After having a slow period on my blog the last couple of months I decided to blog about this particular subject after I’ve been reading a lot of posts on this subject and have been working in multiple projects on the same topic for some time, namely multi-cloud strategies.
Most enterprise companies have (also based upon what RightScale has gathered of information based upon their State of the Cloud report –> https://www.rightscale.com/lp/state-of-the-cloud) a multi-cloud strategy meaning that they want to be using two or more cloud platforms for their future workloads, which might be a combination of SaaS, PaaS and IaaS services (and even CaaS or FaaS).
The goal for most enterprises is to move towards an approach where they can get the services they need from the “best” vendor and not be bound to a specific vendor. It is like being in a store and being able to choose services from the different vendors and picking what fits your needs and also based upon cost (like if services such as storage from one vendor suddenly got 40% cheaper then the alternative you would most lilkely go and buy it there)
This could be that a customer is configuring and setting up an IoT platform running on Google Cloud since it is cost-efficient and having data warehouse solution running in Microsoft Azure, which might provide them the best of breed services depending on their use-case. Now is this really efficient? ill come back to this later…
I’ve also worked with projects where the customer wants to provide redundancy across multiple cloud providers in-case one of the major providers goes down so they don’t want to be locked into a vendor, so there are other motives behind choosing a multi-cloud approach.
I’ve previously written about the different big providers and how they compare and not https://msandbu.org/cloud-wars-ibm-vs-microsoft-vs-google-vs-amazon-iaas/ https://msandbu.org/cloud-wars-ibm-vs-microsoft-vs-amazon-vs-google-part-1-overview/ and most part of my work is to maintain knowledge and experience across the different providers, which means I know what works and what doesn’t work within most of the large platforms and an important step towards embracing cloud is knowledge. This is a big piece of the puzzle when it comes to multi-cloud, with the constant development and maintaining fresh knowledge on the different cloud vendors requires a lot of dedication, like AWS alone has more then 1000+ changes, updates and new services a year, same goes for the other vendors as well, I spend a fair amount of time both personally and as part of my role to understand these changes. Many are underestimating how important this aspect is. and therefore neglect to understand what is running underneath and if you work with multiple cloud vendors much of the same mechanisms might be different and that services are bolted together differently. Many enterprises tend to look towards the use of a CMP (Cloud Management Platform) for a multi-cloud approach. CMP frameworks abstract away the complexity of the cloud platforms and providing a common set of tooling across cloud platforms.
And provides a consistent framework that works across multiple cloud vendors. There is already a big market for this already where many of the large vendors are already present, however, it is important to understand that CMP is a framework which is using the Cloud vendors framework underneath and will always stay behind in development to what the cloud vendors are doing. We tend to see that 6 – 12 months behind when it comes to supported features from each of the vendors. Secondly, they don’t often provide full integration with the different vendors so you only get a list of “supported” services from the different vendors and lastly they tend to focus on mostly IaaS and PaaS services.
Note: This is something that Gartner is conducting research on now https://gtnr.it/2zYT6E5 you can also see the CMP comparison on Whatmatrix.com https://www.whatmatrix.com/comparison/Cloud-Management-Platforms but what we often see is that
A CMP Framework consists of multiple services, such as having cloud broker, monitoring and governance and policy management options and also automation to allow for deployment of services across multiple cloud vendors. Now instead of using a CMP framework, you can also work directly with the different vendors and the framework they provide in terms of Automation, Identity, Security, and Capabilities, since then you get access to the latest features but again you need to learn all the different platform properly and also from an automation perspective you need to learn maybe two or three script languages. Now there is also a huge list of tools in the market that supports multi-cloud meaning that they provide some form of integration with different cloud platforms. To give some examples
- Automation – Chef, Puppet, Terraform, Ansible, vRealize
- Network Security – CheckPoint, Palo Alto, Cisco,
- Cost Management & Governance – Nutanix Beam, Dome9, Redlock
- (SaaS) CASB – NetScope, CloudGuard, Cloud App Security
- Monitoring – Datadog, NewRelic, Site24x7, Dynatrace
- Identity and Access Control – PingFederate, Okta, OneLogin.
