Cloud architects in the Asian region are facing challenges in their attempts to integrate disparate clouds into their infrastructure. These challenges often arise due to the decentralised nature of cloud adoption within organisations, mirroring the global trend.

Regularly, these challenges stem from the fact that individual teams and departments have created cloud environments from the bottom up. Very often, these are isolated solutions from different SaaS (Software as a service)/cloud providers for dedicated problems.

As a result, many companies now have patchwork cloud environments without any particularly systematic approach. A further pain point in cloud optimisation is the diverse levels of regional adoption – given that Asia is a vast and diverse continent with varying levels of cloud adoption across different countries and industries.

Cloud providers must grapple with the deployment of geographically cost-efficient data centre locations and differing regional compliance, regulatory requirements and trends. Cloud users need the best performance and greatest reliability in their connections to cloud resources, wherever they are based, at an acceptable price.

Unexpected extra costs, such as “cloud egress” costs (the fees a cloud provider charges you to transfer data out of their cloud when shifting any data from one cloud environment either back to their own infrastructure or onto other clouds) add a further headache.

To add insult to injury, it is now becoming clear that, due to changes in business processes, data and workloads holed up in one cloud environment are essential for systems and applications running in other clouds within differing regions in Asia. This decentralised adoption is influenced by the diverse market conditions across Asian regions, resulting in patchwork cloud environments using services from different Asian and global providers, which cannot interoperate per se.

An oversimplified conclusion might be to revert to a single-cloud policy and build everything anew on one cloud provider’s infrastructure. But even cloud-native companies that use a greenfield approach (starting off with a one-cloud strategy), not to mention companies that have migrated from legacy to the cloud, reach a size where a multi-cloud strategy becomes a commercial and operational advantage.

A single-cloud policy is a recipe for vendor lock-in and represents a single point of failure for critical business processes. So, robust multi-cloud is the advisable option. Therefore, the clouds need to be made interoperable.

In a nutshell, a process of translation between the infrastructure of cloud providers is necessary. Interoperability is needed on all of the software layers, as well as – perhaps most fundamentally – on the network layer.

Achieving interoperability on the software layers is a task for SoftwareDev or DevOps – e.g., including whether the data formats fit, whether the same data structure and business logic are being used, whether there is an API (Application Programming Interface) in place so that the software components can interact with each other, and for the interpretation of data.

However, in this article, we will focus on how to create a harmonised cloud environment on the network layer, offering the resilience and flexibility of hybrid and multi-cloud combined with the ease and latency of a single cloud.

Connecting to clouds via the internet — limited security and controllability, plus hidden costs

There are only a few methods for connecting clouds to one another. Firstly, it is possible to purchase Internet gateways from each of the cloud providers available in Asia and have the data (randomly) traverse the public Internet to get from one cloud to the other. In this scenario, there is no control of data paths, performance, or security, an unacceptable risk for critical data, workloads, and systems.

This raises concerns about the limitation in both security and control within the Asian region, given its diverse regulatory landscape and the importance of data sovereignty. A more secure method would be to set up virtual gateways for each of the clouds being used and deploy a VPN (e.g., IPSec) tunnel between the clouds.

Also Read: Beyond the cloud: Entering the Web3 horizon for greater security

This encrypts the traffic, but the data still needs to flow over the public Internet. Latency can, in this scenario, become unacceptably high, resulting in poor performance, time-outs with potential data loss, increased overhead to manage many end-to-end tunnels, and a lack of connectivity resilience.

What’s more, cloud egress costs are substantially higher when the data traverses the public Internet. Companies operating in the Asian region should carefully evaluate their cloud connectivity strategies, considering options like local/regional peering points and content delivery networks to mitigate the financial burden associated with data egress costs.

Direct connectivity to clouds for seamless, secure, and cost-efficient data transfers

A more robust option, suitable for handling sensitive company data, is to implement direct connectivity on the IP layer using the direct connectivity service of the respective cloud provider (e.g., Azure Express Route, AWS Direct Connect, etc.).

