Don’t Bring a Legacy Mindset to Multi-Cloud

F5 缩略图
Published January 05, 2022

Cloud has been around for the last 15 years, and it seems that many of us are still “migrating” to it. Rather than a one-time lift-and-shift, deploying to the cloud has become another option in the app deployment lifecycle, and applications are evolving to make better use of resources by being “cloud-native.” As organizations are increasingly adopting multiple clouds and mutli-cloud, it’s important to ask what other aspects also need to change in the apps and operations realm. Here are some tips to consider when deploying, mostly around what to avoid…

Don’t Apply a Slow Process to an Agile System

The complexity of modern IT and data center operations have largely depended on project and process management to track the skills and steps required for rollouts and changes to occur smoothly. Deploying a new service like a database required physical installation, network setup, application configuration, and security audit, often from different teams. Depending on the backlog for each team, a server setup could easily take two weeks—but the process was an efficient way to assure that each step was executed properly and avoided conflicts.

With cloud, all of these steps can potentially be performed automatically, simultaneously, nearly instantly, and, most important, non-disruptively. When agility is key, such as during development or in a mature CI/CD deployment pipeline, a dependable process can be replaced with dependable code attached to a lightweight process. When it took time and skill to perform a complex action, it made sense to plan, measure, and apportion. For cloud, an operation can be performed quickly with limited consequences, so planning and tracking should be adjusted so they don’t take more resources than the operation itself.

Don’t Insert Old Management Techniques into New Technology

Another legacy concept pulled into cloud is vertical silos of skills. In local area networks (LANs), it can make sense to have separate teams for networking and security. For technical and historical reasons, networking provides access, and then security restricts it. This separation runs deep within IT, with each discipline having its own separate specialized hardware, monitoring, and often even separate operations centers (NOC vs. SOC).

Inside clouds, networking is linked tightly to security for each endpoint, with a default of no access for most services. While there are constructs in clouds to simulate the behavior of legacy LANs, the primary effect is to remove the security between nodes. That lack of security must then be remediated, often by installing a virtual edition of a third-party firewall—exactly like LANs. In contrast, cloud-native orchestration can implement dynamic security policies per workload, creating micro-segmentation automatically to allow all necessary traffic and block everything else, tightly securing the network.

Don’t Treat Cloud Like a Data Center

If organizations treat cloud like physical-world IT, with legacy practices, it will re-create the associated legacy disadvantages. Silos between IT functions carry forward process delays and miscommunications, rather than the agility of orchestrated workloads. Separating networking and security re-introduces the legacy possibility of a gap in coverage—a spot where there is networking but not external security—and legacy-style policies based on location ignore the identity-based advantages of a zero trust model. None of these problems exist natively in cloud.

Don’t Approach Cloud and Legacy Network Connections the Same Way

Looking toward multi-cloud, one more aspect of current IT and operations practices will need to change: a perspective shift away from “connecting users to cloud” in favor of “connecting applications between clouds.” Most of the current cloud access networking products are derived from technology to connect branch to branch, re-applied with cloud as a destination. However, customers have told us they’ve encountered problems when trying to use simple Layer 3 IP-based solutions to cross-connect clouds, including connectivity issues like IP overlap and security issues like losing native identity metadata in transit. These are fundamental problems that can’t be solved by analyzing Layer 3 traffic for best guess “app detection.” Multi-cloud networking requires a cloud-native approach: orchestration of networking and security between clouds.

If you’re looking for a solution, F5 Volterra is a multi-cloud solution to orchestrate networking, security, and application delivery across public and private clouds. You can try it today by going to: Pricing | Volterra