Single-cloud environments are mentioned to be redundant. One professional disagrees and explains why.
Earlier than cloud computing burst on the scene, high-availability digital architectures had been the holy grail. That meant redundant community suppliers, redundant knowledge facilities, and redundant web service suppliers—all to remove single factors of failure which have the potential to close a company down.
That each one modified when cloud computing made its debut. Cloud suppliers claimed computing and storage cloud environments had been absolutely redundant, and a single-cloud supplier utilizing a number of knowledge facilities is secure. And, much more interesting, switching to the cloud seemed to be considerably cheaper from an operational standpoint.
SEE: Google Chrome: Safety and UI suggestions you should know (TechRepublic Premium)
Michael Gibbs, CEO of Go Cloud Architects, a world group offering coaching in cloud computing, mentioned throughout an e-mail dialog that he wished to set the report straight on the subject of cloud computing environments.
Single-cloud computing environments are dangerous
Gibbs affords the next causes utilizing a single cloud supplier is a dangerous proposition:
- When a company makes use of a single-cloud supplier, that often means working with one community supplier, and that’s a single level of failure.
- Single-cloud suppliers promote redundancy by using a number of knowledge facilities. Nevertheless, knowledge facilities share a typical management airplane.“The management airplane is what allows the cloud to perform,” Gibbs mentioned. “The cloud management airplane orchestrates the community and knowledge facilities. If something occurs to the cloud management airplane, that can doubtless flip right into a single-point-of-failure outage.”
- Cloud suppliers are high-value targets for cybercriminals. If there’s an assault and cybercriminals get management of the cloud, they’ll entry delicate enterprise and buyer knowledge, or if desired, the attackers may stop entry to the cloud-computing service.
Gibbs affords this instance: “Think about what may occur if a hospital and a 911 dispatch heart had been hosted on a single cloud supplier and there was an outage.”
SEE: Password breach: Why popular culture and passwords don’t combine (free PDF) (TechRepublic)
And everyone knows that cloud outages happen. Final 12 months, a number of extremely rated cloud service suppliers fell sufferer to vital outages. “These cloud suppliers have the most effective tools and personnel on this planet,” Gibbs wrote. “The factor is, tech fails, and we have to plan for it.”
Multicloud environments are the reply
Gibbs is adamant that utilizing a multicloud atmosphere is the way in which to go.
“Multicloud is the usage of a number of cloud computing and storage companies in a single heterogeneous structure. This additionally refers back to the distribution of cloud property, software program, functions, and so forth., throughout a number of cloud-hosting environments. With a typical multicloud structure using two or extra public clouds in addition to a number of non-public clouds, a multicloud atmosphere goals to remove the reliance on any single cloud supplier.”
Gibbs subsequent checked out what is required to help a multicloud atmosphere. Constructing two similar clouds utilizing open-source instruments, reminiscent of those listed under, is extremely advisable:
- Open databases (MariaDB, MongoDB, Apache Casandra)
- Open Kubernetes companies
- Commonplace networking protocols (BGP, 802.1q)
- Open Linux (Ubuntu, Purple Hat, CentOS)
Relating to safety, Gibbs provides, “No cloud vendor-proprietary service needs to be used, as market safety will not be vendor proprietary and, in lots of instances, affords extra strong safety than cloud-native safety instruments.”
To maintain issues easy and safe, Gibbs recommends:
- Utilizing business non-cloud-specific instruments, market firewalls and VPN concentrators that may maintain a virtually similar configuration in each clouds (Cisco, Palo Alto, Fortinet, Checkpoint, and so forth.).
- Guaranteeing either side of a connection has the identical safety configuration.
- A community load balancer will front-end two digital firewalls in every cloud, adopted by community entry management lists, safety teams, host-based firewalls, endpoint safety, and related id and entry administration insurance policies.
Creating community connections
In line with Gibbs, the router connecting to every cloud supplier ought to have redundant line playing cards, redundant management modules, and redundant energy provides.
“There needs to be a separate high-availability router for every connection,” Gibbs says. “Every WAN connection to the cloud supplier (Ethernet WAN) needs to be from a distinct community service supplier. Every WAN connection to the cloud must also be in a separate direct join/specific join level of presence—redundancy in every single place.
“Two web connections throughout two web service suppliers are wanted on the buyer’s website connecting to the web with BGP for load sharing and optimized routing,” Gibbs says. “There needs to be two separate routers on the buyer website that can present backup VPNs to every cloud supplier, ought to one of many main community connections fail.”
Extra ideas from Gibbs:
- Every website, buyer website, and supplier ought to use a distinct CIDR vary that may simply be summarized right into a single route if desired.
- Almost similar BGP insurance policies needs to be arrange for the routing between every cloud (clearly adjusted for deal with variations).
- If reasonable availability of 99.99% is adequate, the most effective strategy is to make use of a single availability zone (knowledge heart) in two clouds.
Tremendous-high availability designs
Gibbs outlined super-high availability as networks which might be at the least 99.999% obtainable and don’t expertise greater than 5 minutes of unplanned downtime per 12 months. “When this degree of availability is required, utilizing two availability zones (knowledge facilities), every in two separate clouds is advisable,” Gibbs mentioned. “Retaining the identical design as above, however with two knowledge facilities per cloud supplier.”
There’s a downside, Houston
If the above appears complicated, many agree. In Lance Whitney’s TechRepublic article Easy methods to beef up your multicloud safety, he writes: “A full 95% of the respondents [of a Valtix survey] mentioned they’re making multicloud a precedence in 2022, with nearly all of them placing safety at or close to the highest of the listing. But solely 54% mentioned they really feel assured that they’ve the instruments and abilities obligatory to realize this objective.”
For those who look again at pre-cloud computing networks, it turns into obvious that Gibbs is attempting to inject that very same redundancy into cloud-computing environments to cut back the probability of single-point-failure occasions that may happen when utilizing a single cloud supplier.