According to recent research from Flexera, 92% of enterprises have a multi-cloud strategy. However, according to Cisco, network teams are struggling to keep up with the pace of cloud change, with 73% of networking teams spending more of their time maintaining the status quo rather than focusing on multi-cloud deployments. Today, we’ll be looking at how you can get visibility into multi-cloud deployments and overcome some of the key challenges by reviewing six use cases, which include cloud network and application visibility, hybrid IT, security incident response, cost consumption, cloud migration, and application visibility control.
First, let’s start with some of the challenges of public cloud. Network engineers have traditionally found it difficult to visualize how traffic traverses cloud networks. It doesn’t easily map to the typical mental model. There’s a lack of end-to-end visibility in a single pane of glass to understand application traffic from on-premises to the cloud and vice versa. For example, network engineers need to be able to understand how cloud entity instances – like EC2 instances or other virtual resources – communicate with one another in the same subnet. And there are other challenges with Inter-Availability Zone traffic to understand how the back-end application communicates with cloud database services in another AZ.
Furthermore, on-prem to cloud visibility is important as traffic traverses Virtual Private Gateways. There are challenges with visualizing how internet traffic goes in and out of a VPC or VNET and how to verify that everything remains secure. Along those lines around security, there are difficulties in validating security configurations (e.g., ACLs) with real-time accepted/rejected traffic in a format that’s simple and easy to explore and explain.
Let’s look at some use cases in more detail.
1) Cloud network and application visibility: Engineers struggle to visualize how cloud traffic is flowing and behaving because existing products and tools do not match mental models. Users should consider a solution that visualizes this data, giving teams the mental model of network users and clearly showing applications, paths, and the interfaces they traverse. This gives network admins more visibility into what applications are primarily going through cloud deployments, and the bandwidth and utilization of what and how applications are traversing through different segmentation tunnels across regions.
2) Hybrid IT: It’s hard to provide an end-to-end path for an application that goes from an on-prem network to cloud and vice versa. Users should consider a solution that has end-to-end path analysis of applications from on-prem to cloud on a single screen workflow, but that can also triage issues and focus troubleshooting efforts based on on-prem or cloud or in-between. Monitoring solutions that provide a hop-by-hop analysis for end-to-end application for path examination is important, along with analysis of KPIs such as application and network latency, utilization, packet loss, QoS configuration, and VoIP performance. A networking monitoring solution should also support day two operations like monitoring, troubleshooting network, and application behavior.
3) Security incident response: It’s often not clear which traffic is getting accepted or rejected due to a mismatch of the mental model. Users should consider a solution that can identify the origin and destination of traffic into and among VPCs and visually determine if certain traffic is accepted or rejected. This allows network operation managers to analyze their network security definitions from required vs. rogue traffic and get reports and alerts on unwanted applications that might be traversing the network. Once an intrusion is found, network admins need a recording of the activity of the network packets to determine both the fingerprint and the extent of the breach. Monitoring solutions that can provide the extra capability to capture and store every packet is helpful. Armed with the packet data, admins can respond quickly and confidently.
4) Cost consumption: The lack of ability to slice and dice network traffic in n-dimensions for deep analysis costs time and money. Users should consider a solution that measures bandwidth utilization of applications, services, and internet gateways and can compute baselines and trends. This allows network operations to manage the type of cloud-hosted services (email servers, conference solutions, etc.) that are using most of the bandwidth to the cloud. That can then be compared with least used services and the service solutions redesign based on utilization. This enables IT teams to measure the performance and utilization baselines of cloud applications and services against trends over time to facilitate application and services capacity planning and optimization.
5) Cloud migration: A lack of understanding of pre-and post-migration KPIs, historical baselines, and the ability to measure them precisely impacts cloud migration. Users should consider a solution that has application and services visibility, that measures bandwidth usage and application performance baselines pre-deployment, and validates bandwidth and performance post-deployment. Cloud migrations vary greatly depending on a company’s needs and objectives. Whether migrating limited portions of your enterprise systems (such as a few specific databases or servers) or an entire application stack or datacenter, NetOps teams need a clear understanding of pre- and post-migration KPIs. Network monitoring solutions that provide the ability to accurately measure historical baselines and changes over time are key to understanding this.
6) Application visibility control: Migrating applications from the core network into the cloud is often challenging. NetOps teams need a deep understanding of the application’s current state before designing or redesigning the network and need to confirm that everything will work as intended post-migration. Network monitoring solutions that provide application and service visibility allow teams to measure bandwidth usage pre-deployment (while the application or service is still on-premises) and leverages topology visualizations to identify application paths to help plan the migration effectively.
There are lots of challenges NetOps teams encounter when monitoring the public cloud. Hopefully, these six use cases help shed some light on how to overcome some of them. As the industry moves forward, it's important that solutions consume more data at a more granular level. It’s also important to allow teams to look at deployments globally and then drill down to a location, a single hop, a packet, or even a phone number. End-to-end visibility of application and network performance from on-prem to the cloud is critical for efficient and accurate network monitoring.
Jubil Mathew is a Technical Engineer at LiveAction.