Search
Follow me:
Listen on:

Day Two Cloud 080: Multi-Cloud Isn’t A Myth – We Have Proof

Is multi-cloud real? Some say no, but others know the reality of multi-cloud because they are living it every day. One such human is William Collins, and he joins us to talk through some actual multi-cloud use cases.

William is Associate Director, Cloud Architecture at Humana.

We discuss:

  • How multi-cloud is like a marriage
  • Why single cloud is the way–until it isn’t
  • How and why multi-cloud happens
  • The pros and cons of building abstraction layers across clouds
  • Fostering team skills to support multi-cloud
  • Grappling with networking and security across clouds
  • More

Takeaways:

  1. Every business is different, so understand how your company works
  2. Failing to prepare is preparing to fail. – Benjamin Lincoln Einstein
  3. Don’t ever compare your marriage to multicloud

Sponsor: BMC

Is your business on its A-Game? It’s when systems are intelligent, automation is effortless, and when technology and people work as one. The A-Game is your business at it’s best. BMC calls this the Autonomous Digital Enterprise. Find out more at bmc.com/agame.

Show Links:

@WCollins502 – William Collins on Twitter

William Collins on Linkedin

wcollins.github.io – William’s blog

Transcript

[00:00:27.190] – Ethan
Is multi cloud real? Some say no, but others know the reality of multi cloud because they are living it every day.

[00:00:34.690] – Ethan
One such human is William Collins and he joins us to talk through some multi cloud use cases. Welcome to Day Two Cloud, William. Hey, man, who are you and what do you do? Hello.

[00:00:45.010] – William
Thanks for having me on. So I when I’m not playing hockey or getting my ribs broken, playing hockey or dodging Nerf darts from my five year old, I do cloud architecture work for a large health care company, but I do a lot of automation stuff. And my trade focus historically has been on the network side of things.

[00:01:10.820] – Ethan
Very good. I’m glad you don’t get your ribs broken by the Nerf darts because that B, we need to talk about that multi cloud.So multi cloud. William, what is your definition of multi cloud?

[00:01:21.150] – William
So my definition would be if you are authenticating to a cloud and and creating a resource group or a project or if someone out there is using Oracle a compartment and you put things in there into those groupings, then that’s a cloud and just do this one more time with another cloud. And congrats. You made it to Multi Cloud.

[00:01:46.480] – Ethan
And would you stretch SaaS into that whole multi club thing? It sounds like no. Maybe I just want to get your thoughts there now.

[00:01:53.710] – William
So Salesforce, workday, Office 365. These are not. In the conversation.

[00:02:02.450] – Ethan
OK, so so multicloud has been a big topic in the industry, and again, as I said in the intro, some people say it’s kind of a myth. Not too many companies are doing it. What we know from people like you that it is, in fact, actually happening. So from your perspective, since you’re living multicloud, do you see this as it’s a real thing, it’s here to stay and maybe it’s even going to gather momentum?

[00:02:23.900] – William
Absolutely, and it’s not I mean, it’s by any stretch of the imagination, it’s not just me. There’s data to kind of show like the multi cloud adoption, so if you look at the I think it’s the state of cloud report from Flexera, like ninety three percent of enterprises have a multi cloud strategy. Eighty eighty seven percent have a hybrid strategy. And on average, I think those enterprises are actively consuming three clouds and experimenting with more. So. And there’s there’s real data to back that up

[00:02:59.210] – Ned
Now are all these enterprises. Ninety three percent, are they just all in a fever dream where they think multi cloud is a it’s a good idea because, based off of some readings that I’ve taken, it seems like using a single cloud would actually be the more desirable of the two options if possible. So is that a viable option?

[00:03:19.310] – William
So I’m going to I’m going to throw a wrench in my own argument and say I think single cloud should be the only direction until there is a very compelling use case in which, you know, it’s ultimately driven by the business. You know, if I if I could if I could squeeze into that that Mandalorian armor and say this is the way, I would definitely do it.

[00:03:41.300] – William
But also, most of the I’m thinking in like a bigger context for who to who do people usually look up to that have done cloud and they’ve done it? Well, you know, I hear a lot of like look at how Netflix did it. They’re only in one cloud or you look at Spotify, you know, they went from like 20 million premium subscribers in twenty fifteen to like over one hundred and probably closer to two hundred million here in twenty twenty. And they did it on a single cloud in GCP. So I would say the, the disclaimer there is they deliver one type of thing. Netflix delivers video, you know Spotify, delivers audio.

[00:04:24.240] – Ned
You’re pointing at two companies that do very similar things and they do a thing, whereas I imagine health care is a little more stretched than that in terms of things that you have to deliver and services.

[00:04:35.990] – William
Yeah, I mean, a lot of big, big enterprises out there do many different, you know, many different things, especially like in the retail space also. That’s another interesting use case. But any anybody like looking at multi cloud. I just thought up an analogy, maybe I should not, and I’m going to go for it, let’s go for it, though my wife will never listen to this podcast, so we’re good. So think about multi cloud, like a marriage. So, you know, multi cloud should not be entered into unadvisedly or lightly. You know, you got to dip that toe in and be very careful because it can get messy, it can get expensive and can have all sorts of complications. So you think about going through a split with some multicloud babies just doesn’t seem like fun. It’ll be complicated.

