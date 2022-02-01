Hybrid cloud, defined as an IT strategy that encompasses both public and private clouds, has been growing in popularity in recent years.

Flexera’s 2021 State of the Cloud report indicates that 82% of their survey respondents are adopting a hybrid cloud approach. Hybrid cloud strategies seek to take advantage of the scale and service diversity of public clouds, while keeping private control of sensitive data and/or processing.

To understand whether a hybrid approach is viable for your organization, you have to understand the potential benefits and pitfalls. To do this, we’ll look at the benefits and challenges inherent in public and private clouds, and then unique difficulties and benefits that arise from combining them.

Finally we’ll look at approaches to avoiding (or at least minimizing) the downsides so that a truer picture of operational reality emerges.

Public cloud

Public clouds abstract away vast numbers of servers using virtualization software, and also usually provide other API driven services on top of things like software load balancers, databases, messaging, and much more.

Multi-cloud (as opposed to hybrid cloud) is using a combination of public cloud services. The appeal of public clouds as a platform is the very large (and elastic) scale available, the “pay as you go” model, the outsourcing of platform maintenance and upgrades, and the variety of services.

A typical datacenter used by Amazon web services (AWS - the largest public cloud available) has 50,000 to 80,000 physical servers. Amazon currently has 81 such data centers. The storage on offer is similarly astronomical, and practically infinite from the perspective of the vast majority of businesses.

So why not just go with a public cloud? Many do, but most leverage multiple clouds both public and private.

Security/privacy

Public clouds (unless special arrangements are made) use shared infrastructure in order to deliver cost effectiveness.

This same advantage can lead to security concerns, as sensitive workloads will be running in the same physical memory as unknown or potentially hostile workloads. Likewise, cloud storage is most often stored on shared hardware.

Control

The outsourcing of IT infrastructure can be attractive, especially if your operational needs are fairly ordinary and not demanding.

Public clouds put you at the mercy of a vendor that limits the amount of control and visibility you can have over operations. If you’re running a simple CRUD web application, then this probably doesn’t matter to you. If you have a complex network architecture, and highly demanding customers, it might matter a lot.

Attack vulnerability

Related to security, attack vulnerability arises for a few reasons in public clouds. For one, they are by definition accessible to the public, all over the world.

Applications running in a traditional on-site environment can take advantage of much more restrictive public access policies. The other reason is the attractiveness of the target. AWS, Azure, GCP and others represent huge, attractive, public targets for hackers and other threats.

Private cloud

Private clouds are servers and storage abstracted away by cloud software run in private data centers or labs. With a private cloud, you retain the control and burden of maintaining and upgrading infrastructure, but use virtualization to still provide a degree of flexibility and elasticity to users.

Typical providers are VMWare and Openstack, among others. The private cloud is attractive for the same reason running applications on premises has always been: security and control. No infrastructure is shared with unknown threats, access can be arbitrarily tightly controlled, and the prioritization of workloads, upgrades, and operational policies are completely definable by the business.

So why not just run cloud software on your servers and be done with it?

Scale

Having private infrastructure for applications that run with a fairly non-volatile resource consumption profile is great. You can plan and buy sufficient resources to cover it. Workloads that have big spikes can be problematic however.

They can result in long wait times for customers, or even potential outages. To scale private resources for rare events, where they sit idle most of the time, is very inefficient.

Cost

Owning and operating cloud infrastructure represents a high fixed cost, regardless of service demand. One of the main drivers for offloading IT to public clouds is the “only pay for what you use” model.

IT infrastructure is upgraded, patched, and serviced according to a well understood service level agreement, all for a cost that scales with usage.

Flexibility

The capital investment in computing resources can be high, and therefore well planned and focused on the estimates of future needs.

The future is unlikely to comply with our estimates much of the time, and even the best laid plans can fall short. The public clouds provide a wide variety of technologies and platforms to choose from that reduce friction in a business trying to respond to ever changing needs.

Hybrid cloud

The hybrid cloud approach attempts to combine the benefits of public and private clouds to exploit the advantages of each. In the simplest scenario, applications requiring higher security or more operational control are operated on the private cloud, while applications that have high scale requirements run on a public cloud.

Hybrid cloud applications can also span both types of clouds, offering on-demand use of the public cloud’s pay-as-you-go resources.

So why not go with the hybrid cloud approach, since it’s the best of both worlds.

Complexity

Any multiple cloud strategy will be more complex than one. Operations require an understanding of the public and private cloud platforms. Hybrid applications can require sophisticated coordination between on premise services and cloud infrastructure and services. Two (or more) attack surfaces to defend.

Diagnosing application failures is more complicated. Application configuration and management can be more complex.

Re-engineering

Re-imagining and re-engineering traditional monolithic applications for the cloud can be a significant (if a one time) engineering expense. Multi-cloud deployments, updating, scaling and healing need to all be considered to fully exploit (and therefore justify the migration to) the hybrid environment

Automation to the rescue

Realistically, any but the simplest of applications on a hybrid cloud will need sophisticated automation/orchestration. You can see it in the major cloud platforms, all of which have sophisticated declarative orchestrators, e.g. AWS Cloudformation, Azure ARM, Google GDM, Openstack HEAT.

In order to control the complex beast that is hybrid cloud, you’ll need automation that spans the public and private clouds you want to use. It should have the following characteristics:

It must be able to create high level abstractions on top of the different cloud platforms you use, and if needed, service APIs and networking hardware.

It should use a declarative approach that abstracts away procedural details from operators so they can focus on what must be done rather than how it is done. Ideally, the declarative vocabulary should be extensible, to permit you to create abstractions that are meaningful to your team(s).

It should support the automation templates and integrations you may already have so you don’t have to reinvent the wheel. This approach, in addition to leveraging existing resources, also allows each platform’s “best of breed” tools to be used.

It must be highly available, and capable of participating in CI/CD processes, so that an ‘infrastructure as code’ pattern can be used.

It must be agnostic when dealing with the underlying cloud providers that it interfaces with, to avoid getting trapped in a vendor silo. Ideally it should be open source.

Finally, it should be able to grow with you and handle thousands of deployments and thousands of users and tenants.

Recap

Moving to a hybrid cloud model has great potential for future proofing your IT infrastructure and operations, but it comes at a cost: complexity.

This complexity can be mitigated by adopting a high level of automation that abstracts away the painful details, reuses existing automation investments, and enables well defined, repeatable processes for operations.

Without such automation, you will be swamped by the complexity of managing a heterogeneous environment, but with it you can unlock the full potential of your cloud vision.

Nati Shalom is Founder and CTO at Cloudify.