Each cloud provider offers its own direct connectivity service, and their cloud egress charges are much lower over this service than for data transferred over the public Internet. In fact, it has been conclusively demonstrated that it is less expensive to use private network connectivity to clouds if the company has more than a mere 25 megabits per second (Mbit/s) of traffic. Once a company exceeds this amount, the private connectivity pays for itself.

In this scenario, the data pathway is controlled to the handover point to the company network, and the public Internet is bypassed. This enables flexible bandwidth scaling, increases security, reduces latency, and eliminates the pain point of high ingress fees.

The easiest and fastest way to directly connect to multiple clouds is via a distributed Cloud Exchange, as it is possible to access all clouds at once with one single connection to the exchange. If the company has servers and routers set up in a colocation facility that has Cloud Exchange capabilities enabled, a simple cross-connect to the Cloud Exchange platform is all the company needs.

If the company infrastructure is in a non-enabled data centre, then connectivity can be purchased to the exchange, and from there, a single access again suffices. Once Southeast Asian companies take the initiative to connect to a distributed Cloud Exchange platform, then it is possible for them to interconnect directly and securely with each specific cloud provider.

Best practices for cloud connectivity

Directly interconnecting with cloud networks in this way is a best practice in itself, whether we are talking about a multi-cloud setup or a hybrid-cloud scenario. Such a scenario can be combined with SLAs (Service Level Agreements) and performance guarantees, and cloud egress costs can be reduced by 50 per cent or more compared to transporting data via the public Internet.

A possible further optimisation is to interconnect the clouds with each other using direct connectivity. Some Cloud Exchanges offer a virtualised cloud-routing service, which interconnects the direct connectivity services of each cloud provider directly on the platform, ensuring the shortest pathway between the clouds.

This offers the lowest latency between the different clouds, ensuring seamless, secure, and the most cost-efficient data transfers between clouds. For pure cloud2cloud scenarios, it is not even necessary to have an infrastructure in an enabled multi-tenant data centre because some cloud-routing services can exist both as stand-alone connectivity between clouds or as part of a hybrid-cloud setup to connect private on-premises equipment.

Having set up direct connectivity to and between clouds, one last step from the network perspective would be to clarify the need for encryption. Some cloud service providers offer encryption through the edge of their network, others do not.

Also Read: How to manage multi-cloud complexity: A strategic guide

Here, IPSec offers a good possibility to encrypt data through to the company’s cloud environment, if required. In addition, MACsec can be used to encrypt the connection between the company’s and the cloud provider’s network devices.

Conclusion: Finding pain relief for cloud headaches

In order for Southeast Asia and other regions of the Global South to gain an equal footing in the global digital economy, they require a comprehensive set of policies that prioritise economic development while also taking into account sovereignty issues.

In terms of data sovereignty relating to the cloud, a cloud-routing service, which can either be booked directly over a Cloud Exchange or by going through a systems integrator or managed service provider (MSP), is an excellent way to alleviate the insufficient performance between two applications running in different clouds.

A cloud-routing service can be connected directly to the company infrastructure, ensuring that all data moving to, from, and between clouds flows over the cloud providers’ direct connectivity service, also dealing with the discomfort of high cloud egress fees.

Beyond that, the benefits of routing between clouds include having a secure, virtually dedicated domain so that packets do not traverse the public Internet. The company is also no longer vulnerable to vendor lock-in because it is much easier to move workloads from one cloud to another.

Finally, a cloud router also makes it much easier to take a “best of breed” approach: to take services from, say, five different cloud providers without the need to worry about the network layer. It simplifies the management of multi-cloud and hybrid-cloud scenarios so that attention can instead be focused on business objectives.

Once Asian companies recognise the importance of direct connectivity as part of their cloud strategy, it will enable them to move forward with their digital transformation strategies. The result will be that cloud usage will be advanced, and enterprises in Southeast Asia will have a level playing field on par with infrastructure outside of the Asian region.

—

Editor’s note: e27 aims to foster thought leadership by publishing views from the community. Share your opinion by submitting an article, video, podcast, or infographic

Join our e27 Telegram group, FB community, or like the e27 Facebook page

Image credit: Canva

The post Connecting clouds in SEA: How to ensure interoperability in the hybrid and multi-cloud context appeared first on e27.