How to manage multiple cloud resources
Using services from multiple cloud providers can unlock new opportunities by bringing together the best capabilities of individual platforms. However, the benefits of multi-cloud management and adoption often end up overshadowed by extra layers of management complexity. In this article, you’ll look at how you can streamline multi-cloud workflows and achieve a successful, manageable multi-cloud implementation. Although multi-cloud is all the rage right now, resources from different providers are still tricky to network together. Tailscale is a zero-config VPN that seamlessly creates a secure network for all your devices. You can use Tailscale to send traffic over an encrypted tunnel between different clouds, from AWS to Azure or Google Cloud and DigitalOcean, by installing the client on each of your compute nodes. Tailscale can also use subnet routing to set up access gateways in situations where you can’t modify individual resources. Traffic flows directly between devices in your Tailscale network whenever possible, reducing latency and ensuring there’s no single point of failure.
Using services from multiple cloud providers can unlock new opportunities by bringing together the best capabilities of individual platforms. However, the benefits of multi-cloud management and adoption often end up overshadowed by extra layers of management complexity. In this article, you’ll look at how you can streamline multi-cloud workflows and achieve a successful, manageable multi-cloud implementation.
Although multi-cloud is all the rage right now, resources from different providers are still tricky to network together. Tailscale is a zero-config VPN that seamlessly creates a secure network for all your devices. You can use Tailscale to send traffic over an encrypted tunnel between different clouds, from AWS to Azure or Google Cloud and DigitalOcean, by installing the client on each of your compute nodes. Tailscale can also use subnet routing to set up access gateways in situations where you can’t modify individual resources.
Traffic flows directly between devices in your Tailscale network whenever possible, reducing latency and ensuring there’s no single point of failure. It produces a homogeneous mesh of clouds that permits data to move across platform boundaries. All traffic between your machines is encrypted using WireGuard, preventing attackers from reading it.
What is multi-cloud?
The term “multi-cloud” describes computing architectures that consist of components sourced from two or more clouds. The clouds involved are generally different public cloud platforms, such as AWS, Azure, and Google Cloud. In some situations, a multi-cloud system might also incorporate private on-premise infrastructure.
Several factors have contributed to the uptick in multi-cloud adoption over the past few years:
- Businesses want access to the best features of every cloud. Although each public cloud offers broadly similar services, individual platforms may offer more or fewer features around specific components. Some platforms are narrowly focused on particular technologies, such as Kubernetes and containers, whereas others take a more general-purpose approach. Organizations might want to deploy computing nodes from the most cost-effective provider while using a focused solution for their Kubernetes clusters.
- Avoiding vendor lock-in. Using public clouds makes enterprises dependent on external providers. Adopting a single platform creates a risk of becoming locked in, making it harder to switch in the future. Multi-cloud encourages portability of applications and data. This strategy can help mitigate outages in specific clouds, and also affords more flexibility for future changes.
- Supporting edge computing. More workloads are moving to the edge to sit closer to users. Adopting multiple clouds can be advantageous in this situation. Extending your service to new regions could be problematic if your existing cloud lacks datacenters near those customers; a multi-cloud approach lets you provision infrastructure from the optimal provider for each scenario.
In a hypothetical application, splitting the database, authentication service, and storage across three clouds removes failure points when compared to the single-cloud approach. Your app’s core capabilities would still work if the cloud hosting the storage component experienced a problem, as the outage wouldn’t impact the physically separate auth and database components.
Effective adoption of a multi-cloud system requires a holistic approach from the start. Here are some must-haves when you embark on your multi-cloud transformation.
A platform to manage the system
Multi-cloud systems can descend into a mess of vaguely defined connections if you don’t have a centralized view of your architecture. A platform that lets you track all your assets is essential. This platform should map out your system, manage components across clouds, and identify opportunities for optimization. IBM Multicloud Manager, Cloudify, and Bunnyshell are some options you can use.
