In early June 2021 Cisco announced its vision for the Future Cloud. This vision comprises two distinct elements – UCS, a unified hyperscale computing infrastructure and tools to provide end to end observability of hybrid cloud services.
Hybrid Management Challenge
As organizations adopt a hybrid IT delivery approach this increases the challenges of managing and securing the different elements. Some of which are delivered as cloud services and some in other ways. Usually, these different elements need different management and security tools and, where hundreds of applications are being delivered, this imposes a significant management burden.
In response, some cloud vendors have started to offer tools that extend beyond their own cloud. A more widely adopted approach is the use of VMware; this is supported by a wide range of clouds and provides common tools that can be used wherever it is deployed.
Cisco Infrastructure for Hybrid IT
Cisco’s approach to this challenge is UCS. According to Cisco – this is a programmable self-aware, self-integrating system based on the concept that infrastructure is code. Servers are designed to be stateless, with their identity, configuration, and connectivity extracted into variables that can be set through software. This enables management tools to help guarantee consistent, error-free, policy-based alignment of server personalities with workloads.
UCS is supported by Cisco Intersight which is an SaaS management tool that provides a single control point for the complete hybrid USC. On paper this provides a solution to a real problem however, it depends upon the customer choosing Cisco products to get all the benefits.
The Network for the Hybrid Cloud
The network is the key enabler of the hybrid cloud. The availability of wide area high performance networks is what has made practical the remote delivery of business-critical services. Indeed, the large CSPs (cloud Service Providers) have all invested heavily in their own private networks as a critical part of their service infrastructure.
In addition, the new 5G mobile networks are widening the availability of high-performance connectivity into new use cases including manufacturing, logistics, and travel.
The app on the end user device is just the tip of the iceberg – the app depends upon the work done by the distributed services that provide the functionality. Therefore, the end user experience is becoming dominated by the performance of the networks that connect these services. While the performance of CPU, RAM and storage are still important for the individual services, the end user experience is determined by the end-to-end performance of the networks.
Governing the Hybrid Cloud Network
While the performance of hybrid IT services is dependent upon the network much of the network involved will be outside of the direct control of the business. This makes it important to take a governance-based approach with clear service level agreements supported by measurement of delivered performance.
The end-to-end network traversed by a transaction delivered from a hybrid deployment may involve a mobile network (radio and backhaul), the public internet, the in-cloud network, the connection to the organization’s data centre as well as within it. Identifying where unacceptable delays, that are outside of the agreed service levels, are occurring is not a simple task.
This challenge is increased by modernised applications which exploit multiple distributed containerised services. What used to be a subroutine call on a server is now a service request, and the performance of this this depends upon the network. One business transaction now involves a web of service interactions. This architecture also increases the attack surface since, these services themselves are points of vulnerability if not properly protected.
Cisco ThousandEyes
Cisco’s response to these challenges is their ThousandEyes Platform. According to Cisco this combines a variety of active and passive monitoring techniques to provide insight into the end users’ experience across the applications and services. As well as monitoring enterprise network performance though locally installed agents it also exploits pre-deployed software vantage points across the globe to provide real-time internet outage detection. The platform enables enterprises to monitor and measure the end-to-end network performance to identify bottlenecks. It can also help to detect abnormal traffic patterns that could indicate security compromises.
What about SASE?
There are various vendor definition of SASE (Secure Access Service Edge). Cisco defines it as “Secure access service edge combines networking and security functions in the cloud to deliver seamless, secure access to applications, anywhere users work.” Although Cisco did not focus on SASE in these announcements the distributed nature of a service based architecture means that the service edge, if it exists at all, is highly complex and hence will be increasingly difficult to manage and secure.
Opinion
Cisco has correctly identified some of the key challenges from the hybrid IT delivery model that is now commonplace in organizations. A common approach to managing and securing the heterogeneous components of this infrastructure is a major headache.
However, UCS adds yet another flavour to an already crowded field and Cisco Intersight depends upon the use of UCS. Organizations need to consider UCS in the context of the wider market including vendors such as VMware, popular open-source solutions such as OpenStack, other hyperconverged infrastructure products, as well as emerging hybrid IT management tools from the major cloud vendors.
In contrast Cisco have correctly identified the network is a critical element of hybrid deployments and that it has the potential to become the major performance and security concern for modernised application architectures. In this context their ThousandEyes platform is very relevant to the governance of networks in a service-oriented hybrid architecture.
Some relevant links: