What is multicloud?

What is multicloud?

Multicloud is a cloud computing deployment model that enables organizations to deliver application services across multiple private and public clouds containing some or any combination of the following: multiple cloud vendors, multiple cloud accounts, multiple cloud availability zones, or multiple cloud regions or premises.

What is multicloud

For example, a multicloud could include: two public Infrastructure as a Service (IaaS) providers, a public Platform as a Service (PaaS), on-demand management and security systems from public clouds, a private cloud IaaS for company systems of record, and a private Container as a Service (CaaS) stack on either public or private IaaS for systems of engagement and cloud-native applications.

According to the National Institute of Standards and Technology, different cloud computing deployment models are defined as:

  • Private cloud—The cloud infrastructure is provisioned for exclusive use by a single organization comprising multiple consumers. It may be owned, managed, and operated by the organization, a third party, or some combination of them, and it may exist on or off premises.
  • Public cloud—The cloud infrastructure is provisioned for open use by the general public. It may be owned, managed, and operated by a business, academic, or government organization, or some combination of them. It exists on the premises of the cloud provider.
  • Hybrid cloud—The cloud infrastructure is a composition of two or more distinct cloud infrastructures (private or public) that remain unique entities, but are bound together by standardized or proprietary technology that enables data and application portability.

 

Contrail Provider Cloud is an example of IaaS that is often used as a foundation for private cloud.

While most public clouds offer IaaS, many offer more services that may be termed Services as a Platform (SaaP), like a disaggregated PaaS.

Benefits of a Multicloud

High availability—multicloud provides redundancy and protection for an organization’s services and data storage against security threats and outages. If one cloud is unavailable, other clouds remain online to run applications and service users.

Flexibility—multicloud offers organizations the choice and flexibility of selecting the “best” of each cloud type to suit their particular business needs, economics, locations, and timing. Typically, organizations use several different clouds to manage their data, infrastructure, and applications. Organizations can avoid ‘vendor lock-in’ if they use multicloud wisely to maintain application and data portability.

Cost effectiveness—multicloud enables organizations to best control their economics, weighing capital and operational expenditures, and taking advantage of public cloud and infrastructure vendors competing on price. By using a public cloud service, organizations can also deliver additional functionality to their customers without having to hire personnel or spend their own time managing the service and all its dependencies. Additionally, by planning service capacity allocation through the multicloud, organizations can optimize costs for specific service-level requirements and elastic scale.

 

Why Build a Multicloud?

By building a multicloud, organizations can use and benefit from multiple services from multiple cloud hosting providers. Connectivity that provides end-to end reach is key for the multicloud! How connectivity is provided can either help or hinder efforts to extend end-to-end security and operational control across a multicloud architecture.

Multicloud, considered end-to-end, is more than data centers and public clouds; it also includes connecting applications to each other and to your campus and branch sites where your users, staff, and customers engage. This reality requires the following multicloud components:

Multicloud Diagram

How to Prepare for a Multicloud Architecture

Because a multicloud architecture is such a vast environment, organizations should properly prepare to manage this inevitable reality when using, or considering using, a cloud architecture.

  1. Unify the toolchain: A unified toolchain effort is one where developers rationalize a base DevOps pipeline, application runtime cluster, and middleware stack that ideally can serve most of the organization’s projects. Tools need to work on any cloud infrastructure (including legacy infrastructure). Encourage open-source-based services that are managed in many clouds, or ones that organizations can bring and manage on their own.
  2. Connect the clouds: Multiple clouds need to be connected together to enable pipeline automation, allow split application tiers, and secure data replication for warehousing or distributed applications, and backups for disaster recovery and avoidance.
  3. Unify and simplify policy: Use cloud management platforms to elevate the organizations’ orchestration in and across the clouds. Unify configuration and management with federated or global controllers. Use abstraction in provisioning models and APIs.
  4. Plan and prepare upfront: Develop a deliberate strategy for multicloud as an IT platform, taking time to plan and build the organization’s ideals. Avoid rushing in, which could result in developers consuming services at will and limit the organization’s future flexibility.

Working across multiple cloud environments, organizations can maximize their ROI while minimizing risks associated with individual cloud environments. The flexibility and value added by a well-managed multicloud platform leads to continued business advantage and agility. To review recent cloud adoption statistics, click 1 State of the Cloud Report.

Multicloud FAQs

What is multicloud?

Multicloud is a cloud computing deployment model that enables organizations to deliver application services across multiple private and public clouds. The multicloud environment may contain any combination of the following: multiple cloud platforms and vendors, multiple cloud accounts, multiple cloud availability zones, and multiple cloud regions or domains.

What is multicloud management?

Multicloud management is the process of using a software tool to deploy, upgrade, secure, or otherwise manage applications across a mixed IT environment of on-premises and public cloud platforms. Because cloud computing has become integrated into nearly every aspect of IT, virtually any application can be managed in a multicloud environment. 

What are the basic capabilities of multicloud management tools?

Multicloud tools can vary widely in functionality. Some are built to support a single application that has been deployed in multiple clouds. Others let you use a single management interface to manage infrastructure components (such as databases) with instances that exist in multiple clouds. Another type of tool lets you manage entire workloads across multiple clouds; virtualized and containerized workloads are commonly used in this scenario.

Why use a multicloud strategy?

The three most common reasons to use a multicloud approach are performance, resiliency, and security. It should be noted that cost is rarely cited as a top motivating factor behind successful multicloud deployments. Let’s look briefly at each of the three biggest multicloud drivers.