[00:05:28.570] – Ethan
So is it logistics that makes it so undesirable? I mean, you made it very clear that single cloud is the way so multi cloud is undesirable again, just because of the complexity of doing a different sort of a system.

[00:05:45.540] – William
It’s more of like the higher level, like the governance of each cloud, because think of it like in your in your data centers. I mean, I worked for a company once that used like through acquisition they had. They made a lot of acquisitions, so they had like five or six, you know, brands of firewall and IPS gear that they would use. They had lots of data centers. So, I mean, I guess we could get into a conversation about use cases and talk through that a little bit. But, yeah, just when you the governance of those things, it’s always easier to have one thing that you manage, one set of processes, one one common shared understanding of one thing. You know, once you go beyond that one thing, you’re automatically injecting some form of complexity. Right.

[00:06:32.310] – Ned
You mentioned mergers and acquisitions and it’s just well, you kind of got extra data centers or extra clouds by accident. You know, you just inherited them. Is that does that usually how you think multi cloud happens in an organization? It’s just kind of by accident, this one team or this one product group went out to do it? Or is this something that people ever do intentionally?

[00:06:52.770] – Ethan
Well, Ned, I mean, William, you had quoted this thing before where it said they had a strategy and a strategy. Sounds very intentional.

[00:07:00.750] – William
Yeah. So when you’re getting into that multi cloud, which is happening a lot nowadays, I would say it rarely happens by design. Like you don’t have some folks congregating in a room jacked up on espresso saying, oh, man, we need a design pattern for multi cloud. This is not how this happens. You know, and thinking about I would say I want to another thing, too, is like I hear I’ve read a lot of really shiny and very fancy blogs over the past year that really focus intentionally on, like how to degrade multi cloud and think, you know, when I when I go through and read that stuff anyway, you know, I wonder sometimes if these writers have ever worked like in Enterprise IT, you know, because one of the one of the main focus areas that they focus on is, you know, you’re like, OK, you know, Multi Cloud is running the same workload across multiple public cloud providers, know, which to me sounds like a death by a thousand cuts. You know, this is not a use case, but I would say the multi cloud, like where it fits in with the strategy. Is it like like a micro level, like a higher level, you know, mainly inside larger businesses is where that’s going to happen the most.

[00:08:14.640] – William
And so, yeah, acquisition, I think is the biggest probably the biggest case where where people start out. And I would go back to these blog writers and tell them, hey, you know, it turns out these businesses do this thing called acquisitions. We’re bigger businesses by smaller businesses. And hey, guess what? When you buy a smaller business, coincidentally, you buy their technology too, you know, in the past that would have been data centers, you know, integrating data centers and stuff.

[00:08:40.080] – William
But, you know, nowadays, anybody like any new company that’s going to market with a product, you know, it’s usually built in the cloud. So in the future, any enterprise that isn’t multi cloud is just one acquisition away from being multi cloud.

[00:08:56.220] – Ned
Yeah, I worked for a consulting group and one of our clients was a mortgage company that was acquiring other mortgage companies that I’d helped them move at least a decent part of their infrastructure to Azure.

[00:09:07.530] And then they started buying these other companies that had data centers but also had deployments in AWS. And they didn’t want to move it because this other company they bought had put a lot of work and effort into deploying AWS properly. And so we ended up closing some of their data centers, but leaving us where it was just kind of what happened.

[00:09:26.570] – William
Very common thing. Try moving an application that’s really tightly coupled with the cloud provider into another cloud provider. It’s not easy.

[00:09:35.610] – Ned
Right? Right. And I think that that harkens back to a point you made earlier, which is the strawman that people sometimes put up in their anti-multi cloud blogs where they talk about the app that’s been stretched across multiple clouds. Can you dig into that a little bit more? What is that argument and why does it kind of fall apart a bit?

[00:09:56.830] – William
Well, I mean, I think it falls, so I see that also, like I said before, I think like last night, I Google search because I had never really did a general search out there.

[00:10:07.510] Like, why why do people want to stretch applications across multiple clouds, you know, just to see what in the world I’d find on the interweb. And one of the things that this tied back to, which I thought was even funnier, like I was like actually laughing out loud a little bit. But they were tying in this idea of running these these applications across multiple clouds and then sort of shoehorning that in with their existing DR strategies, which I was thinking, you know, this isn’t this isn’t the way that cloud works.

[00:10:40.450] I mean, your DR strategy is for availability. You’re deploying across multiple AZs, and then you’re looking at using distributing across multiple regions. And it’s really hard to distribute that application because, you know, with when data is involved and say you want to go like active, active across two regions, you have to deal with asynchronous communication back and forth and your primary replica and then eventual state with your data and thinking about how to do this across multiple clouds.

