Hybrid Cloud Taxonomy Premise

Wikibon research shows that large and midsized enterprises have mostly rejected the model of moving all data processing to a single public cloud for a number of reasons:

  1. Many applications require better and more consistent latency than is possible from public clouds.
  2. The network cost of moving significant amounts of data to a public cloud is prohibitive today and will continue to be so in the future. It is much cheaper to process the data in real-time where it is created.
  3. There are legal reasons for storing some types of data on premises.
  4. Whose data is it, anyway? Enterprises want clear ownership and protection of their own key data.
  5. Enterprises are avoiding the risk of single sourcing their digital transformation strategy.
  6. The availability of sophisticated low-cost sensors in many distributed devices at the Edge, together with the development of real-time stateful software, is revolutionizing the cost and functionality of Edge hybrid applications.  

Another view is that a single cloud can handle all current and future applications more efficiently, at lower cost, and produce business benefits such as shared data across an enterprise for AI applications to work on. The DOD argues this case in the JEDI project, and picked Microsoft for the project as a sole cloud supplier. [Note: The award is being contested by AWS.] However, most enterprises are already spreading data and compute across a number of cloud and hybrid cloud environments in both private and public clouds. As a result, the number and types of hybrid clouds are growing rapidly.

The premise of this research is that hybrid applications (those requiring data and compute from multiple clouds – see Hybrid Application section below for more discussion) will necessarily be deployed across hybrid clouds. One key capability of hybrid applications is the ability to move code to data, while also enabling movement of summary data to other cloud nodes as required. Hybrid applications achieve their highest functionality and lowest cost when they can be dynamically orchestrated to run against location optimized data. These applications will need specialized services from increasingly sophisticated hybrid clouds.

Hybrid Cloud Taxonomy Introduction

Figure 1 illustrates Wikibon’s taxonomy of hybrid cloud topologies. This taxonomy reflects increasing increasing degrees of state, integration, automation and ability to run hybrid applications across multiple cloud resources.

Hybrid Cloud Taxonomy
Figure 1 – Wikibon Hybrid Cloud Taxonomy
Source: © Wikibon 2019


Figure 1 illustrates Wikibon’s hybrid cloud taxonomy. The five topologies in the taxonomy are shown in the top line of Figure 1. They are

  • Multi-clouds
  • Loosely-coupled Hybrid Clouds
  • Tightly-coupled Hybrid Clouds
  • “True” Distributed Hybrid Clouds
  • Autonomous Stand-alone Clouds

The four horizontal arrows in Figure 1 show increasing levels of stateful applications and data, integration between multiple clouds, operational automation, and the ability to run hybrid applications seamlessly across multiple clouds.

The five boxes at the bottom of Figure 1 show the additional functionality that is added to each element of the taxonomy. Each box includes all the functionalities of the boxes to the left of it.

Enterprises are discovering the business value inherent in each these different topologies and are finding solid cost justifications for each of them. They will be deployed for different types of hybrid applications. In general, more complex, mission-critical, stateful, and real-time hybrid applications need higher levels of hybrid cloud services, and need hybrid cloud topologies to the right in Figure 1.

Hybrid Applications

Hybrid applications will increasingly be deployed to maximize the value extracted from vast amount of distributed data from sensors and machine inputs. These hybrid applications will run on multiple nodes in different clouds. Hybrid services will be developed to enable “moving code to data” as well as the traditional moving data to code.

In addition, hybrid services will allow state to be shared across hybrid clouds in real-time. This will enable revolutionary new hybrid applications, especially at the Edge.  

As a result, data architects will have greater flexibility in how data is distributed. In addition, developers can extract higher value from the data wherever it is located. Applications initiated by one node in a hybrid cloud can extract summary data from a number of other nodes, combine it with local data, initiate actions in real-time, and distribute the results of state change as necessary. These hybrid applications by definition can be distributed across many clouds, both private and public, as well as Edge devices and Edge clouds.

Hybrid applications will require the availability of advanced hybrid cloud services. These services  are major “white space” innovation opportunities for vendors and enterprises. Stateful software and hardware is another area where innovation is happening quickly, and where there are major opportunities for innovate vendors.   

The hybrid application model enables the delivery of innovative applications and reduces the cost and elapsed time to access and process real-time data. As a result, enterprise can deliver automation faster, and reduce business costs and cycle times more effectively. 

Cube Conversation on Hybrid Cloud Taxonomy

Below is is Video 1, a 12 minute conversation on the emergence of hybrid cloud topologies, and its importance to CIOs.

Video 1 – Cube Conversation on Wikibon Hybrid Cloud Taxonomy
Source: © Wikibon 2019.

