Last week, we shared Part 1 of “What’s your multi-cloud strategy?” In that article, we discussed why it is important to start planning your response to this anxiety-provoking question. Today, we’ve got some tips on how to approach this challenge, and some common mistakes to avoid.
Start planning now and start with architecture
A few years back, when we all first arrived in “the matrix” (a.k.a. the cloud), we looked around and asked, “Okay, what’s missing here?”
And the answer–in a word–was “architecture.” In the on-prem world, everything is tied to an architecture. Whether access, distribution, core, or spine-and-leaf, there is a well-established architecture that many people are familiar with. This gives network engineers and architects the confidence to work with vendors and set requirements accordingly.
In the cloud, implementation is too often a matter of stitching things together based on what the cloud provider offers. The question to ask is: What does your underlying, foundational architecture need to look like?
Think in terms of layers
Back when we were building products for each layer on-prem, most people agreed on how to build a resilient, high-performance secure network architecture. But that agreement doesn’t exist in the cloud. So now is the time to start thinking about what your multi-cloud network architecture should look like.
Come up with a list of the layers you will be working with. For example, an in-the-cloud layer, an on-prem connection layer, an application connection layer, a monitoring and visibility layer, a security layer, etc. This will give you a logical way of thinking about the structure of your cloud architecture, as you plan for multi-cloud optionality.
Do make sure your infrastructure architecture is set up properly for multi-cloud optionality. This way, even if you are only migrating to one cloud, you have options–from day one–when the need arises to leverage multiple clouds. Within a matter of minutes, you can deploy the platform in a way that allows you to have that architecture in place.
Avoid these costly common mistakes:
Mistake #1: Trying to “do it yourself” (DIY) using CSP services
For many, doing it yourself using CSP services can seem like the most expedient option at first. But this can quickly become overly complex and unsustainable.
The CSP mantra is “go build.” But when you start feeling like a software development house, writing different software for different clouds and trying to manage all these new activities, it’s easy to lose focus and become distracted from your enterprise objectives. Your objective should be maximizing business agility and establishing competitive advantage, not establishing–and attempting to scale–an ever-expanding software development operation.
Mistake #2: Believing the cloud works like on-prem
The assumption that on-prem models will work equally well in the cloud can be a costly mistake, based on the misunderstanding that the cloud operates like an extension of the data center.
For example, if you’re happy with the performance of your on-prem firewall, why not extend its virtual instance into the cloud? This may seem like a rational idea. But the posture in the cloud is different from the on-prem world, where everything is layered.
The cloud carries increased risks associated with much-easier access to the internet. Now that those pesky firewalls and DMZs are out of the way, their compromised hosts are ripe targets for data exfiltration and malicious botnet operations.
Thinking of the cloud as an extension of the data center is a mistake.
In planning your multi-cloud strategy, the best approach is to think of the cloud–not the data center–as the new center of gravity. You can safely extend your cloud posture to the data center, but not vice-versa.
Mistake #3: Making security and Day 2 operations an afterthought
In the cloud, security should be built-in, and embedded as part of your network. This is different from the on-prem model of ‘bolted-on’ DMZs and hairpin architectures. Keep this in mind when building your secure cloud infrastructure.
Day-1 “build” operations tend to be carefully planned, while Day-2 operations are often left to be addressed at a later date. Don’t make this mistake!
Day-2 operations will be ongoing into the foreseeable future, and should never be an afterthought. Whether your deployment is single-cloud, multi-cloud or multi-region, the success of your cloud journey will be highly dependent on the applicable skills of your operations team. Every cloud environment is unique, and it is virtually impossible to efficiently manage each one as an island.
Plan and build architectures that are consistent across each cloud, providing a unified operational experience. This will facilitate Day-2 operations far into the future, including compliance, governance, and consistent security across clouds–and extending back into your on-prem environment.
At the end of the day, cloud infrastructure is there to support the ongoing digital business transformation. Your multi-cloud network architecture will directly impact how effectively you will be able to leverage current and future cloud innovations for improved agility and competitiveness.
Want more tips for building a foolproof multi-cloud strategy? Aviatrix can help. And don’t forget to save your spot for The Cloud Pragmatist, Episode 2—Cloud Migration: Preparing for New Security Risks and Opportunities.