Part 4: Cloud Connectivity and Security
Tweet This: Tweet
Share on LinkedIn:
By John Valentine, Kovarus Cloud Practice Manager
Connectivity and Security — Where a lot of organizations run into issues is in the networking. Cloud networking is more complex than traditional data center networking, due to the distributed nature of it. We have more users in remote locations, multiple SaaS and cloud vendors and are often working over the public internet. Organizations need to consider the following:
- SD-WAN — This can help overcome some of the limitations presented by traditional networking solutions.
- Interconnection — How will we connect to our chosen cloud provider(s)? Do we want to use a site to site VPN or do we have the option to use DirectConnect or ExpressRoute?
- Active Directory — Do we want to federate our on-premises AD solution with the cloud? Do we want to look at something like Azure’s Active Directory service or do we want to have two separate domains?
- Single Sign On — SSO becomes fairly important, especially when we have multiple SaaS portals, cloud environments, O-365, Box, etc. to log into. We don’t want our users saving passwords in plain text on their laptop or writing them down under their keyboards.
- IPAM — IP address management becomes quite challenging, especially if we are looking at a hybrid-cloud rollout. Do we have enough address space per VPC in our environment, do we want to share address space with our on-premises network, etc.?
- DNS — Will we use the cloud providers DNS service, our current on-premises solution, or a modern solution like Infoblox?
- Firewalls — Do we want to use cloud-native tools like Security Groups, NACLs and Internet Gateways, or do we want to use our own solutions like Palo Alto, Cisco or VMware NSX for Cloud?
There is a lot to consider around networking and security. Fortunately, Kovarus has a ton of experience in this area and can help.
While it may make a lot of sense to simply give your end users access to the management console or the CLI, as we said before, we should really be using automation when we can. This is where providing our end users with a service portal that takes advantage of automation and orchestration is key.
Service Portal — A service portal is simply a place where our end users go to provision the resources they need. These will contain any full stack infrastructure options, CI Toolchains, services and anything else we built out in the previous steps and will increase our service velocity and decrease human error. This can either be a per-business unit solution (developers use CloudBees Jenkins and operations uses vRA) or we have a mandated solution for everyone to use such as ServiceNow.
Automation and Orchestration — This is how we actually execute the thing we need to do. Once we’ve determined how we want to roll out the infrastructure and services, we need solutions like Ansible, Puppet, Chef, etc. to go and deploy the resources, configure them and install the OS and any patches/software we need deployed.
Migration and Adoption
Now that we have done all the front-end footwork, we can finally begin! This is where we can start either migrating an application to the cloud or begin building out net new infrastructure.
Migrations — When organizations talk about moving applications to the cloud, you’ll often hear the term “lift and shift.” This is a fairly inaccurate and relatively impossible thing to do. We can’t just pick up a virtual machine or workload and drop it in the cloud. Let’s say for example, that we have an application sitting on a physical server that is running Windows Server 2008 and has several manual agents installed. Before we do anything, we should probably upgrade to a newer OS, remove any manual agents and then finally, we need to virtualize this application. Then once we’ve virtualized it in VMware, Hyper-V or KVM (or whatever else you wish), then we need to convert it to an image that the cloud provider can understand. So, as you can see, we aren’t lifting and shifting, we are rehosting the application. If we are a VMware shop, we can and should look at VMC on AWS, as it makes this process much simpler.
New Workloads — The other option is to spin up new workloads that take advantage of the highly scalable and agile nature of cloud computing. This becomes quite simple now that we’ve empowered our end users with a service catalogue, predefined infrastructure stacks, automation tools, etc. This is also where it may make sense to use a shared sandbox account where users can try new services and is cleaned up once a week.
Now that we have become a service provider to our end users through our highly automated cloud, we are in essence offering a product. The last step in this process is ensuring we are operating a cost-effective environment with governance enforced.
Cost Optimization and Governance — Through tools like CloudHealth, Turbonomic and others, we can begin to look for areas where we can cut costs, pre-buy reserved instances, delete orphaned resources and enforce security policies. Most customers overspend roughly 25% per year without the use of these visibility tools and often times don’t know where their security vulnerabilities are. Providing chargeback or showback is an incredibly valuable offering, especially when every resource is charged the way it is in the cloud.
How Can Kovarus Help?
These challenges can be daunting, and it can be hard to know where to start. Kovarus has helped many customers along this journey whether they have no, some or all of their workloads in the cloud. Our skillset is unique for a few reasons:
- We have one foot in the old and one in the new — we understand how IT operations and traditional data centers work as well as Cloud automation and cloud native workloads. This is why we can assist IT operations teams, developers and IT leaders adopt AWS, Azure or GCP holistically. This is a very different challenge in the cloud.
- We are completely differentiated around enterprise Automation and Orchestration and DevOps. This is our bread and butter and we’ve been building fully automated private clouds for a long time. Whether it’s VMware, OpenStack, KVM or public cloud, we understand how to adopt cloud correctly and in a way that will ensure scalability, performance and security.
- Our positioning is designing best of breed toolchains regardless of endpoint cloud, whether it’s private, hosted or public. We also understand both cloud-native solutions and tools, as well as multicloud solutions and when customers should use them.
This is a much longer conversation than this blog, so if you’re evaluating a cloud provider or have a cloud initiative you’re trying to tackle, feel free to reach out to me with any questions.
Looking to learn more about modernizing and automating IT? We created the Kovarus Proven Solutions Center (KPSC) to let you see what’s possible and learn how we can help you succeed. To learn more about the KPSC go to the KPSC page.
Also, follow Kovarus on LinkedIn for technology updates from our experts along with updates on Kovarus news and events.