Wikibon Hybrid Cloud Taxonomy


Multi-clouds are integrated networks between autonomous cloud networks. Data is transferred in the traditional way. Network integration is between the autonomous cloud networks and private networks.

Inter-cloud Networking

A major source of multi-cloud interest is from enterprises that need to connect to major public IaaS cloud providers such as Alibaba, AWS, AWS with VMware, Google, IBM, Microsoft, Tencent and many others. These providers run large-scale centralized clouds each with their own PaaS integration.

These public cloud systems are disaggregated, with home-grown orchestration and automation software often originally based on open-source software. This software has usually been improved by rapid forking from the original open-source, effectively making them proprietary systems. This provides excellent support for IaaS and SaaS services, but as a result there are very few other hybrid services available between the major cloud providers outside of networking.

Important Vendors for Inter-cloud Networking

Multi-cloud network integration services will be an important service requirement across the complete hybrid cloud taxonomy. A leading vendor of multi-cloud network integration software is Cisco with Application Centric Infrastructure (Cisco ACI). The Cisco ACI fabric consists of discrete programmable routers and switches that are provisioned and monitored as a single entity.

Cisco is partnering with AWS, Azure, Google Cloud, and other service providers to provide software and solutions that span between on-premises and cloud offerings. Cisco SD-WAN (Software Defined WAN) supports physical, virtual, and inter-cloud environments, as well as providing security services. Cisco CloudCenter Suite enables developers to understand the resources in each of these environments and lay down an application natively across those different environments. This suite can manage and orchestrate containers as well as VMs.

Loosely-coupled Hybrid Clouds

Shared Data Plane(s)

The key difference between multi-clouds and loosely-coupled hybrid clouds is that the latter has at least one shared data plane. This architecture is advantageous to enterprise data architects.  These architects have a major challenge because the data planes within the major cloud providers are proprietary. While they charge very little for ingress, there is a high cost for data egress, since these providers are motivated to keep as much data as possible in their cloud.

A number of vendors have developed software-defined storage (SDS) solutions that can run across multiple public and private clouds. This potentially makes the management of data, backup and recovery of data, and data placement much easier in a hybrid cloud environment. In addition, the flash technologies and aggressive use of metadata can provide low-cost low-latency ways of sharing virtual copies of data across a hybrid cloud network. A major benefit of these SDS technologies is that the hardware is separate from the software, and much easier to scale up and down. This makes hybrid applications much easier to develop and maintain.

Important Vendors for the Data & Data Management Planes

Most major storage vendors are migrating to multi-cloud SDS architectures. Wikibon has projected for some time that “Server SANs” (i.e., SDS instances running across multiple clouds) will replace traditional storage array-based SANs.

IBM and Pure Storage are good examples of storage companies who have enabled all their storage software to run in any cloud. WANdisco’s Paxos technology and the HPE SimpliVity advanced file system are technologies using metadata and fast networking to support distributed file systems at distance.

There is a significant opportunity for storage software vendors to make improvements in their SDS software to enable hybrid applications to orchestrate data placement (e.g., dynamic latency monitoring).

Many new data protection and data management companies, such as Veeam, Cohesity, Rubrik, Veritas, Commvault, etc are bringing out software to manage data across multi-cloud environments. This software runs on most cloud provider platforms, as well as on private clouds.

Companies such as Dell are also moving aggressively to move their traditional integrated appliances to a software defined base that can be run on VMware Cloud Foundation, and across other different public and private clouds.

Tightly-coupled Hybrid Clouds

Shared Control & Orchestration Plane

Tightly-coupled hybrid clouds add the control plane to the capabilities discussed above. This control plane includes orchestration services for resources across a tightly-coupled hybrid cloud. A common networking plane would be in place, as well as a storage and data management plane.

Important Vendors of Tightly-coupled Hybrid Clouds

IBM Z Sysplex is the earliest example of this type of system. This allows a shared time service across all the distributed Sysplex nodes. This in turn allows application suites to be moved or restored to another node in real-time. IBM has announced cloud-ready mainframes such as the z14 ZR1 and LinuxONE Rockhopper II, deployed on standard 19-inch frames. These systems enable hybrid applications to run across the traditional systems of record running on zOS to work closely with AI and Advanced Analytics inference code running on LinuxONE.

Another example of this could be an ultra-low latency specialized data AI/analytic platform, such as iguazio. API requests for results sent from a traditional system of record or engagement to iguazio could enable real-time automation of business processes supported by the traditional systems. The key is a highly-coupled control system, in addition to the network plane and data plane integration from the preceding hybrid types discussed above.

