Premise: Since the term “Hybrid Cloud” first hit the marketplace in 2009, the concept has been ahead of the available technology and been based on flawed thinking. While many CIOs desire the predictability and security of on-premises resources and the agility of public cloud resources, the reality of that vision has not materialized for many businesses.
Hybrid Cloud has been at the top of the priority list for CIOs looking to modernize IT and better leverage technology to gain competitive business advantages in their markets. CIOs are under intense pressure from their C-Suite and Lines of Business to be more responsive to business demands, and the promise of controlled, secure on-demand resources was seen as the way to meet those requirements But as the calendar moves into the 2nd half of 2015, the market has struggled to fulfill that market demand.
At the core of the problem with the lack of Hybrid Cloud offerings is the initial focus on the wrong part of the technology stack – infrastructure. Hardware companies such as HP, EMC/VCE, IBM and Cisco attempted to define the term “Hybrid Cloud” as the output of a world that would migrate to new racks of converged infrastructure. The vision saw Enterprise IT and Cloud Service Providers with ubiquitous infrastructure environments.
The NIST followed this approach with their Cloud Computing definitions in 2011:
Hybrid cloud. The cloud infrastructure is a composition of two or more distinct cloud infrastructures (private, community, or public) that remain unique entities, but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting for load balancing between clouds).
This focus on infrastructure-layer cloud architectures lead to several significant problems:
- Microsoft Hyper-V failed to gain early market-share and Microsoft Azure was late in developing a compelling set of Hybrid Cloud features. They missed an early opportunity to enable their huge installed base of Windows Server customers with the functionality that would become Azure Pack.
- VMware had the leading on-premises hypervisor, but none of the large public clouds (e.g. Amazon Web Services, Microsoft Azure, Google Compute Engine, Rackspace, Softlayer, etc.) used that hypervisor for their on-demand offerings. This led to compatibility issues for application mobility.
- VMware would not announce the vCloud Air service (formerly vCloud Hybrid) until 2013, and not offer OnDemand capabilities until 2014. The simplified technology to manage a Private+Public environment was 3-4 years behind the market demand and hype.
- Several companies acquired interesting technologies and tools that could help manage resources across multiple clouds (Cisco:newScale; Dell:enStratius; VMware:DynamicOps; HP:Eucalyptus; Oracle:Nimbula), but almost all of these products either got refocused to narrower scopes, or they struggled to find commercial success when aligned to infrastructure-incentivized sales forces.
- Too many companies focused on the “cloud bursting” use-case, which was often impractical due to the limitations of moving large amounts of data across the network, or the complexity of building secure networking (VPN, VPC) between clouds.
All of these limitations allowed the market for public clouds to not only grow rapidly (see Wikibon’s Public Cloud Market Forecast 2015-2026), but individual cloud offerings have matured and begun to offer attractive services to Enterprise customers.
[Video] Wikibon analysts Stu Miniman (@stu) and Brian Gracely (@bgracely) discuss the current state of Hybrid Cloud and the areas where technology is making progress, where it is lacking, and what Hybrid Cloud strategies that Wikibon recommends that vendor execute in 2015-2016.
While Microsoft and VMware technology was at the center of the early Hybrid Cloud limitations, many other technologies have not yet filled the gaps either. OpenStack was created with the vision to create a global federation of open clouds, but to-date the ability to federate between OpenStack clouds is not yet available in the market. Both Microsoft and VMware have since enhanced their Hybrid Cloud offerings, but it’s yet to be seen if they are too far behind in their public cloud offerings to catch AWS’ evolving Enterprise features. Of those two companies, Microsoft has the significantly larger cash reserves to continue building out public cloud infrastructure to compete with the mega-cloud providers.
Container-centric technologies such as Docker and Kubernetes have built tremendous communities and are beginning to leverage the portability of containers, but the unstructured platforms around them still need to be more robust to meet Enterprise requirements for building Hybrid Clouds. This is where it will be interesting to watch how federation projects like “Ubernetes” evolve, as well as container-centric services from the large Cloud providers. Structured PaaS platforms have an excellent opportunity to fill the demand for Hybrid Cloud, if they can provide to Enterprises that these platforms will move faster than some of the hot start-up technologies and public clouds.
