Bart Salaets, EMEA Field CTO at F5, explains how multi-cloud networking can be both straightforward and secure.
The days of enterprise apps running in a single environment are drawing to a close. Composed of microservices, modern apps use distributed Kubernetes and application programming interfaces (APIs) to deliver the capabilities, flexibility, and scalability that digital enterprises demand. No longer monolithic in nature, enterprise apps often run across multiple cloud and on-premises IT environments.
The trend is loud and clear in F5’s latest State of Application Strategy report: hybrid IT, in whatever configuration it may be, is very much here to stay.
According to our research, only 15% of globally surveyed organizations claim their applications are deployed in a single environment. The majority are distributed more widely—and more than one-fifth of organizations’ applications are hosted in six different environments. There’s no single environment suited to delivering modern day, app-specific goals.
That’s why many organisations are now embracing multi-cloud networking to interconnect different environments. But there is more than one way to implement this concept.
As the primary purpose of multi-cloud networking is to interconnect apps efficiently and effectively, it makes sense to take an application-centric approach. Some organisations, however, opt for a network-centric approach, because of the way they are organised and the skillset of their IT staff.
Network- or application-centric?
For many enterprise IT teams, SD-WAN (software-defined wide area networking) is their touchstone. SD-WAN is used to interconnect all kinds of devices, machines, applications, and other entities, ensuring that they receive an appropriate quality of service. Interconnecting clouds is different. Here, it’s all about running apps.
Taking an application-centric approach allows for tightly integrated traffic management, routing, load balancing and security – all of which are needed to transform a distributed application into a safe digital experience.
By contrast, if you take a network-centric approach, you have to retrofit firewalls and other security functions, potentially resulting in an unwieldy and complex multi-cloud architecture.
To comply with data sovereignty rules, for example, an enterprise may need to run the back-end of an application in a private data center and the front-end in the cloud. While it could install distinct security solutions to protect the front-end in the cloud, and the link to the private data center, it means dealing with several different vendors. And several different management planes.
Retrofitting is complex and inefficient. In the SOAS survey nearly 90% of the respondents operating in multiple clouds cited challenges with security, performance, and cost. The main challenge for respondents is the complexity of tools and APIs arising from a lack of standardisation or interoperability. Applying consistent security policies was next, with performance optimisation not far behind.
Cutting through the complexity
In part, these responses reflect the fact that public cloud providers favour their own proprietary tools, which can prevents consistent and unform operations across different clouds and on-premises environments.
In its market guide to multi-cloud networking, research firm Gartner flags the value of using a single management platform to handle “full-stack” Level 3 through Level 7 networking and network security capabilities (such as routing, domain name services, content delivery, web application firewalls and observability) across multiple providers.
Looking ahead, Gartner anticipates the convergence of infrastructure services, such as network security, Level 3 connectivity, policy management and visibility, with more cloud-native-oriented application services, such as service mesh, application security and ingress functions.
At F5, we hold a similar view. Although we can enable enterprises to take an application- or a network-centric approach, we recommend employing an integrated service stack that addresses both Layer 3 transit and Layer 7 app-to-app service networking between clouds and distributed applications. This integration minimizes both complexity and increases agility. The goal is end-to-end security between environments, and across the connected workloads, with unified policy controls on hand to quickly deal with evolving threats. By supporting connectivity and security at both the network and application layers, F5 Distributed Cloud Services are designed to easily extend application and security services across public clouds, hybrid deployments, native Kubernetes environments, and edge sites. Enabling enterprises to manage network operations and application performance through a single console, simply makes multi-cloud networking much more straightforward and secure.