Cloud computing is now more than a decade old, and yet it continues to evolve rapidly as new services come to market, foundational services mature and migration to various clouds accelerates. A recent Forbes article observed that “It’s a multi-cloud world, after all” as if cloud diversity was a new concept. In practice, most enterprises now understand that no single cloud provider can meet all their business requirements. In fact, an IBM Institute for Business Value survey found that 98 percent of organizations plan to adopt multi-cloud architectures by 2021, even though only 41 percent have a multi-cloud management strategy and even fewer have adapted their processes and tools for multi-cloud operations.
Multi-cloud computing, as the name implies, typically refers to solutions that combine two or more distinct clouds from at least two providers (this often means Amazon AWS and Microsoft Azure), though no standard definitions exist yet. In its simplest form, multi-cloud is simply any collection of clouds, which could be shadow IT or even access to public resources in separate regions delivered by one provider. A hybrid cloud environment connecting a private cloud to a public cloud could also be classed as a form of multi-cloud solution. The most strict definition argues that a multi-cloud environment has to include interoperability and portability across the component clouds. These combinations of clouds are illustrated in Figure 1.
Figure 1. Multi-cloud patterns
When considering enterprise needs, cloud IT architects increasingly will have to determine why a multi-cloud architecture is needed and, if it is justified, how multi-provider operations, security and identity management can best be achieved. Strategic IT leaders should also question whether multi-cloud is a sign of a maturing technology or just a marketing tactic that is leveraged by second-tier cloud providers.
The cloud journey so far
At its inception, public cloud computing disrupted traditional IT by offering an alternative to corporate data centres hosting server-based licensed software with technical support delivered by in-house experts. Today, providers such as Amazon Web Services offer a wide range of services including, compute, storage, databases, analytics, networking, mobile, developer tools, management tools, IoT, security and enterprise applications. The value proposition of cloud computing has gone well beyond simple cost savings to become both a source of, and an enabler for, enterprise IT innovation (using born in the cloud technologies such as cloud native computing, for example).
Cloud service providers can supply Infrastructure-as-a-Service (IaaS) resources and Software-as-a-Service (SaaS) applications separately and in various combinations, but enterprises aiming for “best of breed” business solutions or wishing to avoid vendor lock-in are now endorsing multi-cloud options and are looking for multi vendor tools and support. The diagram below outlines one possible multi-cloud scenario that no single cloud provider could deliver on their own. In this example, each business area has requirements for specialized services: the Microsoft Office 365 office suite; Shopify for point of sale functions; Salesforce customer relationship management; Oracle financial systems; and Workday human resource services. Other cloud providers may also be used to deliver other functional requirements, such as web portals, data archives, backup storage, development and testing platforms, business analytics, mobility and security-as-a-service.
Figure 2. Multi-cloud scenario
The most common multi-cloud implementations are: siloed applications (multiple SaaS applications from different providers that run independently of each other); compatible platforms with workloads spread across multiple clouds; and, hybrid infrastructures (resources) that enable services such as workload failover, off-site backup, distributed processing or cloud bursting. VMware Cloud on AWS,announced earlier this year, for example, claims to offer consistent and interoperable infrastructure and services between VMware-based customer datacenters and the AWS cloud, including access to AWS services. In these early days of multi-cloud maturity, however, most multi-provider systems would not be ‘plug and play’.
The case for multi-cloud
As basic cloud benefits are now well-recognized, many enterprises have adopted a ‘cloud first’ strategy that gives preference to cloud-based solutions. Although multi-cloud can provide all the benefits of a single provider cloud architecture, the business case is not clear-cut if this approach results in an uncontrolled proliferation of providers, the lowest common denominator in terms of services and if it adds to the complexity of administration and management. A strategy that accommodates a multi-provider environment, however, can offer advantages such as the avoidance of vendor lock-in, active disaster recovery, a choice of ‘fit for purpose’ models, better geographic coverage (e.g., different providers in different countries) and the ability to better optimize performance and cost.