[00:11:14.540] It’s just. It sounds terrible, it doesn’t sound like a good use case, and it’s not one that I’ve seen with a lot of the folks that I’ve talked to that are in kind of the same sort of situation that I’m in. This isn’t one of these cases that they find or they do either. And those are other pretty large companies.

[00:11:34.400] – Ethan
Let’s talk about operations a bit then, Will you brought up something very practical that most of us have dealt with when we deal with multiple data centers, whether or not it was ever in the cloud?

[00:11:42.860] That’s been a problem for a long time. Data consistency, and especially if you want to go active. Active. All right. So let’s let’s take a step back and think about people that are doing operations in the cloud. Do you have to have consistent operations between clouds in order for your IT group, the people that are down there making things happen in order for that all to work? So I got some kind of an abstraction layer that is taking the specifics of each cloud away from me.

[00:12:09.710] So I don’t have to worry about this. But so at least I’ve got a consistent operational practice.

[00:12:15.950] Or is it I’m going to speak the native APIs and then process each individual cloud environment individually so I get the best out of each cloud. Practically speaking, what happens there?

[00:12:32.080] – William
We’ll try to hi t on both of those points, so the first one in having some consistency across certain areas that are important, like if. Say, monitoring, let’s talk monitoring, so that should be part of your coordinated strategy across across clouds. Think back to to the land of data centers.

[00:12:53.840] So maybe you had, like HP Compute and you probably had maybe some HP tool you use to monitor and manage it. But at some point you said, hey, we’re going to start deploying some Dell stuff and then maybe you have Cisco, UCS and you have VMware at the hypervisor level. The list goes on for days. But what you probably saw is at least at a higher level. Overall, you have some tool for ops like the Solarwinds or the CA Spectrum, you know something along those lines that sort of help bring those into the same dashboard. So for cloud, at least for observability. Absolutely. And then cloud, you have like. Each cloud provider has their own native tool for stuff like this, like CloudWatch, Azure Monitor cloud monitoring and the just like in that data center, you’d want to consolidate some of that monitoring into something like like SignalFX or something like Datadog maybe. And for the other side of this, I think keeping things cloud native native APIs, things within that cloud environment, not injecting anything.

[00:14:00.020] Third party, you want to do that as much as possible. So these cloud providers have built their ecosystems to work really well together and the constructs of that ecosystem work really well with the constructs of that same ecosystem. So keeping that consistent and trying to use as many of the cloud native things as possible before injecting stuff from the outside, I think is a best practice. But at some point you’re going to have to bring in.

[00:14:27.620] – Ethan
Yeah, just to clarify what you just said, they built the cloud environment to work well within their own thing, not with each other. Like Azure and AWS didn’t get together. We really need to be compatible. But the but all the internal components that they’re offering to to work together.

[00:14:41.300] – William
Well, yeah, exactly. Like a load balancer and a Vnet in Azure are going to work really well together. You know, you can’t they don’t have you can’t natively connect a Vnet and Azure to a VPC in AWS, you know, and that’s the thing like those two constructs work really well together. I could inject a third party load balancer. But then again, you know, Azure in these cloud providers have a lot of good functionality built in with their load balancers.

[00:15:07.880] Now, you know, you want to try to use the native, if at all possible, before you start injecting third party stuff.

[00:15:15.800] – Ethan
OK, so you’re advocating for use the cloud native where we can. What’s that look like from a staffing perspective that you got like Azure experts and GCP experts and AWS experts and each of those? Because there’s so much to know in each of these clouds.

[00:15:30.230] – William
And I would say the bigger you are for really big enterprise, the more likely you will have experts for each cloud provider. This is especially true if you like every cloud centre of excellence. So usually the bigger you get, you establish some cloud centre of excellence or cloud platform, which is essentially on the hook for for building the structure, the framework to intake, to process things through for each cloud. So maybe this centre of excellence, like maybe you get so big and instead of, you know, a lot of data centers, you have a few clouds.

[00:16:07.400] So maybe that center of excellence has a specific team unique to each cloud, AWS team or Azure team GCP team, and maybe half a team for Oracle

[00:16:18.630] – Ned
Half a team… I feel like maybe Oracle, you need a whole team for that, just based off of how good their documentation is. You might need a few more people just to figure things out.

[00:16:30.560] – William
Yeah, there’s there’s a lot of there’s not a lot of training resources out there. I don’t. I looked at Pluralsight the other day. I didn’t see anything. I think maybe eventually you’ll you’ll get some content up. I mean, I’m sure that’s based on consumption though. Like in the in the wild, the more demand the you know, the more likely training resources go up. Right.

[00:16:50.690] – Ned
I’m interested if we could take an alternative view and instead of having individuals that focus on a cloud, they focus on the same aspect in different clouds. So you have a networking cloud team that’s really well versed in the minutia of networking in all three clouds and then one that’s deeply focused on storage. Would you ever see that making sense or does the other model seem to make more sense to.

[00:17:16.740] – William
That’s a really good question, and that’s something that a lot of enterprises are still probably trying to figure out is what makes sense to do that and what doesn’t.