Now many of these tools suffer the same challenge as the CMP frameworks are that they are always behind in functionality, but might provide a broader range of services even though they are not that tightly integrated as a CMP platform would be. Now regardless of this, if you want to move to a multi-cloud an important aspect is as I’ve highlighted is the tooling, so that you can maintain overview, cost management and monitoring of services running in the different clouds, or you can choose a CMP or build upon the cloud provider native functionality but this again requires you to have single tooling for each vendor. It should be noted that we also have other initiatives such as the https://www.openservicebrokerapi.org/ The Open Service Broker API which provides a uniform API to provision services across the different cloud platforms.
Another overlooked aspect of multi-cloud strategy is security. How can we handle and get a clear view of the security landscape if we can services across multiple platforms? This point is also related back to knowledge, to understand the best practices that a cloud provider has in terms of restricting and logging access to a particular service or data and how to set up a service securely. Now as part of the security aspect you have an identity. We want to ensure that users only have one account that they use to access all the different services and for lifecycle management purposes. Now given access to a set of services or data in Google Cloud is different from how you do it in Azure or AWS for that matter, and if you are building up a data lake or big data platform it would require a lot of planning to ensure that a user only has least-privilege access. Also, we need to ensure that access is only given to users from approved devices and or require multi-factor authentication.
From a SaaS perspective, we tend to use the common identity protocols to ensure a common user can be given access to a set of different cloud services, but it does not guarantee that you can a fine-grained access to a set of services or data inside a cloud platform. Also when it comes to logging and auditing of activities within each platform, many of the vendors have their own activity logs which are mostly isolated and from an on-prem enterprise approach, you commonly have a SIEM product which collects logs from all sources how do we then collect all this data from multiple cloud vendors?
Another issue is the cost when you are buying services from a cloud vendor you are essentially placing or running data within their services. Now one aspect of this might be having data streaming from one platform to another for archive or machine learning purposes. Now storing the data itself might not be an issue, but what might be an issue is that you are exporting data from one platform to another, which will mean that you will get an egress cost on that data, secondly is control of the cost. This also relates back to tooling, how can we control the cost of the services we use within each platform and how do we optimize the services we are running? Many of the large platforms now have their own “Advisors” which provide cost optimization tips and similar services are also tightly integrated with CMP frameworks and other services that provide multi-cloud cost optimization features.
Lastly is the ecosystem. Once you start using or consuming services from one vendor you are essentially starting to embrace their ecosystem of features. Most of the services that a platform has are often tightly integrated, which makes it easy to create integrations between them. Building integrations between multiple clouds can be time-consuming and might not give the desired result, because all the vendors want one thing, for we as a customer to start using their ecosystem of tools and services. Therefore this makes it difficult to move from one storage services to another storage services from another vendor since there might be large differences as part of functionality/price or integration with other parts of the value chain it provides.
To give this as an example of having an IoT platform in Azure. Where we have many of the PaaS services from Azure within the same architecture, would it make any sense to put services from another platform here? Might be, but adding other services outside of Azure here can be time-consuming, less cost efficient, make securing the services a bit more difficult and might not provide the desired result.
Not all services are that integrated within the ecosystem a cloud platform provides. Such as Container workloads allows it to be portable to move applications across as long as it has a common container orchestration service and the same goes for IaaS workloads, but once you are moving up towards more PaaS services you are more bound to the platform ecosystem itself.
Lastly, I want to state that I believe that Multi-Cloud is something that most companies will adopt, but mostly from a SaaS perspective where they have SaaS services from a set of multiple cloud platforms or third-party vendors, but when it comes to PaaS and IaaS workloads where we are building our own services I believe that most companies should focus on one platform, why? because it takes time to adopt the knowledge and understanding the platform, then building a secure framework around it, and having a robust user-identity system to provide proper access control to data and services and also to control cost and compliance within. When you see that you can manage those aspects properly and need to look further on another service you should then look at other vendors. Regardless of which cloud platform you choose, you should also look at your current toolbox to see its strength and weaknesses and if it allows you to adopt multiple cloud platform in a later stage as well.