Simplifying the Journey to Secure and Automated Multicloud
May 23, 2018
For Enterprises, the choice is always to seek ease of operations without sacrificing higher performance and reliability, tighter security, and not to forget agility and speed for their core business applications. But should that choice be a hard bargain?
Most enterprise customers’ core business has nothing to do with software, technology, or web applications; the enterprise core business, though, runs on a variety of applications that manage products lifecycle, development, manufacturing, business processes, sales, CRM, orders, etc. These applications along with their data is a structural part of the enterprise core business, and are dealt by the enterprise as business critical strategic assets. Therefore, in traditional enterprise IT environments, private cloud data centers were built to ensure an adequate level of control of assets to secure the applications and data. On top of that, the performance has to match the accommodation of new application requests or scaling out existing applications to meet end users’ demands. In the last ten years, we have observed substantial evolution in cloud technology and infrastructure, driven by the maturity of public cloud SaaS offerings, software-defined-networking (SDN) and automation technologies in the cloud infrastructures and in wide-area-networking (WAN). Data center vendors along with compute infrastructure and SDN vendors have aligned on the need to use open, standardized overlays to manage applications and networking services across all environments, using widely-used, reliable, and scalable control plane protocols (namely BGP EVPN/IP-VPN) and encapsulations (VXLAN, MPLS over UDP) across all environments. Public Cloud and IaaS/SaaS vendors have converged on de-facto standard models on the public cloud to offer their applications and networking services.
The net result of the evolution can be summarized into two opposing but valid principles that outline the challenges of enterprise customers to easily transition from the ‘old best practices’ in data center networking towards the multicloud vision. It is cutting-edge in any visionary conversation about enterprise IT.
Secure and automated multicloud as an opportunity:
Increases the agility of internal department/users
Reduces costs by leveraging external cloud resources for non-business critical applications
Reduces dependencies from networking and application infrastructure vendors, introducing healthy competition
The complexity as a barrier and risk:
In the private cloud, VLANs are easy to understand, but their limitations, scale and automation challenges become a barrier of adoption. Especially when workloads start running on various computes such as virtual machines, containers and bare metal servers.
Overlay networking, using separate control and data plane, became the de-facto standard across all vendors, driven by maturation of IETF standards. However, this represented a substantial challenge for enterprise customers, who are not familiar with complex networking protocols and technologies, to transition their assets to a multicloud-ready infrastructure, leveraging the latest technologies.
The Public Cloud provides a simpler and quicker option to run certain workloads. However, it is operationally disconnected from the workloads running in private cloud. Converging usability of private and public clouds required a comprehensive knowledge of both networking and DevOps, which most enterprises are missing, as these skill sets were not a part of their core business.
Still the challenge remains to find simplified secure and automated multicloud that does not sacrifice the business or become too unruly to manage.
Where does the complexity comes from:
Our CTO, Bikash Koley, puts this nicely in his blog - multicloud is not the same as multiple clouds. Multicloud is about managing resources as a single, cohesive infrastructure - regardless of where the data and applications reside. These resources can be compute, networking and storage, interconnected through a wide-area-network. With multicloud, you need to manage the underlay, overlay and the workloads.
The workloads are running on various types of compute, ranging from bare metal servers (BMS), virtual machines, to containers. You do not want to compromise the agility by restricting the workloads to run only on a certain, limited compute type. Can you imagine migrating your mission critical database from BMS to containers? IT needs to manage how these workloads communicate with each other and to external networks and devices. This means end-to-end policy and control becomes a critical aspect of orchestrating your multicloud.
Furthermore, what makes multicloud complicated for is the variety of technologies and tools to monitor and manage each environment, but there’s no single tool today to manage the whole multicloud as a single, cohesive infrastructure. In the data center, whether it’s using Juniper, Cisco, or Arista-based underlay, you are most likely adopting VXLAN as overlay encapsulation while using BGP/EVPN as the common control plane protocols across your data center devices. In the VIM layer for virtualized applications, you are probably using the variety of technologies (VLANs, VXLAN, proprietary encapsulations, and control protocols such as OVSDB, BGP/EVPN, OpenFlow) to consolidate around VXLAN encapsulation, and again, using BGP/EVPN as the common control plane for all scenarios. For public cloud tenants, whether directly connected or through a WAN via IPSEC overlay tunnels, they are externally routable network tenants (aka overlays) on which workload are executed, as in a third party managed cloud infrastructure. Once you start having multiple environments, you also need to manage the networks that interconnect them end-to-end, whether across private cloud data centers or private-to-public clouds. You must combine underlay routing/forwarding and overlay networking across endpoints.