On February 20, 2019, Google announced the shipment of a beta version in a blog entitled “Cloud Services Platform—bringing hybrid cloud to you“. Cloud Services Platform (CSP) is built on the Google Kubernetes engine (GKE), which has been extended to include GKE on-prem. The other important components of the hybrid cloud offering are the extensions in Istio. Istio is a service mesh providing ways to connect, manage, and secure micro-services. The Istio hybrid extensions were announced in beta on February 14, 2019. Wikibon has placed Google CSP in the Tightly coupled topology because it provides the common control plane, but does not include any integration of the hardware. This is a less ruggedized solution suitable for stateless systems of engagement and analytics, but not for mission critical systems of record.

Distributed “True” Hybrid Clouds

Any Application on Any Node without Change

Wikibon defines “True Hybrid Cloud” as a multi-cloud where any application or application service can run on any node of the hybrid cloud without re-writing, re-compiling or re-testing. True Hybrid Cloud architectures have a consistent set of hardware, software, services, APIs, integrated network plane, security plane, data planes, and control planes that are native to and display the characteristics of public cloud infrastructure-as-a-service. These attributes can be identically resident on other hybrid nodes independent of location (e.g. in the cloud, on premises or at the edge). Future functionality is developed first in the cloud and then pushed down to the hybrid nodes as a service. In this model, developers can dynamically bring code to data, with lower data access latency and lower costs of data transfer than traditional approaches.

The support from major cloud providers for traditional systems of record software such as Oracle & DB2 is generally poor. These system have stayed in enterprise data centers, and are moving to on-premise clouds such as Microsoft Azure and Oracle Cloud at Customer. These private clouds have similar cloud characteristics as public clouds. The major business drivers for these types of private clouds are the avoidance of conversion costs to other database or packaged systems, the requirement for low latency processing of data close to the source, the high cost of moving data, and the increasing governmental regulation of where data is kept.

Distributed “True” Hybrid Clouds enable the benefits of Centralized cloud services to the delivered to on-premises.

Important Vendors for Distributed “True” Hybrid Cloud

Cloud vendors are rapidly adapting to this on-premise trend, and are delivering ruggedized hybrid and on-premise clouds that enable this capability.

  • AWS & VMware Outposts on-premise clouds in 2019 will use the same hardware and most of the same software as available in the AWS public cloud.
  • Dell & VMware’s SDI on VxRack is connected with Cloud Foundation to other VMware VxRack nodes and AWS nodes.
  • IBM zOS Sysplex systems running mission critical systems of record, and potentially IBM Cloud Private are potential Distributed”True” Hybrid Cloud systems.
  • Microsoft’s Azure Stack connecting to Microsoft Azure Cloud services.
  • Oracle’s Exadata Cloud at Customer & Cloud at Customer on-premises use the same hardware on-premises as in the Oracle Cloud.

Enterprises are installing hybrid clouds supporting hybrid applications to remain competitive by adding real-time functionality and automation to existing systems of record. This is a lower-cost and lower risk strategy than converting to cloud native platforms.

Google CSP is included in the tightly-coupled topology (see “Important Vendors for Tightly-coupled Hybrid Cloud” in the previous section), as it is not a ruggedized hybrid cloud solution.

Autonomous Stand-alone Clouds

Autonomous Stand-alone Clouds at the Edge

Autonomous stand-alone clouds are very different from other clouds in the taxonomy. They are often situated at the Edge, both on-premise and within a facility. These systems often run where communication cannot be guaranteed (e.g., Edge systems in planes, ships, automobiles, trucks). Other are legally required to have robust communication air-gaps (e.g., nuclear power station systems, high-security SaaS systems, robotic systems, and many military systems).

Stand-alone Clouds are independent distributed systems with independent software, mainly operating in real-time. Software updates can be downloaded when connected to a secure network, or by deploying air-gapped distribution solutions. The testing of new software is usually performed rcentrally before distribution to the Edge.

Autonomous stand-alone clouds are mainly driven by sensor data. Wikibon projects that there will be a trillion sensors creating and processing data by 2030, mostly on machines rather than people. The cost to enterprises and governments to move, store, and manage all this data is and will be cost prohibitive. As a result, enterprises must adopt different strategies to process ephemeral data in real-time at source, discard what’s not useful, keep only a minute fraction of distilled valuable data.

