5 essential components of a hybrid cloud architecture
During some recent client engagements, I've encountered several operational challenges organizations face while setting up their hybrid cloud platforms. I thought it would be valuable to share these with the broader community of architects and platform engineering folks.
[ Learn how to build a flexible foundation for your organization. Download An architect's guide to multicloud infrastructure. ]
Before I describe the five components that make up a hybrid cloud architecture, I'll provide some background information.
What is a hybrid cloud platform?
Hybrid cloud combines and unifies public and private cloud technology with on-premises infrastructure to create a single, flexible, cost-optimal IT infrastructure. However, there are different definitions and expectations depending on what role you're coming from. Here are three perspectives.
From a developer's standpoint, the platform is everything underlying the application stack that supports the development, testing, and promotion of application code to production. This includes:
- The middleware layer
- The compute and storage components
- Tooling for the continuous integration and continuous deployment (CI/CD) pipelines
- Artificial intelligence (AI) and service-management systems
- The underlying networking infrastructure
Site reliability engineer's definition
From a site reliability engineering (SRE) standpoint, the platform is the underlying infrastructure that runs the workloads, including the service management elements and automation needed to make the deployment of cloud services as frictionless as possible. SREs are more concerned about the platform's resiliency, robustness, security, stability, and capacity.
The organization that will use the hybrid cloud has different expectations for the platform. They want:
- To build applications once and deploy them anywhere
- To manage the applications once and host them anywhere
- To skill their IT resources once and deploy them anywhere
- To innovate anywhere with anyone's technology
What they have in common
As you can see, various roles may have slightly different views of what a hybrid cloud platform means, but it all boils down to a full-stack IT environment broadly divided into two parts:
- Where speed and agility matter more
- Where stability, reliability, and security matter more
Hybrid cloud architecture pillars
What are some best practices and the architecture-related domains that come into play when building a platform? The pillars of a well-architected platform are:
- Operational excellence
- Performance efficiency
- Cost optimization
Sustainability is the newest pillar of cloud technology. It addresses the carbon footprint of IT and how to drive down power consumption in the datacenter infrastructure. You can use more efficient and less power-intensive compute technologies, such as using mainframe technology more efficiently to consolidate, optimize, and run workloads.
[ Learn how enterprise architects can map and implement modern IT strategy with a hybrid cloud strategy. ]
5 layers of the hybrid cloud architecture framework
The following framework describes the five building blocks of a hybrid cloud architecture. It can help you identify some key areas that need special attention in your hybrid cloud platform. One best practice is evaluating the platform to see what key features and services need to be in place.
1. Infrastructure layer
As the image above shows, the infrastructure layer is the basis of the hybrid cloud architecture. Often, complexity lies in the networking layer when interconnecting or extending an on-premises or domain controller (DC) network to the cloud. You must evaluate policies like bring-your-own IP, hard-coded IP addresses, firewall rules, gateways, and latency.
Organizations that adopt a cloud-first strategy and start building everything on their hyperscaler of choice must use a well-architected framework and best practices. They must also consider data traffic costs across the hyperscaler's regions or between on-premises infrastructure and the hyperscaler.
Logging is another costly service that must be designed appropriately based on application requirements and criticality. Not everything needs detailed logging.
2. Container platform layer
The next part is the container platform layer. In a hybrid cloud approach, organizations must have a consistent way to deploy and manage workloads either on premises or on the cloud. One challenge is a disconnect between the team managing on-premises infrastructure and the team managing public cloud workloads. From an operational standpoint, organizations tend to separate these infrastructure teams. But this makes it more challenging to ensure consistency in service management and enterprise security policies. This is often called "two-speed IT."
The infrastructure operations team's skill set is crucial to a successful evolution to a cloud operating model. Upskilling and reskilling are part of this transformation. Things like Infrastructure as Code (IaC), DevOps, and SRE will become increasingly important as the organization modernizes workloads to the public cloud and begins using container technology to deploy its applications on the cloud.
[ Become a Red Hat Certified Architect and boost your career. ]
The choice of a container platform is crucial for consistency in how workloads are deployed. At the same time, the skills required to drive an efficient operating model by using more automation can become challenging to manage due to skills shortages.
There are two primary schools of thought here: picking one hyperscaler and adopting its DevOps and tooling stack vs. adopting an open strategy that moves workloads from one hyperscaler to another as desired. In the latter case, adopting a container platform based on open standards and adaptable across hyperscalers becomes critical to the cloud strategy. Technologies like Red Hat OpenShift container platform can be a good choice in this situation because it can be deployed on any hyperscaler or on-premises, providing consistent management of container workloads across the hybrid estate.
3. Middleware layer
The middleware mainly drives the data, AI, security, and automation stacks required for adequate visibility into the workloads. Many organizations need to strengthen the middleware layer strategy.
Log data is a fundamental prerequisite to enable AI and automation. Without a proper logging strategy, it isn't easy to implement appropriate autoscaling capability and meet capacity orchestration requirements based on peaks. Historical data is key to understanding workload patterns and driving automation.
Integrating security technologies into the development lifecycle is also important in the middleware layer. A shift-left strategy for testing and having comprehensive test cases for the business users are essential to deployment speed and quality of code maintenance.
Choosing the right database technology depends upon the nature of the application. A crucial decision is choosing between asynchronous and synchronous writes for consistency at the data layer. It affects the resiliency and the cost of the solution for multiregion deployments.
[ Learning path: Getting started with Red Hat OpenShift Service on AWS (ROSA) ]
4. Operations layer
The next component is the platform's operations layer, which is divided into 24x7 operations (AIOps), security operations (SecOps), and CI/CD pipeline operations (DevOps). If you have useful logging data, it can feed the AIOps layer and integrate with the service management chain to provide an end-to-end incident, problem, change, and request fulfillment process.
Implementing the right tools in the observability and application performance domains provides better visibility into the costs of the cloud services you consume.
Integrating the platform engineering and DevOps teams is crucial when managing platform capacity for the different environments (including dev, test, user acceptance testing, quality assurance, and production).
Finally, having a functional service catalog for the platform's users to consume drives deployment standardization and rationalization.
5. Observability layer
Last but not least is the observability layer. This layer is like a single pane of glass that gives the organization a consolidated view of all applications running in its hybrid cloud platforms. Managing a consistent security policy and compliance framework across cloud platforms can be daunting without this single pane of glass.
The observability layer makes it easier for the operations teams to identify issues early and ensures efficiency in delivering new patches or upgrades. A holistic view of IT health also helps with event correlation, aggregated data sources, and embedded AI coupled with monitoring metrics. An observability layer allows your admins to manage and simplify orchestration of what otherwise looks like cloud chaos.
There are many challenges when implementing hybrid cloud solutions. Some of these are based on differing views about the tools and requirements necessary for optimal deployments. Some aspects—like logging and observability—are universal.
Use the points above to improve your understanding of the architectural challenges in your hybrid cloud design.
[ Check out Red Hat's Portfolio Architecture Center for a wide variety of reference architectures you can use. ]
Navigate the shifting technology landscape. Read An architect's guide to multicloud infrastructure.