The inevitable move to a multi-cloud environment
Moving to a multi-cloud environment, which involves using a combination of private and public cloud services, is inevitable today. Providing a wealth of benefits such as cost savings, flexibility, and the avoidance of vendor lock-in, it’s no surprise that, according to The Flexera 2020 State of the Cloud Report (1), 60% of organizations currently have presence in multiple public clouds.
Numerous factors influence this move, not least that each cloud provider comes with different strengths. This means that businesses will naturally migrate to different public clouds according to their needs and the applications they are using. For instance, Microsoft Office is often best suited to Microsoft Azure, while Google is often preferred for IoT (Internet of Things) and AWS (Amazon Web Services) has strengths in numerous other areas.
The increase in the number of outages from all public cloud providers also means resilience has become a critical factor for many organizations. And then there’s the potential cost savings – for example, Silver Peak, recently acquired by Aruba, will deliver tangible cost savings by reducing cloud bandwidth requirements by up to 70%.
The showstopping challenges of multi-cloud integration
But the question lies in how organizations can achieve multi-cloud integration when faced with challenges that can often become showstoppers. These challenges include implementation and management overheads, increased security risks and attack surfaces, and performance issues based on branch and cloud distance.
Various solutions and options can generally be divided into the following three groups:
- Utilizing legacy networks, such as MPLS (Multiprotocol Label Switching), VPNs (Virtual Private Networks) with ‘direct connects’ such as AWS data center and Azure ER (ExpressRoute) to the public cloud.This solution, however, has several shortcomings. These include performance problems similar to legacy, router-based networks; the complexity of implementation and maintenance with no automation; security issues, with no segmentation or traffic encryption; and cost, as this option requires multiple ‘direct connects’ from each data center to each cloud.
- Utilizing a number of ‘automated’ solutions, which deliver end-to-end (E2E) integration, such as Aviatrix, or Microsoft Azure vWAN.Unfortunately, each of these solutions still utilizes legacy networks as transport, therefore many of the issues above are still experienced.
- Multi-cloud integration utilizing SD-WAN (Software-Defined Wide Area Networking) technology. Not only does this option provide full automation, but it also completely resolves all legacy network issues.
SD-WAN as a key integration solution
According to research from IDC, SD-WAN is one of the fastest-growing segments of the network infrastructure market, poised to reach $5.25 Billion in 2023 (2). Changing the way global networks are architected, SD-WAN is set to become a key integration solution, which promises to deliver:
- A cloud-first architecture that connects ‘directly’ to any data center or branch utilizing any transport. This in turn removes the need for expensive ‘direct connects’. Key benefits of this approach include:
- Rapid deployment of new branches, with all existing branches and cloud connectivity available immediately.
- Utilization of a pre-defined policy and templates ensuring full connectivity and security compliance.
- Rapid and automatic deployment of each new cloud region comes with full connectivity and security integration into the existing SD-WAN network (including the existing multi-cloud environment).
- The elimination of expensive ‘Gateways to Cloud’, for instance, direct connects or Express Routes.
- Cloud data transfer reduction by up to 70% for every branch, delivered by WAN Optimization, as well as cloud to cloud.
- Cloud Virtual Node Integration for certain customer cloud designs. This implementation is fully automated and scripted and can typically be done within one hour initially and then replicated automatically across any new region and any new cloud provider. Note that this feature is provided automatically.
- Significant performance enhancements – SD-WAN can achieve 5-10x performance enhancements for applications and data transfers, utilizing features such as Forward Error Correction (FEC), WAN Optimization, path selection, and application-aware routing.
- Security enhancements, such as E2E encryption over any transport, E2E network segmentation, as well as Secure Access Service Edge (SASE) branch compliance.
Guaranteeing successful multi-cloud integration
To ensure a successful, risk-free, and speedy E2E delivery, organizations must take a serious look at the ‘who’ and ‘how’ of multi-cloud integration delivery. Here are the key points to consider:
- Private cloud deployments, such as IaaS (Infrastructure as a Service), can be very complex, but with experience comes efficiency. At Teneo, we now have several production customer implementations covering public cloud integrations with Azure, AWS, and GCP (Google Cloud Platform). We’ve also integrated AWS transit VPCs (Virtual Private Cloud) and TGWs (Transit Gateway), Azure vHubs and vWAN, Google CVPN (Corporate Virtual Private Network), and shared VPCs. That experience has enabled us to ‘pre-design’ fully automated solutions that deliver an SD-WAN that connects these components reliably and removes complexity.
- Timescales & risk. Design and implementation of SD-WAN in any of the main public clouds will take several days. The same goes for the design and implementation of data centers and branches. As the design is typically carried out ‘out of path’, this ensures a risk-free implementation by keeping a customer’s legacy network available as a fallback option. Verifying that customer traffic and applications perform as planned before switching over after approval, this approach enables everything to work in line with the design.
- Fast implementation. Following initial deployment, the implementation of a ‘new cloud availability zone (AZ)’ or ‘new branch’ will take a matter of minutes by executing fully automated scripts, such as Ansible, CloudFormation, or Terraform, and SD-WAN ZTP/ZTC (Zero Trust Provisioning/ Zero Trust Configuration) branch activation and implementation.
How does SaaS integration and optimization fit into this, and why are they so important?
Here’s the problem – SD-WAN vendors can no longer ‘spin up’ VMs (virtual machines) in SaaS (Software as a Service) clouds, and some SaaS solutions are only in a single cloud or in a few locations. They also have other restrictive requirements, such as a maximum of 150 milliseconds’ Round Trip Time (RTT). In this case, how will an office in Australia, or South Africa, for example, be able to connect to these SaaS applications based in a data center in Europe or the US? RTT from Africa/Australia to Europe alone is well over 200 milliseconds.
The access to a SaaS application from any SD-WAN site is via ‘Local Internet Breakout’. This, therefore, means that the Internet path is unpredictable and presents serious performance problems.
To improve this, the SD-WAN vendor can ‘nominate’ some of the SD-WAN nodes to become a SaaS gateway and then provide alternative paths to the SaaS application. This is also known as SaaS path or routing optimization. While this won’t improve the performance, it will guarantee ‘best case’ performance most of the time. For the most part, this is where SD-WAN vendors’ SaaS optimization solutions end.
Aruba EdgeConnect SD-WAN Platform
We’ve found, however, that Aruba’s EdgeConnect (previously known as Silver Peak Unity EdgeConnect) SD-WAN platform goes a lot further. Their SaaS Optimization solution supports full WAN Optimization on the path from the branch to the SaaS gateway.
This means that Aruba’s SaaS Optimization solution can perform path (routing) optimization and WAN Optimization (TCP Optimization and compression), with both features combining to reduce the RTT and increased performance by 2-5X. Path optimization on its own, which is what most other SD-WAN vendors offer, cannot deliver true E2E SaaS Optimization.
So, for those seeking true end-to-end multi-cloud integration, the combination of SD-WAN with WAN Optimization and SaaS Optimization should be strongly considered to deliver the best combination of performance gains.