How to Implement Enterprise WAN in a Multicloud Strategy
While much of the multicloud revolution will indeed occur in the cloud, it very well may be that the defining changes will happen between those clouds. Without the ability to connect disparate pools of cloud resources, the “multi” part of multicloud will never emerge. Not surprisingly, enterprises for whom cloud and multicloud are a meaningful part of the architectural agenda will find that they should expand their architectural ambitions beyond the clouds all the way across the wide area network (WAN).
But how should enterprises be thinking about multicloud and the WAN in relation to one another?
Step One: Forget the WAN
Somewhat paradoxically, the first thing that enterprises looking to evolve the WAN for multicloud need to do is forget the WAN. This is, admittedly, a bit misleading. They don’t need to literally forget about the WAN, but they do need to stop thinking about it as a discrete place in the network.
Multicloud is about operations, not clouds. Yes, those operations must include (multiple) clouds, but the meaningful bit is not the clouds so much as it is the multi. Multicloud is about treating disparate pools of resources as a single, cohesive entity. That requires stretching the operational domain over what has traditionally been siloed networks. When done well, multicloud architectures will feature policy and control orchestration that reaches from cloud to cloud on-ramp, from the data center to branch — and yes, that includes the WAN.
When it comes to connecting sites, open-standards-based protocols like Ethernet VPN (EVPN) are ideal. EVPN is built to be interoperable across vendors — it has capabilities designed expressly to connect sites, is widely supported in both merchant and custom silicon and it helps bridge the old and new (L2 to L3). Enterprises looking at the WAN for multicloud would be wise to begin by examining what EVPN has to offer.
Step Two: Unify Where You Can
It is true that without the ability to connect to the outside world, these clouds would be little more than islands housing collections of stranded assets. However, if enterprises rely on using the internal routing constructs for each cloud provider, they will find that they have different connectivity vehicles for each cloud. If the goal is to unify operations over a diverse set of the underlying infrastructure, customized solutions to basic connectivity are a step in the wrong direction.
Rather, enterprises should look at their cloud gateways as part of the broader multicloud architecture, considering how multidomain management and visibility will occur. If the goal is unified policy and control, then cloud routing solutions must fit into the orchestration platform of choice. Similarly, as enterprises select their multicloud management solutions, they will need to ensure that the management domain extends all the way out to the desired clouds. Choosing an operational architecture that does not age well would be disastrous.
Step Three: Don’t Treat Security as an Add-on
It’s difficult to imagine deploying something these days without first considering security. Whether it’s perimeter security, microsegmentation, or threat detection and prevention, in-depth defense requires up-front planning.
Because the WAN is often seen as merely transport, it’s easy to relegate the security problem to the domains on either side of the WAN. But network ingress and egress devices are logical enforcement points and that means that security policy and control need to be administered centrally but enforced in a distributed manner. Again, the goal is unified operations from the outset.
Step Four: Be Efficient
When it comes to services and applications, end-user experience goes well beyond availability. Having connectivity between the clouds in a multicloud environment does not mean that the experience is ideal. Things like cost and latency are real and that means that enterprises need to be thoughtful about how they are managing traffic over the WAN.
Enterprises should not just think about how much bandwidth they need. They need to be thinking about how to use the bandwidth they have in the most efficient ways through intelligent application and data placement. For instance, cloud providers are already making use of availability zones — essentially powering their clouds through geographically distributed data centers. By selecting the appropriate region for a given application, enterprises can place them closer to the user, reducing the reliance on the WAN network to move data between the applications and their users. Essentially, enterprises should be housing their applications close to their data or users, being thoughtful about concepts like data gravity (the tendency of data to attract other data or applications).
Of course, this must be done in a way that considers operations, ideally abstracting control from the underlying infrastructure, so that it can all be administered in a uniform way despite variances in local deployments.
Simplification and Convergence
The future has a bit of a split personality as enterprises look to take advantage of diverse underlying infrastructure while settling on a unified operating model. The overarching principle here is straightforward: simplify operations through administrative convergence.
While most will be considering their operating models with a cloud-first mentality, enterprises that are eager to unlock the transformative value of multicloud will keep a keen eye on how those clouds are connected. The WAN can either serve as the Great Divide or the Grand Unifier. Explicitly deciding which one it is may ultimately determine multicloud success in the enterprise.
Feature image via Pixabay.