[00:17:24.690] So I think for the with functions like really intersect across clouds like cloud networking, a focused team that has oversight across all the clouds is probably a good idea just because they’re so interrelated. And, you know, maybe these people aren’t exactly experts.

[00:17:44.640] But since networking is something you would want to have working in harmony from one cloud provider to another, it makes sense to have something like this shared in a single team, whereas there’s aspects of security would be another thing surrounding that. Like there’s and security is a huge bucket to open. And not all security components would be this way. But there’s certain aspects of security. It would probably be shared across cloud providers and not specific to single cloud providers.

[00:18:15.720] – Ned
Right. Just to give like a concrete example. One thing one pattern I’ve seen is all of the clouds kind of have their own SIEM as a service on their cloud. But honestly, your security team, they’re probably going to want to use some external service to vacuum up all that data and put it in the cloud siem or an on premise them that they can then run their analysis tools against, especially if you’re a multi cloud. I think that’s that’s a good example of where doing it by function makes a little more sense.

[00:18:45.740] – William
Yeah, I mean, first rule of cloud security is bring in a new tool to do something that we don’t already have or a new agent or a new a new something along this

[00:18:54.680] – Ned
No agents, no agents please.

[00:18:56.270] – William
yeah. So, I mean, that’s a good point.

[00:18:58.850] But from like in being in the ground and in the weeds with some of that, sometimes I can definitely see why. They they want to bring in some of those things, you know, because it’s it’s the whole thing of like, OK, going in and learning a completely new product and having a team that can do just that product. We have this other product we can bring in that’ll work across all three of these providers and it’ll give us more insight into the visibility and even the cross visibility.

[00:19:30.870] So we have routing and communication set up between these clouds. You know, can we get you take a step back and look at the whole picture here? And I can understand that.

[00:19:43.730] – Ned
[Ad] BMC wants to know, is your business on it’s A game, it’s when systems are intelligent by learning from markets where automation is paramount, yet effortless, and when technology and people work as one in an enterprise, the A game is your business at its absolute best. BMC calls this the autonomous digital enterprise. You can find out more at BMC Dotcom a game.

[00:20:14.000] – Ethan
Here’s my perspective, OK, there’s training, there’s lots of things for the more popular clouds, lots of classes you can take, Pluralsight and so on, but. The pace of change within each cloud provider, the number of new services that they keep offering, it’s the rate of change seems astonishing, like I’m used to technology changing and there’s always being new things.

[00:20:35.140] It just seems like impossible to keep up. And it’s my job to keep up. And that was before the pandemic. And people started changing how they’re doing computing internally. So what are your thoughts on training? How the heck to keep people keep keep them up on what’s going on?

[00:20:49.510] – William
The first thing I have everybody do is go to Ned’s courses on Pluralsight. And once once they come out of there, if we still have some gaps, then, you know, sandbox environments are great. ACloudGuru and Pluralsight are awesome resources and ultimately figuring out it’s always going to be hair on fire. At some point you have something thrust upon you that you have to figure out. And I find learning from others, learning from partners, practice by doing legit training material.

[00:21:21.130] But at the end of the day. Back to the marriage analogy, so when you get oh, boy, I hope my wife never listens to this. So when you get married, you sometimes have kids, and before you have those kids, you might see other people like in public places with kids and maybe their kids are having a meltdown. They’re going berserk. And you you ever so softly whisper to your better half, this is never going to be us.

[00:21:48.980] We will never allow our kids to do that. And then you have kids one day and you look back on those instances with a little bit of a different lens perspective we’ll call it. So I guess what I’m saying is preparing for multi… I mean, preparing for cloud in general is is hard. You know, multi cloud is even harder, just like you can’t exactly be 100 percent prepared for children. You know, multi cloud is like that, too. Best thing is to really, like, understand your business, understand each line of business.

[00:22:22.910] How do they operate and how does your technology within your business work to support them?

[00:22:29.060] – Ethan
Oh, it it’s a time thing too. It’s just struck by let’s say that you were single cloud. Everybody was all in AWS and it was great. At least you’ve got one cloud environment to focus on and to get your head around. Multi cloud just seems to exacerbate the problem, like there’s just not enough time to get everybody trained. And so which is kind of what you’re saying, William. It sounds like there are moments where it’s hair on fire.

[00:22:52.130] Just everybody just dig in and figure it out and there’s not enough time to get trained. Just just figure it out.

[00:22:58.340] – William
Yeah. And that’s where that cloud center of excellence. And like, having like a. Like a sort of enterprise architecture oversight to, you know, one thing that we might get into this later, but just what are what are folks allowed to do in the cloud provider? Do you, like, certify different things? Like maybe maybe you have like if somebody wants to deploy a managed kubernetes service, maybe you have it available in Azure because you have all the guardrails up and you have the environment built to facilitate that.

[00:23:32.590] But maybe your newer in the GCP space and that isn’t a certified service in your environment. So if you want to use that today, you’ve got to go here in the future. What we expect to have that available at some point. But right now you don’t have an exact date. Keeping control of everything at that higher level is critical here.

