Stephen King, vCORE DevOps Engineering Lead | Aug. 6, 2020
In my previous blog post, part 1 of 3, I discussed serverless strategies and how to avoid vendor lock-in.
Compute footprints continue to expand past traditional on-prem data centers, and these multi cloud and hybrid cloud environments create unique challenges for application and infrastructure architecture, such as:
- Consistent deployments over multiple cloud vendors
- Access policies and firewall management
- Single pane of glass operational visibility
- Common control plane.
Networking for multi-cloud and hybrid cloud is a challenge because each vendor has a unique set of consumable resources in their respective cloud. Complexities that multi-cloud networking brings to your environment can strain your staff and infrastructure with tasks that are seemingly simple. Deploying a VPC in Azure and AWS using infrastructure as code, can take days, for example.
Today I’ll discuss how to consistently build a multi-cloud network architecture that can support your application and business needs.
One Architecture for Multiple Clouds
Each provider — whether Azure, AWS, GCP or your on-prem environment — requires you to have resources that specialize in each of those areas. If you are adding a new cloud vendor, or expanding your infrastructure footprint to cloud for the first time, you need to have a to have a robust architectural framework that addresses the following challenges:
- Operational visibility – Your network engineers expect visibility and control over the underlying network like you have on-prem. Cloud networking providers lack this visibility, and merging multiple vendors into a single pane of glass view is exceedingly difficult.
- Common control plane – Deploying cloud networks should be seamless and work consistently regardless of the cloud vendor. Creating a common control plane for your network engineers will ease adoption and speed up your time to market.
- Access policy and firewall management – Integration of your existing firewall vendors allows you to quickly add value by leverage existing network team talent. Standardization of access policies, regardless of the cloud networking provider, simplifies your management and change-request process.
- Consistent deployments – Building a consistent and repeatable environment saves your engineers time and reduces manual toil. With a consistent architecture, you are able to build modules and deploy consistently against any environment.
vCORE’s Multi & Hybrid Cloud: How we did it
When vCORE embarked on building a multi-cloud application for an internal project, we had to tackle these same problems. Our application design spread over multiple cloud vendors, and we wanted to be able to branch in at least one more as a stretch goal.
vCORE wanted to ensure our cloud network infrastructure was code, had a common control plane and management platform, and offered good operational visibility.
We landed on Terraform as our IaC platform of choice and checked our code in to Azure DevOps. By using Terraform, we were able to build network modules and then consume them when spinning up compute resources. Then they are torn down when the compute resources are destroyed, making our networks consistent across our application environments and cloud providers.
While this solved the consistent and repeatable challenges and infrastructure as code requirements, our vCORE team still needed to tackle finding a common control plane and management platform with good operational visibility.
For that, vCORE leveraged Aviatrix, which took care of Day Two challenges by being able to visualize and help us analyze our traffic between application endpoints, regions, and providers. Aviatrix provides us a repeatable network design that we can deploy from Terraform and integrates with our existing security system vendors.
With the ability to produce repeatable infrastructure as code deployments for networking, we have improved delivery time and consistency across our multi cloud deployments. We can quickly troubleshoot application connectivity issues and manage our firewalls with a single solution.
Conclusion: Network agnostic tooling simplified our One Architecture for Multiple Clouds
As organizations continue to expand multi-cloud and hybrid-cloud, those implementations require a novel approach to consistently deliver the network foundation necessary to successfully deploy your applications.
By combining the Terraform and Aviatrix, vCORE overcame the same design challenges others will face implementing a successful multi-cloud network architecture. We used Aviatrix to create a single pane of glass for network operational visibility and management, and we built our infrastructure as code with Terraform rather than using the vendor-specific solutions. By using Aviatrix and Terraform, vCORE created a sustainable multi-cloud network architecture.
In my next blog, I will discuss the challenges around multi-cloud application monitoring, site reliability and diagnostics, and some of the tools we have leveraged to solve them.
Want to learn more about Cloud Platforms and Services available from vCORE? Visit our Cloud page to contact our team and request a consultation.
More from the vCORE Technology Blog
Considerations for Hybrid Cloud Application Architecture — Serverless (Part 1 of 3)
2020: Cloudy with a Chance of DevOps
Accelerate with Cloud Automation
Business Re-Imagined: 3 Powerful Technology Trends to Watch in 2020
Five Questions with vCORE Cloud Technical Director Brent Piatti
Maintaining Compliance in the Cloud