Re-Thinking the Hybrid Cloud Architecture
Now that it is becoming more clear that the market will not have a ubiquitous infrastructure standard across clouds, it’s time to begin rethinking how to to approach a Hybrid Cloud architecture. Several key elements should be taken into consideration:
Data Gravity – While it may not be complicated to move a virtual machine or a container, which is typically only a few Mb or Gb in size, it is much different to move 100s of GB or TB of data across the Internet. In most cases, Enterprise Architects will need to design around the limitation that most data will stay in the cloud where it is created (public or private) and they will need to design application access patterns around the data location.
Rebuild the Environment; Don’t Move It – As more companies adopt the use of configuration management tools (Chef, Puppet, Ansible, etc.) and/or container-centric platforms, the ability to rebuild an environment becomes simpler and less error-prone. With orchestration tools (e.g. Hashicorp Vagrant/Terraform; Coud Foundry BOSH, etc.) becoming more aware of different cloud nuances, the preferred best practice is moving towards a model where applications are rebuilt on different clouds instead of trying to migrate a long-running VM or container than might be out-of-compliance for security or application dependencies.
Focus on the Application Layer – Whether the architecture is using a formal PaaS platform or one that abstracts the application above the hypervisor, it’s important to try and remove complex dependencies on the cloud-specific infrastructure capabilities and configurations. While this is the right layer of abstraction to focus upon, it can also choices for Enterprise Architectures. Not all platforms are designed to integrate well with legacy applications and data. These limitations might be fine if the primary business focus is new Cloud Native applications, but it may be limiting if the goal for existing applications is anything more than just cost reductions via virtualization and consolidation.
L2 or L3 Networking – While it may appear simple to interconnect multiple clouds in a Powerpoint diagram, the complexities of doing this in the real world are often under-estimated. The connectivity provided must consider inbound and outbound facing IP addresses, as well as the ability of traffic to traverse firewall perimeters. It’s important to determine if the best solution is based on L3-VPN technology or L2/L3 overlay networking – both come with pros and cons – and may or may not be integrated within the platform or provided natively by the cloud providers.
Don’t Forget Authentication – One of the simplest, but most important, functions of a cloud platform is how do end-users authenticate to the system. While it may be easy to use the credentials and authentication mechanisms of a single cloud, it will become more complicated when applications require authentication back to a corporate AD or LDAP system that is behind the firewall. Federating the authentication between cloud systems should be a top-level priority for any cloud architect that is trying to build a Hybrid Cloud environment.
In the past, traditional vendors have often marketed Hybrid Cloud offerings that were primarily focused on Private Cloud infrastructure refreshes and cloud management, with the promise of Hybrid Cloud in the future. With the pace of Public Cloud growth, this approach is going to drive customers to take a deeper look at making Public Cloud their primary option for new applications. While we are seeing more investment by traditional vendors in their own public cloud offerings (HP Helion Cloud, Cisco Cloud, IBM BlueMix, VMware vCloud Air, Oracle Cloud, EMC/Virtustream), it will be interesting to see if they can keep up with the growth of offerings by Amazon Web Services and Microsoft Azure. Not having more robust offerings to satisfy the Hybrid Cloud demand will leave them with a future that is primarily focused on updating the on-premises infrastructure for legacy applications. Except for a few areas, such as hyper-converged infrastructure and flash storage, this is proving to be a slow-growth market with single-digit annual growth rates.
For too many vendors in the market today, “Hybrid Cloud” means selling Private Cloud infrastructure and management; often based on VMware, Microsoft or OpenStack technology stacks, with the public cloud element being an after-thought or only offering customers limited choice. While this is a lock-in and interoperability strategy by vendors to keep customers aligned to their preferred infrastructure technology stack, it can have negative impacts to the IT organizations tasked with building Hybrid Clouds for their business. By not additionally giving their customers integrated and simplified access to the leading Public Cloud platforms (AWS, Azure, GCE, Digital Ocean), they are often not providing them access to the advanced services their business desires. This can lead to expanded levels of Shadow IT by Developers and Lines of Business owners. At a minimum, Hybrid Cloud vendors must have the ability to centrally provision public cloud resources across multiple clouds, from their self-service portal.
Action Item: Shadow IT and Line of Business groups are growing impatient with CIOs. As the demand for Hybrid Cloud moves into the second part of this decade, it will be critical for CIOs and Enterprise Architects to start rethinking their architectural approach, rather than waiting for infrastructure vendors to deliver solutions.