[00:23:53.440] – Ned
That actually feeds really well into the next question that I had, which is really around governance. Now that you’re in charge of three or possibly four clouds, we’re counting Oracle. There needs to be, like you said, some guardrails on what people can deploy in each cloud. And there needs to be some level of controls over who can do a deployment and into what environments. So where do you start with those controls and how do you implement it in each individual cloud?

[00:24:18.400] – William
That’s a tough one, because ultimately you you want like a product team or an app team or whoever whoever is like paying for something you want them to be able to decide, you know.

[00:24:28.900] But this doesn’t mean anyone can just deploy anything anywhere. There has to be an intake process. Everything in cloud is billed. You can’t do anything for free, obviously. So things must go through a proper intake and a vetting process. You know, some time maybe some team wants to bring in a new application and then things go through a full review before moving on into the rest of the intake process just to make sure they are in line with our say guiding principles and cloud adoption framework.

[00:25:01.030] Maybe that conversation like something like, OK, is it PaaS or IaaS does the app use services in that cloud that we have certified for the enterprise? What are the things? Security. So what security pieces need to be in place? Like if it’s PaaS in Azure, does it need to be integrated with other services manager? Is it does it have is it supported by private link yet? You know, how does your DR playbook look at going through and actually vetting a design you will often find and be able to contribute to helping and steering that conversation, and that internal governance process

[00:25:38.920] Yes, it spans multiple teams that are domain experts. And whatever it is that you’re looking at, you know, you you definitely don’t want developers taking a stab at their their second calling of security, governance, balancing act.

[00:25:55.180] – Ned
Yeah, yeah. I thought it was interesting. So you’re talking about bringing a bunch of people together to create these internal governance standards and defining them through a paper policy. Do you also then enforce that policy through technologies and each cloud

[00:26:09.970] – Ethan
Cowboys. William, we’re looking to control the Cowboys

[00:26:13.960] – William
Once a Cowboy always a cowboy until until version control is implemented properly.

[00:26:19.150] So the you know, I think with all this stuff, your only way to do it at scale, if you’re in multi cloud, then you’re probably, and you’re a lot bigger, then you probably are somewhat mature on on codifying things. So I would want to see everything policy wise defined in code, you know, which is governed in source control. So, you know, if you use like Jenkins or like Azure DevOps, there’s a good example, having the right quality gate integration with Azure DevOps, having maybe certified pipelines that are approved and have to go through certain checks like maybe through like Sonar Cube or something else to, you know, validate code integrity and then maybe PRs that.

[00:27:08.200] Have, you know, maybe there are some a few manual pieces where PRs have to be approved by domain level experts. But the beauty is like all this stuff is so flexible. So if you put together the right people in the right minds, you can figure out like how depending on your business and what you’re selling or what your products are, you know how to do it. It makes sense. It’s not a definitely not a one size fits all thing.

[00:27:33.400] – Ethan
What you just said there, there’s so much complexity to that when you with a cloud and then you add multi cloud to it and it feels like it gets that much harder. You’ve got the policies on paper, but you as you said, you want to enforce that with code and version control to make sure that what everyone’s doing is allowed and audited and logged and you can roll it back and so on. It just feels daunting. Am I wrong?

[00:27:57.940] – William
It is daunting. Let’s let’s take it let’s take a simple example since. You’re really focused in the network stuff usually, let’s look at creating, OK, so in Azure you create the Vnets in AWS you create VPCs and then Google, you create VPCs as well. So we’re doing the same thing. We’re creating a virtual network, but you do it differently. So maybe we have a little abstraction with our tooling. We use terraform, but we run terraform through an Azure DevOps build and release pipeline to actually execute.

[00:28:30.310] So the the source code or the control to actually deploy that terraform is in a git repository. In that git repository is managed by the domain level experts of networking. So the guardrails or the things that are fed into because you’re you don’t put things manually in these templates in other variables and you feed in data from places so the guard rails for what can be deployed to that cloud provider are existing in source control. So when you look back at everything and you boil it down to the most simplest piece, you realize that.

[00:29:05.200] Yeah, I mean, you just have to figure out from beginning to end how the flow works, where something lives, how the information is injected and what people can and can’t do somewhere. So, of course, developers aren’t going to be able to pick all the IP space they can consume in the cloud.

[00:29:22.390] – Ethan
This was my next question. Exactly how do developers fit into all of this? Because they do. They care like which cloud they’re consuming. How do you put guardrails around them? Is it just they’re just dumping stuff in a pipeline and it goes where it goes and you’ve got the guardrails up so that they can’t screw it up.

[00:29:37.030] – William
You know, that’s… Back to what I said about a product team’s experience. You know, you want first of all, you want their experience. It should be completely removed from multi cloud because in the context we’re talking like multi cloud is happening at a higher level. So a product team within your business probably isn’t using multiple clouds. There’s a big business unit that’s using a single cloud. And, you know, they’re not worried about any any of the multi cloud conversations.