Seamless data transfers between clouds
Multi-cloud is most effective when data can flow directly between the individual platforms you’re using. Without the ability to connect multiple cloud providers, components can become unintentionally isolated inside specific environments. Mesh-based VPNs like Tailscale and service discovery layers are two ways you can enable multi-cloud data transfers.
Automated provisioning tools simplify multi-cloud adoption by abstracting away the differences between individual platforms. This works well with infrastructure as code (IAC) approaches, where infrastructure components are defined as files in a version-controlled repository. Technologies such as Terraform consume the files you’ve written to create new resources across your cloud provider accounts.
Plan for governance, security, and costs
Every multi-cloud system should be backed by a comprehensive plan setting out how it will be governed and secured. You need a way of consistently managing and auditing user capabilities to guarantee access control and compliance. This could be achieved with one of the multi-cloud management tools mentioned earlier. It’s important to acknowledge the data egress costs of multi-cloud, too; budgeting in advance can help avoid an unpleasant shock when you get the bill.
Successful multi-cloud systems provide increased flexibility, but there are significant drawbacks to be aware of. These should be acknowledged as part of your migration plan so they don’t trip you up down the road.
There’s no getting away from the complexity of multi-cloud. No matter how many tools you add, you’re still going to need accounts with several cloud providers and new workflows for deploying, networking, and maintaining your applications. It can be harder to track down bugs and isolate problems when your workloads are spread across physically separate environments. Although multi-cloud removes some failure points, it can also create new ones if intercloud networking goes awry. Not acknowledging the complexity and its learning curve could create confusion and cause errors during management activities.
Multi-cloud authentication and management
Multi-cloud demands special attention to user authentication and session management. Distributing components across multiple clouds can make it tricky to track specific users through the lifetime of your application. Requests between services may lose the context of the original incoming request, necessitating implementation of your own mechanisms for sharing state and passing tokens among your platforms.
Integrating new applications into multi-cloud paradigms can be tricky. Each app needs to be capable of transitioning between environments, which may not be the case for legacy software. This can lead to complex bridging situations, where multi-cloud-native apps inherit a direct connection to statically situated components.
Backups and redundancy
Multi-cloud means multiple backups. You’ll need to orchestrate data backups and replication across all your cloud providers to ensure you’re protected from disasters. Similarly, restoration of backups will need to be tested on each platform. Restorations might complete at different rates, leaving some components functional while others in separate clouds are still recovering.
Redundancy strategies must be considered as well. In an ideal situation, each component of a multi-cloud system should be replicated on another cloud, guaranteeing its availability during a primary platform outage. This further adds to costs and deployment complexity.
Performance and security
Multi-cloud means that servers in physically separate datacenters may exchange data to fulfill a user’s request. This can lead to increased latency that slows down the user experience. Substandard networking implementations could lead to flakiness and poor reliability. Multi-cloud server security should be another concern: Multi-cloud increases your attack surface because there are more accounts, tools, and integrations to audit and protect.
Multi-cloud is a proven strategy when you’re developing large systems that sit on the edge, require capabilities from multiple clouds, or need to be protected from vendor lock-in situations. Choosing to deploy components across multiple clouds gives you improved operational flexibility and reduced exposure to outages. Multi-cloud might not be effective for smaller applications, where the complexity would outweigh the benefits of the change.
Common challenges with multi-cloud migrations are complexity, cost, and long-term maintenance requirements. Planning for these up front can help you identify and resolve issues before they start to impede your workflows. It’s important to analyze the best location for each of your components, then work out how data will move between your platforms. Beware that established procedures such as backups and failovers can be much more involved in multi-cloud contexts.
Secure data flows between clouds can be achieved by meshing your resources together using a networking solution such as Tailscale. This approach treats all your compute nodes as members of one big network, eliminating firewalls and port forwards. Less security-critical data flows could be implemented using a multi-cloud service discovery layer that exposes the current locations of your components.