Single-cloud environment are said to be inactive. One expert disagrees with that and explains why.
Before cloud computing erupted on the scene, the digital structures found at the top were a holy grail. That meant useless network providers, inadequate data centers, and redundant internet service providers — all of which would eliminate a single point of failure that had the potential to shut down an organization.
All that changed when cloud computing made its debut. Cloud providers say computer cloud storage and storage are not fully functional, and a single cloud provider that uses multiple data centers is secure. And, more interestingly, switching to cloud seems very cheap from a functional point of view.
Michael Gibbs, CEO of Go Cloud Architects, an international organization that provides training in cloud computing, said in an email that he wanted to set a record when it came to cloud computing.
Single-cloud computing environments are risky
Gibbs offers the following reasons using a single cloud provider is a risky proposition:
- If an organization uses a single cloud provider, that usually means working with a single network provider, and that is one point of failure.
- One-cloud providers advertise non-resilience by hiring multiple data centers. However, data centers share a common control plane. "The control plane is what makes the cloud work," Gibbs said. “A cloud-based flight controls the network and data centers. If something happens to a cloud control, it could turn out to be just one more failure. ”
- Cloud providers are the target of high-profile cybercrime. In the event of an attack and cyber criminals gain control of the cloud, they can access sensitive business and customer data, or if they wish, the attackers may block access to the cloud-computing service.
Gibbs gives this example: "Imagine what would happen if a hospital and a 911 delivery facility were hosted on a single cloud provider and there would be a breakdown."
And we all know that clouds come out. Last year, a number of highly limited cloud service providers fell victim to major outages. "These cloud providers have the world's best equipment and staff," wrote Gibbs. "The thing is, technology is failing, and we need to plan for it."
Multicloud environments are the answer
Gibbs insists that using a multi-cloud environment is the way to go.
“Multicloud is the use of many cloud computing and storage facilities in one separate building. This also refers to the distribution of cloud assets, software, applications, etc., to several cloud hosting sites. With the typical multi-cloud construction using two or more public clouds and multiple private clouds, the multi-cloud space aims to eliminate reliance on any single cloud provider. "
Gibbs next looked at what is needed to support a multi-cloud environment. Creating two identical clouds using open source tools, such as those listed below, is highly recommended:
- Open website (MariaDB, MongoDB, Apache Casandra)
- Open Kubernetes resources
- Standard communication principles (BGP, 802.1q)
Open Linux (Ubuntu, Red Hat, CentOS)
Speaking of security, Gibbs adds, "No cloud vendor ID service should be used, as market security is not a trader-related thing and, in many cases, provides stronger security than cloud-based security tools."
To keep things simple and secure, Gibbs recommends:
- Non-cloud-based marketing tools, market firewalls and VPN monitors are used that can hold almost the same configuration for both cloud (Cisco, Palo Alto, Fortinet, Checkpoint, etc.).
- Ensuring that each side of the connection has the same security setting.
- The network load gauge will eliminate the front two firewalls visible in each cloud, followed by network access control lists, security teams, firewall-based firewalls, storage point protection, and similar ownership and access policies.
Creating a network connection
According to Gibbs, the router connected to each cloud provider must have deactivated line cards, obsolete control modules, and power consumption.
"There has to be a separate router available at the top of each connection," Gibbs said. “Each WAN connection to a cloud provider (Ethernet WAN) must come from a different network service provider. Each WAN connection in the cloud must also be in a separate direct / indirect communication area — universal coverage.
"Two internet connections for two internet service providers are required in a client area that connects to the Internet via BGP in order to share uploads and create a well-executed route," Gibbs said. "There should be two separate routers on the client site that will provide backup VPNs to each cloud provider, in the event that a major network connection fails."
Other thoughts from Gibbs:
- Each domain, customer site, and provider should use a separate CIDR list that can be easily summarized into a single path if desired.
- Similar BGP policies should be set route between each cloud (obviously configured for address variations).
- If a median of 99.99% is sufficient, the best way is to use one access point (data center) in two clouds.
Very high availability designs
Gibbs described the highest availability as networks available at least 99.999% and not receiving more than five minutes of random downtime per year. "When this level of availability is required, two access points (data centers) are used, each in two different clouds is recommended," Gibbs said. "Keeping the same design as above, but with two data centers per cloud provider."
There is a problem, Houston
If the above seems too complicated, many would agree. In Lance Whitney's TechRepublic's book How to Strengthen Multicloud Security, she writes: "A full 95% of respondents [Valtix polls] have made multicloud first by 2022, almost all putting security at or near the top of the list. Only 54% say they feel confident they have the tools and skills needed to achieve this goal. ” techrepublic
If you look back at pre-cloud computer networks, it is clear that Gibbs is trying to inject that repetition into the cloud computing space to reduce the chances of a single point failure occurring using a single cloud provider.
Previous post :