[00:30:05.440] So to make that experience good, you basically have I like thinking about this. And in terms of like. Foundational level stuff and services level stuff and a line in between, so foundational level of things are going to be all the the infrastructure that is required for that product team to deploy their application and go to iterate. You know, you give them as much control as you can based on your specific guardrails or what makes sense, you know, because you don’t want them to unintentionally break anything that can happen to anybody.

[00:30:41.470] I don’t expect developers to be experts at security and networking, just like I’m not going to go in and start messing around with Java because I would destroy it. There’s no chance. So having that sort of that line in the sand between foundational level stuff and services level stuff and having both of those areas, you know, sort of operate in harmony.

[00:31:05.420] – Ned
So you would imagine that the foundational team and then that individual service team, the one that’s actually deploying the application, they’re going to have a lot of interaction when you’re initially designing and deploying that first iteration of the application.

[00:31:19.190] But then beyond that, the foundations in place, the application team can just start iterating forward unless they need to consume some new foundational services that.

[00:31:30.870] – William
Absolutely, and I mean, that’s the DevOps saying, you know, we get in there and with these product teams who want to build a good product, you’ve got to talk. You got to get in to understand what they’re doing. And we have I mean, if you think about it, like, what does an application take to run in the cloud?

[00:31:45.100] It’s a lot of the same stuff from application to application, even in PaaS versus IaaS even. I mean, a lot of the security controls are going to be different. And there are some differences. I don’t want to make it sound like it’s easy, but they they require a Vnet, they require a subnet, maybe they require some NSGs, maybe they require some Internet egress. If it’s PaaS, maybe it’s it’s got some private link integration, but it’s not like everything is, you know, a complete snowflake.

[00:32:15.930] There’s there’s foundational level infrastructure for everything you’re going to run. So while some environments that you provide to product teams might differ a little bit, they’re still controlled with golden templates and golden images and sort of the same iteration of golden pipelines that you’ve built the structure for.

[00:32:36.510] – Ned
Right. I want like I want to harken back a little bit to what you mentioned earlier, the idea of using something like Azure Dev Ops and terraform combined for that foundational deployment. Now I’m using the same tool across multiple clouds. I know Azure Dev Ops has Azure in the name, but you can use it to deploy wherever you want. It’s just a code pipeline and terraform can, each config has to be different for the different clouds, but you can use it on any of those clouds so that get back to that having a third, almost a third party toolset to implement this stuff on these different clouds.

[00:33:09.240] And then you can just give it over to the services side the app and say, OK, now use your tools to get your application deployed.

[00:33:18.210] – William
Exactly. Yeah, that’s the I mean, that’s the DevOps saying, I mean, not to say that anybody can bring their own tool for anything because, oh boy, everybody would bring in a different tool. But, you know, there’s certain things that are going to be better, you know, to solve different solutions.

[00:33:32.130] You know, like terraform is not going to be able to go in and install and do the middleware stuff on a VM image after you’ve maybe, you know, maybe it’s gone through and been packaged in like Packer and everything’s set up and you deploy it and then you have something that goes and does some things on the image after the fact, you know, and maybe they’re they want to use Ansible for that or puppet or something. And, you know, that’s, you know, completely after the fact.

[00:33:56.580] It’s something they would do and they have that foundational infrastructure and all the guardrails in place to make sure they can’t mess anything up and that that blast radius is contained and they go on their merry way.

[00:34:07.710] – Ethan
Will we got to talk a bit about networking in the multi cloud. So some months, probably a couple of years ago now on, I don’t think it was a Day Two Cloud. I think it was a Datanauts show. We interviewed John Merline, who was doing some multi cloud deployments and talking about the networking challenges, latency, where a different service is located, in which clouds and how far away are they from one another and how that could impact overall application performance.

[00:34:33.020] Well, in the context of this conversation, William, we’ve been talking about typically you’re not deploying a single app across multiple clouds, it’s the way you’ve described it, it’s typically a single app in a single cloud. But there’s still some interaction there that might happen across the multi cloud, I’m guessing. Can you talk about those scenarios and then what networking looks like when you’re a multi cloud shop?

[00:34:57.170] – William
That’s a really good question. And yeah, I mean, you’re right. There’s going to come some point in time where someone is going to come to you and say, hey, we’ve got this thing in one cloud and it’s got to talk to this thing in another cloud. And, you know, I would say to. To you’d probably want to start thinking through these types of scenarios when you are in one cloud and you’re deciding to move to two, where you’ve acquired another one or just something has happened to where your business is now in two clouds and the geography is always geography.

[00:35:30.990] So if you’re going cross region or you have something in East region and it’s got to talk to West, and hopefully that’s not an application making calls out West cause that’s just not going to work no matter what you do, because that’s that’s a long ways. But there’s a few different options. I think the main ones that you’re going to see as far as design patterns are concerned is like try and going back to keeping everything cloud native. And of course, I don’t mean I don’t consider NVAs as cloud native.

[00:36:05.550] So if each cloud service provider is flying with that. The hub and spoke model that’s usually recommended. This means traffic is going to come out of the cloud for just about everything. Spoke to spoke communication, even within the same cloud, you know, spoke to spoke communication from one cloud to an adjacent cloud. They have to be routed by something because you can’t do transitive routing in the cloud. It’s not available natively. So it’s either going to come back to a router in your colo or in your data center.