Again using Bikash’s words, ‘if you want to take advantages of the value of multicloud, you have to thread the thinnest of needles.’ Multicloud requires new technologies, and it comes at the expense of more complex infrastructure, as you see above. The benefit that multicloud provides should not sacrifice the practicalities of your operations.
Making your multicloud simple with Contrail Enterprise Multicloud :
Juniper’s Contrail has been leading the industry in overlay networking since 2012. With Contrail Enterprise Multicloud, we have made the following leaps forward:
Packaged virtual overlay networking, application security, and machine-learning based monitoring and analytics into one platform
Added end-to-end policy and control capability and deep BMS and network device orchestration and public cloud integration to grant enterprises ubiquitous automation of the multicloud
Normalized infrastructure (underlay) and service (overlay) networking data model for all cloud environments – private cloud data center with physical devices, with VIM, public cloud tenants, interconnect networks
Added automation capability for the data center physical and virtualized infrastructure through normalization of underlay configurations
Added the unified operations tool, Contrail Command, to manage end-to-end networking, security, and monitoring/analytics, implementing the policies across all environments from the centralized location.
Distributed control plane in networking devices (virtual devices as in the case of public cloud tenants) with Contrail – the overlay controller – participating in overlay routing protocols. , allowing the levels of DevOps/automation of centralized control while increasing the scalability and resiliency of the multicloud infrastructure .
Contrail Enterprise Multicloud address the ‘complexity’ challenge with three foundational capabilities:
Automating the underlay (data center fabric, data center interconnect, data center to public cloud connectivity) using a common, consistent data model and open source tools to configure the multi-vendor devices
Orchestrating the overlay, using consistent, end-to-end policy and control, across any cloud and any workloads
Providing end-to-end visibility by collecting telemetry data from both physical and cloud infrastructures and use machine-learning based analytics to transform raw data to insights so that a system can automatically execute remedial actions.
Below are some of the key features and benefits it delivers:
Works for any standard IP CLOS
Infrastructure, multicloud interconnect and service lifecycle management
Standard protocols: EVPN/VXLAN overlays, BGP control plane, netconf/rpc, sFlow/gRPC/snmp
Topology discovery/roles configuration
BGP EVPN across data center devices and vRouters
Analytics via s/jFlow, gRPC, SNMP
Native REST API control over public
Contrail Enterprise Multicloud provides enterprises with a dynamic and easy to use solution to automate their cloud infrastructures and services being delivered through them. The most common use cases are:
Automation of a data center build up or scale out in a matter of minutes
Discover or import newly added devices, configured them, so that you can start delivering services through them
Remove the complex, error-prone operations of DC devices configurations
Have visibility on how the data center infrastructure is performing, and how your customers are being ‘served’
Automate services across any clouds
Connect data centers together and clouds with no human intervention
Move workloads seamlessly between clouds (across DCs, DC to private clouds and vice-versa)
Visualize how each infrastructure is being used and for what, to predict costs and
Speed-up your Bare Metal Servers-as-a-Service (BMSaaS) offering
Automate BMS lifecycle management (and associated devices configurations) so that you can deliver BMS-aaS efficiently and quickly
Visualize your servers and network devices traffic, predict scale-out needs to anticipate the demand
Contrail Enterprise Multicloud stands out by delivering end-to-end policy and control capability and deep bare metal server and network device orchestration and public cloud integration, enabling you for ubiquitous automation of the multicloud for any cloud, any workload, and any deployment. On your journey to an agile and connected future with multicloud, it’s best to work with an innovative technology leader with two decades of experience in both networking and IT. Engineering. Simplicity.