Many organizations have meaningful multi-cloud projects underway. Of the majority (75%) of businesses deploying apps in multi-clouds, 63% use three or more clouds according to a Propeller Insights survey. Overall, just above half (56%) find it challenging to manage workloads across different cloud providers, citing difficulties with security, reliability, and—generally—connectivity.
The litany of different challenges associated with distributed, multi-cloud applications can slow the progress towards the realized benefits, that so many institutions need desperately in the looming economy. And even though the adoption of proper multi-cloud strategies is growing, there remains a gap in effective solutions that address the many challenges faced by organizations executing on them.
Differing Multi-cloud Operational Models
Competing operational models can largely contribute to the complexity slowing the progress of multi-cloud benefits. Each cloud offers services and unique APIs to the individual cloud provider—and often require customers to conform to different skillsets, policies, and approaches. Every cloud offers a “software-defined network” experience, but no two clouds offer the same “software-defined network” experience. This often leads to inconsistent configurations that affect security, with a lack of zero trust methodology, and performance when these cross-environment differences are not properly considered.
Interconnectivity difficulties are heightened by the introduction of cloud-native (microservices-based) applications, significantly ballooning the number of instances that must cross-communicate. Propeller found that “over 70% of respondents say that security problems are exacerbated in multi-cloud environments by the differing security services between providers (77%), the growing number of APIs (75%), and the prevalence of microservices-based apps (72%).”
New Approach to Multi-cloud Networking
The interconnectivity difficulties are driving a need—and demand for—a new approach to multi-cloud networking, which should be backed by three key beliefs:
The right platform distributed cloud model should consider that the users of applications must be served with the highest aspects of quality, performance, and security in near-real time. The aim should be to provide a distributed cloud that brings along the concepts of cross-cloud elasticity without massive cost increases, time constraints on provisioning, or environmental variances.
A couple of use cases to help battle some of the critical multi-cloud challenges are utilizing sophisticated technology platforms, that match the previously stated description, to address the inevitable IP address overlap that occurs in multi-cloud environments and utilizing Policy as Code practices.
IP Address Overlap in Multi-Cloud
One of the immediately recognized issues associated with the expansion into multi-cloud and edge deployment architectures is the increase of IP address overlap, even within the same cloud.
Look for simple, scalable solutions that can fix IP overlap that solves and prevents problems from Day One onward. The key is to find ones where each virtual network segment is connected to the others by a transparent proxy, rather than a router. Connections that start within a virtual network segment (VNS) are modified with Source Network Address Translation (SNAT) on their way out, changing their address to one that’s routable within the overall network.
Avoid the temptation to utilize old workarounds that were previously considered IP address overlap best practices. IT and Operations teams are now delivering applications throughout the lifecycle of the modern Internet—and require solutions that can handle ongoing process of digital transformation without creating additional problems for the future.
Policy as Code Implications in Multi-Cloud
From the ONUG Fall 2022 session, Managing Risk and Automation with Policy as Code, several industry experts came together to discuss the implications of Policy as Code, which is the formalization of business intent and codification into software that can evaluate across multiple cloud providers and on-prem equipment.
In this insightful session they discussed how Policy as a Code can be instrumental in helping to alleviate some of the difficulties associated with multi-cloud usage, as it helps alleviate struggles in operations, security, compliance with strict regulations and even provides user education in the form of pop-ups. Too much automation in your multi-cloud environment? Not a problem. Policy determination can happen at the code level, eliminating the need for support tickets and manual approvals. Waiting three seconds sounds a lot better than the 24 hours associated with most support ticket turnaround times. Incorporating standards from organizations, like NIST, also helps ensure compliance and cybersecurity are automatically included where appropriate.