In some cases, a multi-cloud environment is the unintended consequence of either a corporate merger or acquisition or, as in the figure above, customer determination to select best-of-breed applications. When legacy systems must be accommodated, this can lead to the need for hybrid solutions that intermix public and private clouds with collocated or on-premise systems. An additional scenario occurs in the public sector, where organizations must have a Vendor of Record arrangement that includes more than one authorized cloud provider. Today, no single cloud provider supports all possible service requirements; hence, a multi-cloud environment can easily become a business necessity.
A multi-cloud strategy is analogous to a multi-vendor policy for traditional IT: it helps to reduce reliance on any single provider, it expands the range of available design options and it can protect against major outages. For some enterprises, though, the benefits of having a single provider that is fully accountable for operational excellence can outweigh the advantages of multi-cloud.
Challenges of multi-cloud operation
Multi-cloud environments can present a variety of technical and managerial challenges, not the least of which is the increase in management complexity. There may even be reluctance on the providers part to embrace multi-cloud since there is not much incentive to make it easy or convenient[MA1] .
One of the biggest challenges is the gap in expertise that arises when the technical details of each service and resource are different. Multi-cloud risk can be even more significant if the IT department is unable to control the end user’s provider choices (i.e., shadow IT is in play).
Data management is especially critical in a multi-cloud environment. Data can easily become fragmented or duplicated across multiple storage services, resulting in significantly higher cost of operation if the same data is stored, or to be transferred repeatedly among the different providers. Policies around data privacy, security, sovereignty and retention could also constrain the way multi-cloud solutions are built.
Financial management is another major challenge. Significant differences in pricing models, billing formats and discount options will make consolidation of payment difficult. Cost modelling and verification are non-trivial exercises both during initial solution planning and when monitoring usage for cost optimization. As an example, splitting usage across multiple providers may reduce or eliminate volume-related price discounts.
Operations and administration is more complex with multiple providers, as these have different Service Level Agreements and service metrics which impact performance management. Coordinating moves, adds and changes across providers can take time to complete and would entail additional risks.Even when terms and conditions are aligned and the targets are consistent, challenges can arise if policies, standards and reporting vary. Updating management and automation tools to support multi-cloud operations will be an important challenge for enterprises.
In a multi-cloud environment, it can be more difficult to hold a provider responsible for incidents, given that multiple clouds may be involved. An integrator, broker or other intermediary could serve as an impartial arbitrator but this adds even more players to the game. Similar issues also apply to security-related functions – providers usually only take responsibility for their own services. The additional components and interfaces in a multi-cloud solution can lead to a larger attack surface and more vulnerabilities. Having more "moving parts" in the multi-cloud solution can create resiliency issues.
Establishing a multi-cloud environment
David Colebatch, chief migration hacker for Tidal Migrations and an expert in the complexities of cloud migration, believes that “multi-cloud is real and inevitable for all enterprises, but the‘single-pane-of-glass’ management concept is still a mirage.” According to Colebatch, Tidal Migration’s leading customers are “adopting cross-cloud tools such as Terraform for infrastructure-as-code and Divvy cloud for policy-driven automation of security, compliance and cost governance. Tools such as these are being built to run on many clouds, especially Amazon Web Services, Microsoft Azure and Google Compute Engine."
Still at the early stages of its maturity curve, multi-cloud computing nevertheless promises to deliver next generation cloud computing and support cloud native applications. Multi-cloud environments can be complex, but steps can be taken to increase the chances of successful implementation. Education is key: knowing the various products, the tools that are being used and how they can work together is critical. A next step involves defining a multi-cloud architecture and migration roadmap to plan service choices, as opposed to leaving it to whoever wins a tender. Businesses should avoiding service duplication, but where ever possible, sharing resources to minimize costs in a multi-cloud architecture. Perhaps the most important step, though, is to ensure that multi-cloud management, security and governance requirements are included as part of the initial designs, not bolted on after the fact.
The scale, distribution and complexity of hybrid multi-cloud systems makes automation almost mandatory – manual processes and decision-making are simply not adequate to maintain performance and quality. The good news is that multi-cloud management products are started to become available. For example, in October 2018 IBM launched its IBM Multicloud Manager, which is designed to make it easier to manage, move and integrate applications across different cloud computing infrastructures. At VMworld 2018, VMware launched a set of SaaS-based automation tools - Cloud Assembly, CloudService Broker, and Code Stream - for managing applications and infrastructure spanning multiple clouds.