Guest written by Ashraf Sheet, Regional Director MEA at Infoblox.
When you consider the lower infrastructure cost, greater agility, and improved security they offer in comparison to public clouds or traditional client-server architectures, it’s perhaps little surprise that a growing number of organisations are investing in hybrid clouds and virtualised, automated data centres.
Indeed, Forrester recently carried out a survey of enterprise infrastructure technology decision-makers which revealed that more than half (59%) of businesses are set to adopt a hybrid cloud model in the next 12 months.
Making the transition from a public or private cloud to a hybrid model means that organisations will have to operate in a multi-cloud, multi-platform environment which will often include traditional on-premises components in conjunction with Microsoft Azure, Amazon Web Services (AWS), and other OpenStack cloud technologies.
However, while cloud brings tremendous speed, business agility, and cost savings, by offering an automated process for spinning up storage and compute, network configuration like DNS across hybrid environments is often complex, and still managed manually.
In this new cloud environment, manual processes around DNS, DHCP and IP management, collectively known as DDI, can often have a negative impact on cloud agility. In addition, such legacy approaches can cause inconsistencies across hybrid deployments, and an increase in vulnerabilities that can lead to outages, security breaches and a poor experience for end-users.
Legacy DNS infrastructure, for example, is one of the most exploited parts of a network, and can often be the hidden crack in the foundation that derails a business; especially one using dynamic, next-generation initiatives such as public and hybrid cloud. As illustrated by the case of the Millennium Towers luxury high-rise in San Francisco, a problem at the foundation can be hard to diagnose, and can have a costly, devastating impact on the wider infrastructure.
To avoid such an impact on a network’s security, integrity and efficiency, it’s important for organisations to consider the benefits of investing in a unified platform to centralise the management of the core services that lie at its foundation.
A promise far removed from reality
The differences between spinning up a new compute instance and actually getting a working instance on to a production network, into service, and in sync with the traditional network infrastructure, can mean that the hype and promise of the cloud is often far removed from reality.
Automation of core DDI network services in the cloud can often lag behind compute and storage processes, which can delay application rollout and can increase the number of inconsistencies in network policies.
If DNS and IP addresses in the cloud aren’t being managed from a central resource, IT teams may find themselves faced with an incomplete and out-of-date view of their networks, their virtual private clouds (VPCs), IP addresses, and the DNS records being assigned. The use of multiple platforms in the hybrid environment also means that there is no correlation and consistency of common resources such as DNS zones and networks.
For example, while the virtualisation component may be handled by the server team, a different team entirely may be responsible for all the network aspects. As a result, the network team may have no visibility into virtual machine (VM) resources as they’re created and destroyed, which makes it difficult for them to link these to automated set-up and configuration tasks.
Indeed, without this visibility, and the lack of up-to-date and accurate information on which IP addresses and DNS records are assigned to which VMs at any given time, there’s very little point in networking teams even attempting to comply with audit and security policies.
Various different factors such as applications, locations, and users need to be tracked for VMs and networks, IP addresses, and DNS zones but, while most server admins will have access to this information, it’s likely that most networking teams won’t. A reliance on using manual methods for the creation and deletion of VMs will result in their responses being slow.
Arguably one of the main attractions of cloud deployment – the promise of rapid delivery – can be hindered by the time it can take for the manual provisioning of DNS records and IP addresses in a virtual environment. It may sound simple, but without a DNS entry, those virtualised resources cannot be seen on the network. And if they can’t be seen, they can’t be used. If you can provision resources in a matter of minutes, but have to wait days or even weeks to get them in use, you’re not getting the value from your investment in cloud technology
What’s more, the possibility of a potentially costly network outage caused by unreliable DNS, DHCP and IP address management services can pose a significant threat to any organisation, with risks that extend beyond just the network itself, as evidenced by recent news headlines.
The foundation of any organisation
Those organisations with clouds running critical workloads, or spanning multiple different geographical locations, require a foundation of highly available and secure DDI services to provide them with the scalability and resilience they need to perform effectively.
A centralised platform is required that will deliver greater automation and visibility, and help to control, secure, and analyse next-generation data centres and cloud environments.
Improving resource planning and reducing security risks, the automation of DNS provisioning as part of existing workflows and the clean-up when VMs are destroyed can eliminate unnecessary manual processes and trouble tickets. As a result, the bottleneck most commonly affecting successful cloud application implementation and rollout will be removed, and hybrid cloud deployments can be optimised to meet an organisation’s particular needs.
In order to avoid any blind spots and incongruent views within the network, the consolidation of different terms and naming conventions via a single, unified console allows virtual machines and network components to be discovered and tracked across disparate platforms and cloud environments. The destruction of a VM will automatically be documented, its DNS record cleaned up, and its IP address released, ensuring that all appropriate information is accurate and up-to-date.
One further benefit of having this current and historical visibility into an organisation’s network is that it will enable more efficient auditing of its virtual resources for compliance purposes.
Furthermore, distributing authorisation for permission can empower the workload of individual departments within an organisation while maintaining complete oversight and control of the hybrid cloud as it evolves.
The network is the foundation of any organisation, and keeping that network strong, stable and secure should be a top priority as more businesses transition to a hybrid cloud environment.
Making it fast and easy for IT teams to take charge of core network services and security through one unified platform will strengthen and secure that foundation, increasing business speed and agility, and will allow organisations to embrace the opportunities this new paradigm represents.