Software-defined networking: pulling the strings of multicloud

Without automation or application-level network and security policies, complex multicloud networks would collapse, writes Hussein Khazaal, VP of Marketing & Partnerships at Nuage Networks

The multicloud world has well and truly arrived. Organisations today make use of multiple public clouds such as AWS, GCE and Microsoft Azure as well as many cloud base services (e.g. SaaS, IaaS), and they are using these in addition to on-premises workloads and applications that run in private clouds hosted in one or more data centres. However, with this transformation, networking and the security of the network in a multicloud environment become more complex and a significant challenge.

Origins

It all began with firms augmenting their on-premises private clouds with a small presence in public cloud, either for experimental projects or to absorb seasonal spikes in business demand that could not justify CapEx spend but that was conducive to an OpEx model.

Some of these initial use cases required zero or limited connectivity between the private and public clouds. Workloads in public clouds were independent projects that were completely isolated from the on-premises workloads.

In some cases, connectivity between public and private was static and limited. With many firms undergoing digital transformations, experiencing global growth or simply reinventing their business, public clouds and SaaS became an important part of their infrastructure.

A multicloud environment is now a reality for many large firms and has become important to business and to the ability to serve end-customers.

Accelerating multicloud

A push/pull between companies and cloud service providers is what has driven this rapid shift to multicloud.

The enterprise needs to be able to offer its end-customers a unique personalised service quickly, reliably and with minimal friction anywhere and anytime. Consumers are more demanding than ever with compute and internet access on-hand (i.e smartphones) and expect instant responses and a great experience anywhere they have access.

A firm’s employees are also consumers, and want to be more mobile and have secure access to what they need to do their job. The developers at these companies demand tools that make them more productive and to build these business applications and services more efficiently.

Only a handful of global firms have the resources and the capability to meet these demands using private clouds. The only option available for all other firms is to augment their own private clouds and on-premise workloads with SaaS applications and public clouds to deliver the services needed to meet the demands of their end-customers, employees and developers.

A second force is what public cloud providers like AWS, GCE and Azure have developed to serve those firms and meet their needs. There are hundreds of services and features available to those firms such as database services, security, collaboration, development tools, backup services, artificial intelligence, machine learning, and so on. Instead of developing these tools on their own, organisations simply use these services directly on a pay as you grow model.

Dynamic connectivity and security

The issue is how to dynamically connect these different services and applications with users and ensure the security of the users and their data.

When users and applications were in private clouds with secure static access, security and connectivity were simple. Unfortunately, in a multicloud environment where the services, workloads and users are mixed and mobile, connectivity becomes a complicated task because of the dynamic nature of both users and applications.

More importantly, security becomes the biggest challenge because the attack surface has dramatically increased and grown beyond the security of a private cloud in a data centre. The more complex the network, the more vulnerable it becomes without automation or application-level network and security policies.

For instance, workloads in public clouds and how they connect to workloads in private clouds require secure connectivity to a public cloud, which in most cases needs to be with different public cloud availability zones around the globe.

Manual setup of these connections between the different availability zones and the specific data centre is a labour-intensive process that varies between the different public cloud providers. This is not only time consuming, but it is prone to errors that may enable hackers to take advantage of these gaps and access sensitive information.

We also have to bear in mind that many firms that operate in a multicloud environment have hundreds, and in some cases thousands of sites, where they serve customers and employees that need to access applications, services and information.

Securely connecting users in these remote sites and locations to these workloads in private, public or SaaS clouds is another task that is complex, expensive and without proper security measures could result in much bigger problems.

Most of the traffic in enterprise networks may originate on the network, but terminate in the public domain (internet). In aggregate this traffic represents a large amount of data which cannot be freely allowed to reach its final destination without further inspection.

Ensuring the security of the network and data while enabling that traffic to reach its final destination is also an important task that adds to the complexity of managing a multicloud environment, as these flows could be coming from a variety of locations; from branches, public clouds, SaaS and Private clouds.

Software-defined networking (SDN)

With SDN, that complex multicloud environment becomes one seamless virtual secure network of users and applications, allowing the company IT admin to have full control, visibility and security without having to worry about public cloud specifics, private cloud workloads or remote site details and simply focus on the service for their end-consumer.

The shift from using proprietary hardware solutions in the data centre or branch sites not only reduces costs, but it also accelerates innovation by introducing new network and security capabilities in a software update.

Company IT admins can build a multicloud, virtual and programmable network, connected to any public cloud (AWS, GCE, Azure), that spans a private cloud with any type of hypervisor or cloud management system, while securely connecting to all their remote sites around the globe.

By using “intent-based-networking” IT admins can request that a particular application should be delivered between specific end-points and users. The SDN network takes care of programming all required elements to make that end-to-end connection a reality.

If things change and the user moves, or the application is redeployed elsewhere, the network automatically adapts to preserve that end-to-end connectivity. Furthermore, IT admins have full visibility into all users and application flows across the network and by using analytics, dynamic network action can be programmed to react to known threats in real-time without delay.

Combining that high-degree of automation, artificial intelligence and the ability to micro-segment the network to provide that isolation between users and applications, the multicloud network becomes simpler and more secure.

Choosing the right SDN solution

Organisational IT needs can be summarised into three key requirements. First, the need to operate in a multicloud environment that includes private cloud, multiple public clouds, SaaS and branch locations. Second, is the need to deliver IT services such as security services, Wi-Fi access, VoIP, WAN optimisation anywhere and anytime. Finally, to ensure that all this is done with complete end-to-end security.

When deciding on an SDN solution, one must confirm it addresses each requirement without replacing old complexity with a new type of complexity. Many solutions on the market solve problems in isolation: they either solve the public cloud automation problem, the private cloud automation and security problem, or the WAN automation problem.

Some only address the security problem and leave the networking ones to the enterprise admin. It is difficult to filter out the noise in the market. Therefore, one must answer the following questions before making a decision:

If the answer to the above three questions is yes, then you are one step closer to making the right decision.

What will 2019 hold for multicloud?

Looking forward, we can expect firms to continue to move workloads and applications to public clouds and consume more cloud-based services, but many will still utilise private clouds. These cloud environments will see more container-based workloads and applications, and this will increase network and security needs as well as the need to manage these workloads in those multicloud environments.

An organisations’ branches will be more software-defined and many services running in these branches will be highly automated and centrally managed/controlled. More importantly, user-based authentication and security will increase and networks will utilise artificial intelligence (AI) and machine learning (ML) to connect and secure communication and respond to network faults.

But one thing is for certain: the adoption of SDN solutions and services among firms and cloud service providers will only increase.