A Tutti Frutti Vanilla Cloud Recipe


Cloud computing is a simple dish. A single ball of cloud computing in the form of a basic cloud service instance including compute, storage, analytics, and other functions is essentially a vanilla-flavored dish. But like any relatively pristine surface, a simple vanilla spoonful of central cloud paves the way for accessories, upgrades, and embellishments.

There is a lot of sense in this approach, i.e. cloud service providers (CSPs) offer specific optimizations to align bespoke clouds in one direction or another, but these specialties are still considered factory-made alignments that position a cloud one way or the other. another before it hits the real (okay, virtualized) world of use.

Getting the cloud fixed and ready for production workloads — especially in heavily regulated industries like financial services and healthcare — takes a bit more finesse and flavor.

Starting point: landing zones in the clouds

There are a number of general components that every cloud will exhibit, regardless of the workload it will be deployed with or the services it will be interconnected with. Technologists like to call these elements of the cloud “landing zones” and here we can count a few examples.

Chris Astley is Head of Connected Engineering at KPMG UK. Explaining that monitoring platform configuration will be central to any organization’s initial landing zone definition, Astley says companies need to have a strategy early on to automate this function; it is part of what the company should have in its “policy as code” or “continuous compliance” framework and manual.

“It’s about understanding how a business will monitor and fix misconfigurations, enforce correct configuration, and loosen the framework for new services,” Astley said. “Deeper in the aromatization process, a company will need to think about how its cloud estate integrates with enterprise-wide security tools such as vulnerability management, breach detection and analysis. threats, security operations centers (SOCs), etc.”

He discusses networking and indicates that companies will need to plan for a highly separated and distributed network in their cloud estate.

Drawing on experience gained from working on a large number of implementations, the KPMG team emphasized how important it is to understand an organization’s integrations – with on-premises installations (not just a center data but desktops, for example) and other cloud services that the business can consume in a Software-as-a-Service (SaaS) model. Companies will need to plan how new services deployed in the cloud will achieve secure and high-performance connectivity.

Navigate the separate distribution

“As the ingredients and flavors grow, let’s also make sure we integrate identity and access management (IAM) – and make sure it’s suitable for a cloud context. Lots of on-premises tools will not naturally fit into a cloud environment; indeed, it will not focus on IaaS (infrastructure) and PaaS (platform) services in the cloud, which are often the most valuable, so new tools could be Even with IaaS, it’s likely that the nature of a cloud environment will be highly segregated and distributed, so again, a perfect tool for an on-premises data center is often ill-suited,” Astley clarified.

As we move towards a cloud that’s more textured, richer in ingredients, and hopefully more palatable, we can start thinking about strengthening the business foundation. In cloud terms, if we’re being fancy, we could call these tools operational resiliency functions; likewise, we might simply call it backups, failovers (i.e. moving to redundant standby systems), and disaster recovery (DR) technology.

Tutti frutti – all the ingredients

As we begin to build the tutti frutti multi-ingredient cloud, KPMG’s Astley warns us not to think of each landing zone as a singular solitary thing. He explains that, in a cloud context, it is far better to have a set of basic components, in code (Infrastructure-as-Code, or IaC), which can be instantiated to form new specific landing zones. workloads or applications that a business is looking to deploy.

“This separation of core areas has benefits in terms of segregation of duties and the ability to run teams in parallel, while remaining cohesive and compliant,” he said. “Then there will be service-specific workload or activities related to many of the above. In particular, whenever a new service at a cloud provider is to be consumed, we will need to incorporate it into our policy as ongoing compliance code/frameworks and implement the necessary policies. If it was done in an easily scalable way, it should be a very short time to achieve (days, not weeks or months).

We also need to think about how we configure our cloud-scale components, as this is critical to the pace of development of the workloads that are deployed. They must be easily consumable and, most importantly, their use must come with a “license to operate”, which by default means that the workload is fit for purpose. This takes a huge amount of time out of development cycles and relieves insurance functions.

Extra sauce, multi-cloud layers

According to KPMG’s Astley, as soon as we apply a multi-cloud layer, new considerations come into play, such as how to avoid duplication of effort; How does our workload distribution strategy keep pace and, from a policy and security perspective, how do we ensure consistent reporting and incident response capability?

Fortunately, there are good solutions to these challenges that don’t impact value, but most importantly, they should be considered upfront with an organization’s first cloud to get the most out of it.

The KPMG team tells us that we need to keep the orchestration tools platform independent. A company needs the platform’s native services to to assemble data, but have a central location to store and produce dashboards and reports. The business can then again leverage cloud-native services to automate much of the incident response such as availability/downtime, security, etc.

“When using a platform-specific service on a particular workload or project, do so consciously. These services, especially some of the data storage/processing and artificial intelligence services, offer the most value from cloud providers, and therefore should be encouraged, but the loose coupling of your application to these services can be influenced, which would greatly facilitate any future migration to another cloud,” Astley concluded.

Building the enriched, augmented, and extended tutti frutti cloud is a logical step for all organizations, but they must first order vanilla and then research the flavors that suit the current implementation.

Chocolate sprinkles anyone?

Previous Penn State Transportation Services will increase on-campus parking permit rates starting July 1 | University Park Campus News
Next Live Covid-19 updates: cases, mask mandates and vaccines