It’s no secret that a hybrid multicloud architecture can offer tremendous business benefits, including greater performance, flexibility, efficiency and security. However, migrating to hybrid multicloud isn’t always straightforward: it’s often unclear which enterprise systems and applications can or should be moved to the cloud. According to Gartner®: “We are approaching a trinity where one-third of workloads run in the cloud already, one-third can migrate or move to the cloud with increased complexity, and one-third will not run in the cloud due to complexity, performance, economics or regulatory constraints.”[i]
At Equinix, we started evaluating cloud migration strategies to enable faster provisioning of new environments and improve the uptime and reliability of our critical customer-facing products and services. We knew from the start we wanted to leverage our own suite of products, including:
- Equinix Metal™ Bare Metal as a Service (BMaaS).
- Equinix Fabric™ software-defined interconnection.
- Virtual network services from Network Edge.
Simplify multicloud connectivity and hybrid IT network operation
To keep up with the speed of technology, increased traffic volumes and mobile technology, businesses require a multicloud-enabled IT delivery platform, linked to traditional network infrastructure.Read More
Next, we had to define the criteria for which workloads should run in the cloud and which should stay on-premises. Since we knew we could create low-latency, high-bandwidth connectivity between cloud and on-premises environments using Equinix Fabric, performance wasn’t a significant concern for us. Instead, we chose to focus on:
- Ensuring high availability for workloads that directly impact the uptime of customer-facing products.
- Ensuring compliance and protecting sensitive data.
- Optimizing for cost.
Based on the above criteria, we decided to distribute workloads between cloud and on-premises environments as follows:
- Production and preproduction (AKA staging) environments.
- Operational and transactional data.
- Cloud infrastructure and application logs.
- Dev and QA environments.
- Enterprise data (such as CRM, sales, billing and invoicing).
- Infrastructure provisioning systems.
- Development tools.
- IoT edge data (data collected from our International Business Exchange™ (IBX®) data centers).
To support our goal of deploying a hybrid multicloud architecture, we created a set of cloud migration design principles. These principles will help us ensure our developers can manage their workloads regardless of where they are deployed.
Design Principle 1: Avoid vendor lock-in
A hybrid multicloud architecture must be able to move data and compute workloads easily between cloud and on-premises infrastructure. We aimed to achieve this by running computational workloads on open source container orchestration platforms like Kubernetes rather than proprietary technology. In addition, when deploying persistence services, we chose managed services—including Amazon RDS for PostgreSQL, Amazon RDS for Oracle, Amazon Managed Streaming for Apache Kafka, and Elastic Cloud on AWS—over proprietary services.
Design Principle 2: Automate with infrastructure as code
Automation is critical to the success of modern-day cloud-native architecture. All leading cloud providers offer automation capabilities that work well with their respective services, but these tools can lead to vendor lock-in. To remain cloud-agnostic, we automate our hybrid multicloud environment using Terraform and Ansible for infrastructure as code. Terraform and Ansible provide an open architecture to provision network, compute, storage, and other PaaS, SaaS and security offerings. Deploying and operating immutable infrastructure helps us achieve predictability, operational efficiency, and infrastructure savings.
Design Principle 3: Create high-performance connectivity across the hybrid multicloud environment
High-bandwidth, low-latency direct connections between metros (primary and secondary on-premises sites) and from on-premises environments to the cloud are among the cornerstones of a hybrid multicloud strategy. To address our business requirements for speed and compliance, we built this connectivity using our own Equinix Fabric software-defined interconnection and virtual network functions (VNF) devices on Network Edge from Equinix, combined with cloud provider network services such as AWS DirectConnect, Microsoft Azure ExpressConnect, and Google Cloud Interconnect.
Design Principle 4: Implement zero-trust security
Cloud infrastructure providers were the first to adopt zero-trust security architecture. Moving from the castle-and-moat (perimeter) security model to zero-trust security is another benefit of migrating to cloud. We used a combination of cloud and open-source technologies to achieve a zero-trust architecture. Network services, including transit gateways, security groups, VPCs and subnets, helped us secure the interactions between application services. At the same time, we used a service mesh to enable last-mile encryption for both north-south and east-west communication across microservices.
Design Principle 5: Ensure reliability and availability
Improving overall reliability and availability is essential to the success of any cloud migration initiative. We adopted a multi-pronged approach to architect a highly reliable and available hybrid cloud architecture. Stateless workloads run on the Kubernetes cluster, with worker nodes deployed across multiple zones and autoscaling groups for dynamic scaling out of the Kubernetes cluster.
Consuming managed services to remain cloud-agnostic had the added benefit of improving the security, reliability and availability of stateful services. Offloading the operational overhead of running stateful services to the cloud provider freed our team to improve overall monitoring and observability. Finally, running on-premises workloads on our IBX data centers with 99.9999% availability enhanced the reliability of the overall hybrid cloud deployment.
Design Principle 6: Keep data strategy and cost sensitivity top of mind
Sensitivity, availability, proximity, mobility, AI/ML and OpEx set the foundation for the cloud migration data strategy. We deployed cloud applications and microservices powered by Equinix Fabric to securely access sensitive enterprise IT data that remained on-premises. Because of its need for real-time streaming, IoT edge data also remained on-premises.
We used various data store technologies to help us migrate applications to the cloud, including PostgreSQL, Oracle Database, Redis, Apache Kafka, RabbitMQ, Elasticsearch, MongoDB and OrientDB. Along with proprietary storage technology, cloud providers also offer many popular open source and licensed data store technologies as managed services. We use these managed services when they’re available; when they’re not, we deploy self-managed services on a high-availability compute and storage IaaS environment.
Network egress and performance can significantly impact operating costs if not adequately planned. Operating costs should not be overlooked when working on a highly available and resilient hybrid multicloud architecture.
The following diagram provides an overview of our hybrid cloud architecture using the AWS cloud, Equinix data centers, Equinix Metal and Equinix Fabric.
For a closer look at the design principles that can help you implement secure, scalable multicloud connectivity in your own organization, download the hybrid multicloud infrastructure blueprint.
[i] Gartner, Predicts 2022: Driving Toward Digital Infrastructure Platforms. Authors: Thomas Bittman, Jonathan Forest, Hiroko Aoyama, Philip Dawson, Bob Gill. October 21, 2021 – ID G00757487. GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.
At Equinix, we started evaluating cloud migration strategies to enable faster provisioning of new environments and improve the uptime and reliability of our critical customer-facing products and services.”