The Essentials of Linking Clouds
The things to know about multicloud networking in order to get it right.
As cloud adoption rose, organizations eventually saw value in using multiple cloud platforms at once. The reasons for doing this vary. But to use multiple clouds, of course, an org needs a network to connect them and support its applications’ needs. Enter the concept of multicloud networking.
Let’s take a closer look at how multicloud networking is different from the vantage point of the networking teams, some common challenges they may face and some best practices for addressing them upfront, in the planning and design phase. After all, getting the network design right can make or break any cloud deployment.
Why Multicloud to Begin With?
Sometimes organizations use multiple clouds to avoid getting locked into a single vendor. More often, however, they use one cloud platform for one purpose and set of capabilities and another for a different one (Google Cloud for analytics, for example, and Oracle Cloud for database). Some use different public clouds for different applications, but those applications have shared connectivity components. A company might use a data lake or data warehouse by one cloud provider but have end users interact with it via a messaging platform by another provider. The amount of potential use cases for multicloud environments is huge.
How Multicloud Networking Is Different
The biggest difference between multicloud networking and single-cloud or on-prem networking from an admin’s perspective is the level of complexity involved. Building and operating a network that connects multiple cloud providers requires managing multiple platforms, each with its own set of rules, tools and networking nomenclature. Adding each new cloud provider to the mix adds another layer of complexity to managing the overall environment.
Repeat After Me: Performance and Security, Performance and Security…
Two goals fundamentally drive most networking decisions, regardless of the type of network: performance and security. Achieving both is more difficult when multiple cloud environments are involved.
Latency can be a serious issue in multicloud deployments, so can inconsistent performance from one cloud provider to the next. (This, by the way, can play a role in selecting a certain provider for a certain purpose. If an application has some stringent performance requirements, it’s possible that not every provider can meet them or meet them at a price point that works for the customer.)
The complexity of multicloud deployments makes security more difficult to manage. By adopting an additional cloud solution, an organization increases its attack surface. It’s hard to ensure uniform security configurations across your environment, for example, if it consists of multiple cloud platforms. There are more opportunities for misconfigurations that lead to vulnerabilities. Identity and Access Management across multiple clouds is also complicated.
Multicloud Networking Can Run Up That Cloud Bill
Networking charges are often the reason behind the dreaded “surprise cloud bill.” Instead of a flat fee for a set amount of bandwidth on a network connection, cloud providers usually charge for using their networks based on the amount of data that gets transferred, where the data originates and where it’s transferred to. The last two variables are especially important in multicloud networking, since the cost of moving data out of a cloud provider’s network, or “egress,” is usually high, while the cost of transferring data onto a cloud platform, “ingress,” is zero or close to it.
Have Fewer Tools Than You Have Clouds
The first step to getting multicloud networking right is making sure the organization’s administrators and architects are proficient in using each cloud platform involved. They have to understand each provider’s terminology, relevant tooling, user interfaces and APIs.
The goal is to design a secure multicloud network that meets the organization’s performance requirements and isn’t overwhelmingly complex to manage. Choosing the right network management tools (for monitoring, observability, security and so on) can simplify management. While each cloud provider has its native networking tools, there are powerful third-party management tools out there that work across multiple cloud platforms.
When evaluating network monitoring and observability tools, look for integrations with a wide range of cloud providers, full-stack visibility (from network to applications) and the ability to provide a holistic view of the environment. Advanced networking features like network tracing, real-time analytics and data visualization are a must.
Tips for Maximizing Multicloud Network Performance
It takes a lot of design and planning work upfront to ensure maximum possible performance for a multicloud network. The focus areas are physical data center locations (in relation to each other and in relation to end users), network architecture and optimization techniques. Here are some useful tips:
- To ensure lowest possible latency for end users regardless of where they are, use cloud platforms that have many data centers in many different geographic regions. This reduces latency by reducing the physical distance data has to travel from the cloud to the user and back.
- To shorten that distance for even more users, make your environment more distributed by adding edge nodes in regions without core cloud nodes.
- Use load balancing to distribute traffic across your servers and caching and content delivery networks (CDNs) to make sure the data users need is physically located as close to them as possible.
- Linking your cloud providers over dedicated, private interconnects instead of the public internet makes a huge difference in performance and reliability of your multicloud network.
- Data deduplication, protocol optimization, compression and other optimization techniques reduce the amount of data that needs to travel over the network, thereby improving performance.
- Once your multicloud network is up and running, keep a close eye on your monitoring and observability dashboards. This way, when there’s a network bottleneck or another kind of performance problem, you can quickly detect and resolve it.
If you are an AWS customer, Equinix Fabric Cloud Router on the AWS Marketplace is a way to create low-latency, private, direct connections between different cloud providers with little hassle and manage them all in one place. It's free to try.
Tips for Securing Multicloud Networks
Tooling plays a key role in multicloud network security, and it’s important that networking teams work closely with security teams to select security tools that have the right capabilities but also fit with the organization’s overall security strategy. Here are some additional tips that apply to network security in general but are especially pertinent for multicloud environments:
- The organization’s security strategy must be uniform across all of its cloud providers. It has to be applied consistently to all the cloud platforms’ different policies, tools and security architectures.
- Because your data will travel between different cloud providers and stored in different locations, it’s important to encrypt data in transit and at rest.
- Firewalls, intrusion detection and prevention systems, VPNs, antivirus and antimalware software, Security Information and Event Management, Data Loss Prevention and other network security controls are all crucial in securing a multicloud network, with its many subnets and connections.
- Authentication and access controls need careful consideration in a multicloud environment, since the different cloud platforms will be accessed by many users and many devices.
- Once the multicloud network is set up, keeping it secure requires constant monitoring and regular auditing to keep all the cloud services configured in a way that’s secure and compliant with the organization’s security policy.
- Each cloud provider releases patches and updates on its own schedule, so multicloud network admins must have a tight process for ensuring their environments are up to date.
- It’s also important to account for multiple cloud providers in the organization’s incident response plan.
Once your initial network design is finished, it’s important to test it for basic connectivity and security. A good low-impact way to do this is to deploy a testing or development environment in a multicloud configuration and see how it performs.
There is a lot more that goes into designing and managing a robust multicloud network, of course. Connecting disparate cloud platforms in a way that’s secure and delivers a seamless application user experience is difficult, but ensuring that there’s an appropriate level of training on the team, that the right tools are available and that there is enough time and resources to design the architecture and the necessary organizational processes upfront are the basic elements of success.