  • Performance. Like content delivery networks (CDNs), multicloud can deliver performance advantages by moving resources closer to the end user. CDNs store data and multimedia content as geographically close as possible to the networked end-user; similarly, multicloud deployments can move some (or all) of an application to a network region or domain that minimizes the physical distance between user and resource. Improving user-resource proximity reduces the network latency associated with accessing data and applications over a wide-area network; the more geographically distant users are from the resources they access, the more latency (delay) they’ll experience.
  • Resiliency. Hosting your applications in more than one cloud guards against the failure of any individual cloud, though it’s important to point out some nuance when talking about cloud resiliency. Public cloud providers do build a measure of redundancy into their infrastructures by operating data centers across multiple regions. These setups enable a base level of resiliency without customers having to use multiple cloud providers. However, billing disputes and human errors, such as configuration mistakes, can put all workloads hosted and processed by a single cloud provider at risk. There are many workarounds for this, such as having each region managed under different accounts with different credentials. However, these workarounds create operational complexity issues similar to those associated with multicloud deployments. 
  • Security. Multicloud – especially a combination of private and public cloud – may also be deployed for security reasons. Many organizations want to take advantage of cloud computing’s economic and scalability benefits or the capabilities offered by a particular cloud service provider but must keep certain data and/or workloads restricted to specific geographical locations or on-premises deployments. Typically, these circumstances are dictated by regulatory requirements, such as the European General Data Protection Regulation (GDPR) for information privacy, or by data sovereignty concerns. See the discussion below for additional multicloud security considerations.

What does multicloud mean for security?

Multicloud makes the geographical location of your data a core consideration of modern information technology. Legal requirements for data storage and data sovereignty vary greatly between jurisdictions, and the existence of multicloud creates data locality considerations that are receiving increasing legal scrutiny around the world.

If you are using an application that makes use of multicloud behind the scenes but which you don’t manage directly, then you must determine the implications of that. In most jurisdictions your organization, as the user of that application or service, is responsible for knowing all the possible places where your data could be stored by your vendor’s multicloud-enabled application. Depending on the data involved and the jurisdictions in question, your data may need to be in legal compliance with every jurisdiction in which it might be stored, processed, or accessed.

The same legal considerations exist if you are managing your own multicloud deployment; however, you have much more control over where that data is stored. Multicloud deployments you operate yourself allow you to choose where you store which data, allowing you, for example, to store highly sensitive data in on-premises repositories only. 

How secure is multicloud?

Multicloud security varies depending on the skill of the operators and vendors involved. Every infrastructure component and application involved in a multicloud must be secured. The more components there are in a multicloud deployment, the more opportunities there are for misconfiguration or security vulnerabilities.

Every cloud you use as part of your multicloud environment is a separate infrastructure that must be designed, deployed, monitored, and continuously maintained to remain secure. In addition, there are separate security considerations for any applications and data that run on top of the multicloud infrastructure.

Applications and infrastructure components explicitly designed for multicloud environments can significantly reduce the security burden. Virtualization and containerization, for example, allow administrators to deploy identical stacks of software, regardless of the underlying cloud platform. These stacks can contain one or more applications in addition to security defenses, such as virtualized or containerized firewalls.

Another important multicloud security consideration is networking. Multicloud applications may contain or even operate on sensitive data, such as personally identifiable information (PII). If this data is being transmitted between applications or application components, it’s advisable that this communication occur across a secure network.   

How does Juniper Networks support a multicloud strategy?

Juniper offers several solutions, products, technologies, and services that enable customers to create secure multicloud networks. Among them are AI-driven SD-WAN and secure edge connectivity, which together provide a secure multicloud deployment foundation. In addition, Juniper offers containerized routing, application discovery and monitoring, and network security.

Routing. Juniper’s MX Series Universal Routers and Session Smart™ Routers deliver policy-driven, automated routing that enables network administrators to optimize the end-user experience at any scale across an organization’s entire WAN footprint. Customers can manage branches, data centers, and cloud routers centrally via Session Smart™ Conductor or the AI-driven Juniper Mist cloud. In multicloud environments, MX series routers tie on-premises and collocated data centers together with one another and with public cloud deployments.

Juniper’s Cloud-Native Router is a containerized router that uses Juniper’s proven routing technology to link public cloud services with on-premises data centers. It uses cRPD and a Contrail DPDK vRouter forwarding plane, implemented in Kubernetes, for performant, seamless Kubernetes Container Network Interface (CNI) framework integration.

Security and QoS. Monitoring and application flow discovery are an important part of securing multicloud networks and crafting quality-of-service (QoS) policies. Elements of this broad range of functionality can be found in Juniper switches, routers, and firewalls running the Junos® operating system. Juniper’s Cloud-Native Router, and the Juniper Secure Analytics portfolio also provide some of this functionality.

Network security does not end with identifying and monitoring data flows, and Juniper has several security-focused technologies to defend your multicloud deployment. Juniper SRX Series Firewalls are ready to handle any scale, with physical, virtual, and containerized options available. Juniper Cloud Workload Protection helps defend individual workloads, while Juniper Advanced Threat Prevention features such as AI-predictive threat prevention, SecIntel, and Encrypted Traffic Insights enhance network-based defenses. These technologies use real-time threat intelligence feeds, block lists, and dynamic detection to enable automatic, responsive traffic filtering anywhere in the network. This enables administrators to detect and block malicious botnet traffic, even if it has “gone dark” via encryption, without additional hardware and at wire speed.

All of this is managed by Juniper Security Director Cloud.  Security Director Cloud enables you to secure your multicloud architecture with consistent security policies across any environment and expands zero trust to all parts of the network, delivering unbroken visibility, policy configuration, administration, and collective threat intelligence all from one place.

Finally, inline distributed denial-of-service (DDoS) protection is a serious concern for any Internet-facing services. The Juniper and Corero Joint DDoS Protection solution provides this functionality.