[00:36:40.420] And you could always, I guess, Vnet peer everything to everything. But that is not a good idea and it would not be recommended by anybody that’s ever tried to do that before.

[00:36:52.090] And the I would say the second option is probably going all in on the network virtual appliances. So like in this sort of pattern, your your traffic, I would say most of your traffic is probably going to stay in the cloud with the exception of anything going back on premises to your data centers, because you’re you’re going to want to go over those layer two, those high speed DirectConnect, ExpressRoutes. So and the third option, of course, is always, you know, buying some sort of overlay or some sort of control plane type solution like Alkira Aviatrix or..

[00:37:36.630] – Ethan
I thought you were maybe going to lead with those. This is interesting because the way you phrase this is different from what I thought. I thought you might say, you know what, an overlay is going to be a good way to go or some kind of an SDWAN solution or Alkira, Aviatrix, you know, start with that kind of homogenize. The network can make it easier to manage and glue all this stuff together. But again, you’re leading with cloud native when possible.

[00:37:56.930] – William
I wouldn’t say that I’ve ordered those in the way that I think they would be successful. I think I’ve ordered them in the way that I’ve gone through them, practically like in real life. So you. Definitely start out with a solution, that’s if you have a shift from like on premises into a cloud, you’ve got a lot of stuff still running on premises, but you’re starting to get into cloud and you just have a lot of dependencies outside that cloud provider. And then slowly, you want to shore that up a little bit. You want to keep as much as you can in the cloud and only go out of that cloud when you have to.

[00:38:34.420] And and I think the cloud providers are actually becoming very intimate with this challenge. And, you know, they, of course, want to capitalize on it. So Azure has Azure WAN and AWS just rolled out their transit gateway connect, which basically just integrates it’s like an integration layer to like natively extend SDWAN into AWS without having to set up or mess with like, like IPSec, between NVAs and transit gateways and stuff.

[00:39:07.320] – Ned
One of the things that I’ve seen as an issue with using the sort of site to site VPN or one of those NVAs is you’re limited in the network bandwidth you can get between two sites. And that’s intentional on the cloud provider side. They don’t want you blowing out their bandwidth, trying to create a whole bunch of connections. And there are ways around it. But probably the best way it would be to link a private circuit from Azure like ExpressRoute to a private circuit from AWS Direct Connect. I don’t even know if that’s possible at the moment, but ideally they’re probably feeding into the same like Equinix Data Center.

[00:39:45.630] So you think you could just just bridge the two? Have you seen anything like that?

[00:39:50.850] – William
Yeah, I mean, most people have lived this that are multi cloud, but yeah, you have colos that have your your flavor of whatever layer two providers offering fast connect, direct connect, you know, express route and everything. And they come back and they just terminate on a layer two switch that layer two switch connects to a layer three router and then you have a routing domain and you can routing between although just for.

[00:40:18.770] I would say from that perspective, there’s a lot of DIY involved with just a lot of different things. And when you when you really get past one or two cloud providers, it can get very complicated because you came into it originally with one design and security was under the guise of some strategy at the time that they were pushing and, you know, segmentation maybe looked different and then it transformed and then it transformed. And, you know, for anybody that’s worked in the datacenter environment, shifting physical hardware and configuration on physical hardware to new things very simply is just not simple.

[00:40:56.240] It’s more complicated than that.

[00:40:58.610] – Ned
You probably won’t be surprised to hear that some of the interconnect providers like Equinix are now offering a service to create that sort of virtual connect to all the public clouds and back to your data center for you and manage it at what I’m sure is a very respectable high cost.

[00:41:16.520] – William
Yeah, so I’ve tested a few of them pretty extensively. Are you talking about, like, Equinix network edge something.

[00:41:21.560] – Ned
Yeah, yeah, yeah, yeah. What what are your thoughts on that. Did you. Well I don’t want you to talk smack on Equinix or anything, but I’m just curious. Did you find it worth the worth the while or are there better solutions?

[00:41:34.130] – William
Well, it’s pretty new. It’s I think they’re they’re from a from a business standpoint. They’re going in the right direction. That’s what people want to see. And the experience there was some things that were challenging to get going, but they’re they’re moving in a good direction with that. And, you know, but I do think there’s some third party players in that market that are making it a lot easier. And they’re it’s more seamlessly integrated, like Alkira, Aviatrix.

[00:42:01.130] And I know ZScaler’s doing some new things. And I think the ZScaler stuff, you have to deploy your virtual appliances like into each Vnet or VPC, if I remember correctly. But yeah, you know, like something like Alkira is completely API driven. You’re not installing anything anywhere. You’re just you’re using the same service principle that you have set up for your azure environments already and, you know, just using it in a different way to to deploy your connectivity between things.

[00:42:35.220] – Ned
Well, I don’t think it would be a 2020 podcast if we didn’t at least ask about Kubernetes. So is Kubernetes is going to be the great equalizer across all of the different Clouds? Because it’s the same everywhere, man. It’s just Kubernetes. Or is that so less true than some adherents to the Church of Kubertology might believe?

