Journey to the Multi-Cloud Challenges

Introduction

The proliferation of internet-based applications, digital transformations accelerated by the pandemic, an increase in multi-cloud adoption, and the rise of the distributed cloud paradigm all bring new business opportunities as well as new operational challenges. According to Propeller Insights Survey;

  • 75% of all organizations are deploying apps in multiple clouds.
  • 63%  of those organizations are using three or more clouds.
  • And 56% are finding it difficult to manage workloads across different cloud providers, citing challenges with security, reliability, and connectivity.

Below I outline some of the common challenges F5 has seen and illustrate how F5 Distributed Cloud is able to address those challenges. For the purpose of the following examples I am using this demo architecture.

Challenge #1: IP Conflict and IP exhaustion

As organizations accelerate their digital transformation, they begin to experience significant network growth and changes. As their adoption of multiple public clouds and edge providers expands, they begin to encounter challenges with IP overlap and IP exhaustion. Typically, these challenges seldom happen on the Internet as IP addresses are centrally managed. However, this challenge is common for non-Internet traffic because organizations use private/reserved IP ranges (RFC1918) within their networks and any organization is free to use any private ranges they want. This presents a increasingly common problem as networks expand into public clouds, with the ease of infrastructure bootstrapping using automation, the needs of multi-cloud networking, and finally mergers and acquisitions.
The F5 Distributed Cloud can help organizations overcome IP conflict and IP exhaustion challenges by provisioning multiple apps with a single IP address.

How to Provision Multiple Apps with a Single IP Address (~8min)

Challenge #2: Easy consumable application services via service catalogue

A multi-cloud paradigm causes applications to be very distributed. We often see applications running on multiple on-prem data centers, at the edge, and in public cloud infrastructure. Making those applications easily available often involves many infrastructure and security control changes - not an easy task. This includes common tasks such as service advertisement, updates to network routing and switching, changing firewall rules, and provisioning DNS. In this demo, we demonstrate how to seamlessly provision and advertise services, to and from public cloud providers and data centers. This capability enables an organization to seamlessly provision services and create consumable service catalogues.

How to Seamlessly Provision Services to/from the Cloud Edge (~4min)

Challenge #3: Operational (Day-2) Complexities

Often users have multiple discreet tools managing their infrastructure and each tool provides their own dashboard for telemetry, visibility, and observability. Users need access to all these tools into a single consistent view so they can tell exactly what is happening in their environments. F5 Distributed Cloud Console provides a 'single pane of glass' for telemetry, visibility and observability providing operational efficiency for Day-2 operations designed to reduce total cost of ownership.

Get a Single Pane of Glass on Telemetry, Visibility and Observability (~7min)

Challenge #4: Cloud Vendor lock-in impede business agility.

Most organizations do not want their cloud workload locked in to a particular cloud provider. Cloud vendor lock-in can be a major barrier to the adoption of cloud computing and CIO's show some concern with vendor lock-in per Flexera's 2020 CIO Priorities Report, To avoid cloud lock-in, create application resiliency, and get back some of the freedoms of cloud consumption - moving workload from cloud to cloud - organizations need to be able to dynamically move cloud providers quickly and easily in the unlikely event that one cloud provider becomes unavailable.

Workload Portability - How to Seamlessly Move Workloads from Cloud to Cloud (~4min)

Challenge #5: Consistent Security Policies across clouds

How do you ensure that every security policy you require is applied and enforced consistently across the entire fleet of endpoints? According to F5 2020 State of Application Services Report, 59% of respondents said that applying consistent security policies across all company applications was one of their biggest challenges in multi-cloud security. This demo shows how to apply consistent security policies (WAF) across a fleet of cloud workloads deployed at the edge. This helps reduce risk, increase compliance, and helps maintain effective governance.

How to Apply Consistent Security Policies Across Clouds (~5min)

Challenge #6: Complexities of multiple cloud networking and integration with AWS transit gateway – management of security controls.

A multi-cloud strategy introduces complexities around networking and security control between clouds and within clouds. Within one cloud (e.g., AWS VPC), an organization may use the AWS transit gateway (TGW) to stitch together the Inter-VPC communication. Managing multiple VPCs attached to a TGW is, by itself, a challenge in managing security control between VPC. In this demo, we show a simple way to leverage the F5 Distributed Cloud integration with AWS TGW to manage security policy across VPCs (also known as East-West traffic). This demo also demonstrates connecting an AWS VPC with other cloud providers such as Azure, GCP, or an on-prem cloud solution in order to unify the connectivity and reachability of your workload.

Multi-Cloud Integration with AWS Transit Gateway (~19min)

Updated Feb 17, 2023
Version 2.0
No CommentsBe the first to comment