James Thew - Fotolia
People throw around the term "hybrid cloud" like it's no big thing. But it makes me feel like I do at the dog park when faced with a new and interesting canine combination. Was the Dachshund the mom, and the Rottweiler the dad? Or was it the other way around, and how does that even work, anyway?
I got a little bit of clarity about hybrid cloud at AWS re:Invent in Las Vegas this month, where I learned more about how Amazon Web Services thinks about hybrid cloud, some of the more common permutations, and care-and-feeding best practices.
As far as AWS is concerned, a hybrid cloud environment is a "lollipop pattern," in which "you extend your data center out to the cloud, and the only way back is through the stick," said Miha Kralj, principal consultant with AWS Professional Services, during the "hybrid infrastructure integration" breakout session.
To that end, organizations need to choose their connectivity options wisely: either traversing the public Internet over a virtual private network using IPSec, or going with AWS Direct Connect through a partnering colocation provider.
Some of the advantages of the VPN approach are that you control the keys and that IPsec enables border gateway protocol (BGP) for routing and failover, said Paul Nau, a senior consultant with AWS Professional Services. At the same time, "because it's your own Internet traffic, you might see performance degradation," he said.
With Direct Connect, however, "you've completely avoided the Internet," said Kralj. "It's a guaranteed no-jitter line." Of course, Direct Connect tends to cost more, and the active-active design has security limitations. One compromise may be to layer VPN over Direct Connect for additional security, Kralj added.
Once an organization has settled on what kind of connectivity it need for its hybrid cloud, IT teams still have plenty of work to do, namely integrating the hybrid cloud with enterprise authentication and governance processes. To connect with on-premises Active Directory, AWS recommends using its AWS Directory Service, a managed service that "alleviates some of the back-end challenging work," said Nau.
AWS account federation and governance, on the other hand, "is not a small exercise," said Kralj. Organizations need to decide what AWS services various users can use and modify -- and IT needs to define roles for every specific activity in your organization. "This is a very complex mesh of accountability that you must track," Kralj added.
Full steam ahead with hybrid cloud environment
Some definite hybrid cloud environment usage patterns are emerging. RightScale, a cloud management software provider, sees five common hybrid cloud use cases: test and development, of course, but also best venue for geographically distributed organizations with data residency requirements. Then there's disaster recovery; split-tier workloads and cloud bursting.
Test and dev dominates, followed by disaster recovery. Split-tier has some traction, but cloud bursting, while it is the most commonly requested use case, is rarely implemented when customers realize how complicated it is, said Rishi Vaish, RightScale's vice president of product, who presented, "The Best of Both Worlds: Implementing Hybrid IT with AWS," at the show.
Whatever the case, hybrid cloud is real, not some mythical centaur or sphinx. And 48% of organizations have what they call a hybrid cloud, according to RightScale's recent state of the cloud report. While hybrid clouds may not be pretty or have the cachet of a purebred cloud, enterprises are adopting them in droves. Hell, they may even be letting those hybrid clouds up on the furniture.
Alex Barrett is editor in chief of Modern Infrastructure. Write to her firstname.lastname@example.org.