[00:42:57.260] – William
I’m going to tread carefully here because people get really insulted if you ever say anything that’s like not what they want to hear about Kubernetes, it’s like a it’s the big culture thing right now.

[00:43:08.250] I would say that that’s not the right question. I mean, I don’t know for me, like putting Kubernetes in multi cloud in the same conversation is like putting together a motorcycle ride in a hailstorm and just like I said, is kind of being blunt, but I think in the real life deployment scenarios, I’ve seen with kubernetes and cloud, you know, they tend to be on the side of like the managed kubernetes services that exist in the cloud providers.

[00:43:36.300] So, you know, like EKS, AKS and GKE, and I’ve been through several real life deployments with these solutions.

[00:43:43.840] And the first thing I could tell you is, you know, this sucker ain’t portable know, we it’s not going anywhere.

[00:43:52.690] – Ned
So that would be more of a situation where as the foundation layer, you would set up that cluster for whoever wants to deploy the application. And then, OK, here’s the cluster go deploy your app. But it’s going to live here. It’s going to live here for good.

[00:44:05.610] – William
Pretty much, I mean, you can never say anything is going to live anywhere for good, but that’s ultimately the reality that a lot of people are going to face.

[00:44:11.910] And I think, you know, there’s there is a lot of third party solutions that are coming out of the woodwork now to to make like containerized workloads portable across these environments. But that means transitioning over from that cloud native service into something else. I mean, I know like Google is on to this right now with Anthos. Their anthos platform is actually pretty neat. If you’re well integrated with Google Cloud, you know, that’s always a possibility that they make it pretty, pretty easy and seamless.

[00:44:42.480] But I would predict in the future that. If you’re running containers in the cloud, like most are, convenience is going to be a win over portability, usually meaning that the CSPs, like their native service of Kubernetes, is probably going to be more widely used.

[00:45:03.140] I don’t have any data to back that up, but just, you know..

[00:45:07.250] – Ethan
It feels like this is a whole different show or a whole additional show, too, where we can say, wait a minute, I can’t stand up my container anywhere I want. Why not? I thought that’s what they were promising me. Oh, well, William this has been a really good, good, good conversation. Do you have any takeaway, strongly memorable things that you would like to leave the audience with today?

[00:45:27.380] – William
Most people know every every business is different, know something that is good for one business, may not be good for another. You know, the company you work for, you know, know how the business works and maybe take those opinionated blog posts with a grain of salt sometimes. And Benjamin Franklin once said, failing to prepare is preparing to fail. And when I’m forced to to build PowerPoint slide decks, I use that quote a lot because, you know, use your time, you know, prepare like in the right areas that are going to be advantageous to your business, you know, learn how to ask the right questions.

[00:46:04.220] And, you know, maybe they’re going to try to push something or something’s coming down the pipe that’s going to not be good for the business, you know, and that’s an opportunity for you to jump in and use what you’ve learned to to help maybe steer that decision, you know, which will ultimately be better for everybody. And then, of course, the last takeaway is don’t ever talk to your spouse and compare your marriage to to multi cloud.

[00:46:25.610] It might not go over well.

[00:46:28.490] – Ethan
Of course, William thank you for spending. Oh, about an hour with us here at Day Two Cloud with the audience. Really appreciate it, because this was a. I love these shows where it’s a real dose of reality that makes me very happy to hear these things, and I think what spawned is, if I remember right, is you would listened to our show with Ivan Pepelnjak where we talk about multi cloud networking. And he, of course, went off, as Ivan does.

[00:46:52.940] And you were responding and you’ve you’ve you’ve added yet more of this thought provoking discussion about the reality of multi cloud versus what we see in all these blog posts.

[00:47:03.500] – William
That’s was a brilliant poddcast, by the way. And I want to highlight that just about everything he said on there was spot on. But there’s a difference between being one hundred percent. Right. And like what is reality for the enterprise in the world we live in? So just.

[00:47:18.020] – Ned
Yeah, the reality we have to live with.

[00:47:22.610] – Ethan
William where can people find you on the Internet, blog, a book, Twitter, anything you want to share?

[00:47:27.170] – William
I’m on LinkedIn. William-Collins on the Twitters, wcollins502 and I do blog occasionally. wcollins.Github.Io.

[00:47:37.820] – Ethan
Well excellent. Thanks again for joining us today and virtual high fives to you for tuning in. If you have suggestions for future shows, we would love to hear that we can hit either of us on Twitter at Day Two Cloud show or fill out the form of Ned’s fancy website nedinthecloud.com. A little housekeeping if you’d like to support the Packet Pushers podcast network directly. That includes Day Two Cloud. If you didn’t know, hey, become a member of Ignition at packet pushers dot net.

[00:48:02.060] Ninety nine dollars a year in ignition gives you access to our growing library of white papers, courses, videos, long form articles and analysis that we don’t publish anywhere else.

[00:48:10.430] Until then, just remember cloud is what happens while it is making other plans.

Episode 80