cloud Advisory projects. We see 6 major aspects of hybrid cloud that IT organizations leveraging cloud technologies need to consider:
In this post, I'll cover connectivity, identity, and security.
Connectivity: Hybrid cloud connectivity can be as a simple as VPN connections from client-owned sites to the cloud provider, to a fully redundant, multi-provider network design. While the need for data networking between old and new hosting locations is understood, it sometimes doesn't get fully realized until late in the deployment process.
Its important to determine cloud data network designs as a key building block of your cloud foundation. Be sure to consider all of the likely connectivity scenarios, existing design elements to be included in the mix, and technology preferences. Don't ignore cost considerations as some design options can increase or decrease costs depending on the workload and technical requirements.
Identity: Integration and federation of identity with certain SaaS providers is likely already deployed in your environment. Virtually every SaaS product provides some way to leverage existing directory services (Active Directory) to provision and centrally manage user identities.
Cloud IaaS and PaaS providers offer similar methods (identity sync, SAML-based federation) to integrate their native services (Azure AD, AWS IAM) with your existing directory service. We recommend strongly considering using these synchronization and federation solutions to maintain your current directory services (Active Directory or other supported system) as the primary source of truth for identities (user accounts, machine objects, service accounts) and permissions.
Security: Our Security and Infrastructure practice evaluates and improves security programs and toolsets across a wide variety of client industries. A recurring theme is the uncertainty that arises both from technical and business stakeholders when migrating IT workloads to cloud providers. Also, the shared responsibility models of all major cloud providers put many of the "hard questions" on their customer's shoulders.
Be sure to engage your IT security colleagues as early as possible in your cloud computing journey. "Security" in this context includes not only preventative tools (segmentation, firewall, anti-malware, others), but also the compliance and contractual requirements that might strongly influence your cloud technical and operational designs.
Just as IT's tools usually require enhancement to operate cloud infrastructures, security applications will also often require extension across the new platforms, and sometimes enhancements with more cloud-native capabilities. Be sure to budget for the tools and time necessary to extend the security-related functionality and incorporate their designs into your cloud hosting foundation work.
Contact us and let’s discuss your cloud challenges – and check back next Wednesday for the next post: What’s Hybrid Cloud – Part 2 which will cover monitoring, automation, and workload mobility.