Fleming Shi is CTO of Barracuda Networks.
Moving to the cloud isn’t easy, but it can be done securely and efficiently.
The need for speed—the ability to build faster—is one of the driving factors for moving to Amazon Web Services (AWS). The days of building software and tossing it over the wall to the Ops team are long gone. Instead, operational efficiency is achieved by continuously building, integrating, deploying, protecting, monitoring and remediating.
Having successfully transitioned 400 engineers from building appliance-based solutions into supporting a product line that is 100 percent built in the cloud on AWS, here are some detailed information, tips and considerations that could help make your move to the cloud faster and easier.
To support customers with products and services all around the world, you need to find data centers all around the world. This requires executing contracts with companies on continents where customers reside. With peering provider and upstream hiccups added to the mix, this process can take several months to get up and running in each data center.
It’s very difficult to find the right data center, one you can trust. At some data centers, for example, if someone accidentally pushes the Emergency Power Off (EPO) button, the situation has to be assessed before power can be restored, meaning services aren’t available during that time. That can be a big pain.
You can’t prevent some of these data-center issues, but you can take precautions to alleviate them. If you’re building your own data center, host your applications at multiple facilities. If you’re using a public cloud, such as AWS, host your applications in multiple regions. You might also want to run your applications on multiple public clouds, such as AWS, Microsoft Azure, and Google Cloud Platform. Spread the risk: ensure your applications are geographically well-dispersed, so they can’t be taken down easily.
Rack Space Allocation
Once you’re set up in the data center with a cage and a network drop, you need rack space and a plan for expansion. You need to consider that some functions will grow and need more rack space more quickly than others. If you run out of space due to growth or other reasons without a plan, you could spend weeks trying to figure out and implement a solution.
You need to know where your scale is going to come from and how you’re going to be able to add that capacity quickly. If you’re building your own data center, the architecture of your application will drive where your scale is going to come from, whether it’s from customer-facing workloads, data persistence layers, or the middle layers between them, you need to be able to grow elastically. That’s one of the advantages of using the public cloud: You have access to much more compute in a very agile manner, so you can plan your capacity much more quickly.
Speaking of other reasons that require more rack space, power consumption can be one of them because rack density depends on hardware. Based on the power consumed by your CPU, you may have to change hypervisor hardware or leave half your racks empty. It can take weeks to switch and retest hypervisors.
The grid that’s available to the data center and your rack is a critical piece that must be carefully considered, especially if you’re building your own data center. That’s another advantage of using the public cloud: Someone has already thought about power consumption for you. In addition to having their own power plants next to the data centers, they have backup power capabilities and other systems to ensure your applications stay up and running.
Even with the right hypervisors, you need to worry about agility. IO performance can quickly become a bottleneck and make you run out of space. Depending on your situation, you may have to turn off a bunch of clusters, replicate, back up and then expand the size of the hard drive. This could take months of effort to resolve.
We actually ran out of cables needed to connect the hypervisors to the network. It was the breaking point. But it was also the realization that this was probably never going to end; the cycle was going to continue and we needed to continue overcoming the challenges.
This was a reminder that any type of mishap or inefficiency can introduce months of time wasted. It was also a reminder that you never run out of cables when you move to the public cloud. If your application requires massive growth, global coverage, or elastic workloads, the public cloud can alleviate and eliminate some of these physical obstacles.
Once we were up and running on AWS, the abuse reports started coming in and it’s not a good feeling. Productivity was way up for projects, but we started to see security incidents. We got three abuse reports in a 30-day span. This underscored the need to watch over builders via management and the control plane natively in the platform. Providing governance with CIS Benchmark and auto-remediation also helped solve the problem.
Workloads are easy to spin up, but flows in and out of your applications still need protection. This requires application-layer protection at the data plane, to ensure data is secure in transit.
Security for Data at Rest
Today, applications are built with UIs, APIs, databases and object storage. To secure data at rest, you need to protect Amazon S3 buckets from misconfiguration and malware with advanced threat protection.
Even with the compute and storage provided by AWS, we needed a strong mesh of service regions to support our customers. To fill the need for a very strong, stable, expandable network, we relied on AWS as the backbone, benefitting from its SLA, and built our transit VPC using cloud-generations firewalls.
There are primarily two personas currently moving to the cloud: software engineers and risk professionals. There’s a natural friction between building fast and staying secure, but we need the balance that both groups provide. We need to be sure the builders don’t go out of control when it comes to security and we need to be sure the security pros don’t implement so much control it slows down development.
Despite technical challenges, competing business interests and plenty of unexpected twists and turns, your journey to secure cloud adoption is possible with planning, preparation and innovation.
Opinions expressed in the article above do not necessarily reflect the opinions of Data Center Knowledge and Informa.
Industry Perspectives is a content channel at Data Center Knowledge highlighting thought leadership in the data center arena. See our guidelines and submission process for information on participating.