Previous Wikibon research (The Vital Role of Edge Computing for IoT – 2017 Update) shows that the cost of pushing computing to the Edge is over 6X lower than moving the data to a cloud provider. Edge devices are becoming more integrated with the sensors, and more processing is being moved into the sensors themselves. The resulting analytics are using lower cost lower power volume technologies based on consumer derivatives from ARM and Qualcomm. An example is the processing for image recognition being moved inside video cameras, in order to utilize better quality data where it is gathered. This trend, together with the stateful computing described below, will increase the relative benefit of processing data where it is created to well over 100X better than centralized cloud computing. Why? Read on!

This stateful Edge computing consists of devices that are processing sensor data in real-time primarily to maintain the state and change of state of the Edge environment. This state also needs to be shared in real-time with many other distributed local devices. The overall distributed state is persistent and constantly changing, and derived from data that is ephemeral.

Important Vendors for Autonomous Stand-alone Clouds

This Edge computing environment is totally unlike the normal database-driven cloud environments, and need a different set of tools and concepts, as well as different hardware. The good news is that the applications can usually be run on hardware developed for consumers, which is an order of magnitude lower cost than traditional datacenter equipment.

One important vendor of stateful edge software is SWIM.AI. They have recently announced a set of open-source frameworks and code that are an important step in defining the exciting new space.

Amazon AI SageMaker transforms an AI model in the cloud to an inference image running on multiple devices and chipsets at the Edge. This is useful for distributing and updating AI models to the Edge.

Nvidia is the most important developer of GPUs, which are used extensively in AI inference code. Nvidia has also developed low-cost low-power platforms (mainly Arm) with integrated GPUs that many manufacturers (e.g., Tesla) have installed in their cars and trucks.

Another early vendor is Google’s Waymo subsidiary, developer of a mobile autonomous driving system. This is an example of a type of autonomous stand-alone cloud system that can and must operate without connection to traditional networks. These systems may sometimes need to communicate with other mobile systems in close proximity, but will use specialized point-to-point low-latency protocols for trusted vehicle-to-vehicle communication such as 802.11p (5G is too slow and unreliable). These systems will be integrated and tested by traditional car manufacturers.

Autonomous stand-alone clouds will be different by industry and type of workload. The main developers of these systems are likely to be current or new suppliers to these markets, who will purchase and integrate technology components from IT suppliers.

Hybrid Cloud Planes

The Importance of Hybrid Cloud Planes

Hybrid cloud planes will create the integration between different clouds. All successful individual clouds have good internal integration planes. These include an internal network plane, data plane, control plane, security plane and compliance plane. The challenge for hybrid cloud is creating secure, compliant, and low-latency end-to-end planes across the hybrid cloud. These planes must support real-time hybrid applications running across a hybrid cloud.

Example of Hybrid Cloud Plane: Security & Compliance

All clouds individually have good security and compliance components. Hybrid Clouds bring the requirement for security and compliance across clouds. Compliance with EU’s GDPR, the California Consumer Privacy Act, and similar new laws is critical.

Basil Security, Inc. is an example of an early entrant in this space with software defined security running across different clouds. This platform supports proactive zero trust cybersecurity and audit operations in hybrid clouds. It deploys policy as code, has unified immutable audit logging, and enforces policy based on NIST attribute-based access control standards.


The technology and business drivers for hybrid clouds are inexorable. The potential business value is enormous. Moreover, it is 10X to 100X cheaper to process data as close as possible to where the data originates. New applications based on State can be written that are impossible to centralize.

Over time, enterprises will enthusiastically embrace the trend to distributed functionality, with hybrid applications running against distributed data managed across multiple private and public clouds. Wikibon will be publishing market projections for each of the hybrid clouds in the Wikibon taxonomy in the first quarter 2019.

Action Item

Enterprise executive management should embrace multi-cloud and hybrid cloud computing, and develop strategies that push cloud computing to be as close as possible to where data originates. Enterprise senior executives should ensure that future system are designed to only send summary results of the processing be shared with other nodes, and not all the data. Senior enterprise development should develop the skills to develop and deploy hybrid applications. Enterprise executive management should also ensure that the multi-cloud strategy includes clear capabilities of getting rid of ephemeral data as soon as possible after it has been processed in real-time or near-real time.

The key IT strategic decisions that will have to be made are the choice of technologies for different planes across multiple different clouds. These planes include Network Plane(s), Data Plane(s), Control Plane(s), Autonomous State Plane(s) and Security Plane(s). It is important that there is clear delineation between between these planes. The clear focus of these planes should be to enable ease of hybrid application development and deployment, which will be by far the greatest value contributor to the enterprise as a whole.



Google’s CSP offering was added to the Important Vendors discussion for Tightly-coupled Hybrid Clouds on March 11, 2019.

Figure 1 was updated April 19, 2019