Many agencies use a mix of private and public commercial clouds. Hybrid clouds can serve as a bridge between the two. (Microsoft)
Hybrid clouds will become the norm among federal agencies, but the challenge going forward is how to interconnect multiple clouds to work as a seamless whole.
To achieve this goal, agency managers must build their hybrid clouds from the inside out and tie them together in a unified management plane that lets organizations use the same toolsets and security profiles across multiple, interconnected clouds, according to federal managers and industry experts.
Many agencies’ cloud strategies are still evolving, but most large agencies are using a mix of private and public commercial clouds for a variety of workloads, including email and collaboration, content management, test and development, big data analytics and even security.
For an even more in-depth understanding of hybrid cloud systems, their challenges and their rewards, download these FREE editorial white papers.
The hybrid cloud can serve as a bridge between private and public commercial clouds, helping agencies to protect investments in existing technology and develop and move newer applications into public clouds. Virtualization and unified management are crucial components of that bridge.
“Having a unified management plane to manage the resources on premises and within commercial cloud providers is absolutely critical. Without that you have no way to understand where data resides or how to effectively manage it,” said Anil Karmel, a former deputy chief technology officer with the National Nuclear Security Administration, and now CEO of C2 Labs, a cloud security and services company.
“You have to look at it through the lenses of security. You can’t talk about the cloud without talking about security,” Karmel said.
In effect, agency managers have to understand the value of their information so they can classify the value of their servers and services to quantify the risks to those services if they are compromised, especially as they move beyond the data center. They have to look at who are the users, what data are they accessing, where they are and where the data is located. This is known as context-aware IT, where the level of assurance of the data defines the required level of trust, Karmel said.
However, the cloud journey starts with virtualization technology, a means of partitioning servers and operating systems to share computing resources and applications across multiple users. Virtualization has expanded throughout the infrastructure, from computer to storage to the network layer.
Virtualizing the network is a critical next step toward the evolution of the hybrid cloud, said Doug Bourgeois, vice president of end-user computing with VMware U.S. Public Sector, which recently unveiled the VMware vCloud Hybrid Service.
Virtualization at the network layer allows managers to disconnect the application from the physical network. Once that is done they can move the entire business application across a unified management control point. “You can actually migrate from data center to data center,” said Bourgeois.
They can apply policies to give priority to specific business applications. For example, a credential-checking app used at border crossings or in airports should always be running, so it would have higher priority than a human resource management app. If there is a disruption of services, apps can be navigated around problems to maintain service levels via a unified management plane.
Beware the silo
Plus, managers are able to use the same management toolsets across the various clouds. There is the real danger of organizations building cloud silos — an email in one cloud, office automation in another, test and development in yet another cloud — that are not interconnected and use different sets of management tools.
“Unless you are using an architectural-based approach, each of those clouds is totally separate with their own management toolsets,” which puts an extra burden on the system administrators, Bourgeois said.
Cloud service brokerage (CSB) technology, which connects a diverse set of users to a marketplace of cloud service providers, could provide the unified management, said Karmel, who developed CSB technology for the Energy Department’s YOURcloud.
Two years ago, the Recovery Accountability and Transparency Board (RATB) deployed a cloud hub that lets the organization securely integrate and manage a variety of cloud services from multiple providers, said Shawn Kingsberry, CIO of RATB. The cloud hub allows RATB to use multiple cloud providers in conjunction with its own internal private cloud infrastructure. The cloud hub consists of a technology stack that includes a firewall between the agency’s enterprise operations and the cloud service provider, a router for virtual private network services, and computing services that include integrated security and service management, Kingsberry said.
“The hybrid cloud is going to become the norm and in a way people won’t talk about it,” just as they won’t talk about cloud as much because it will be similar to wiring in electrical systems, Kingsberry said. The focus will be on data and how to derive more value from it to make more informed decisions.
5 steps for building a hybrid cloud
A hybrid cloud can allow agencies to seamlessly manage applications and data across multiple cloud and on-premise platforms. Here are five steps to building a hybrid cloud:
■ Build your private cloud with a hybrid cloud model in mind. Many agencies have built private clouds but without thinking about hybrid, so now they are tweaking for the hybrid.
■ Interconnect your clouds. Build actual network connections between them.
■ Extract your environment from the physical systems and network via virtualization.
■ Migrate applications and services to the hybrid cloud.
■ Establish a unified management control point to extend management and security policies across the hybrid cloud.