The Importance of Intelligent Network Automation in Hybrid Cloud Environments

The Importance of Intelligent Network Automation in Hybrid Cloud Environments

By Special Guest
Ashraf Sheet, Regional Director MEA at Infoblox
  |  February 27, 2017

When you consider the lower infrastructure cost, greater agility, and improved security they offer in comparison to public clouds or traditional client-server architectures, it’s no surprise that a growing number of organizations are investing in hybrid clouds and virtualized, automated data centers.

Indeed, Forrester (News - Alert) recently carried out a survey of enterprise infrastructure technology decision-makers which revealed that more than half (59 percent) of businesses are set to adopt a hybrid cloud model in the next 12 months.

Making the transition from a public or private cloud to a hybrid model means that organizations will have to operate in a multi-cloud, multi-platform environment which will often include traditional on-premises components in conjunction with Microsoft Azure, Amazon Web Services (News - Alert) (AWS), and other OpenStack cloud technologies.

However, while cloud brings tremendous speed, business agility, and cost savings, by offering an automated process for spinning up storage and compute, network configuration like DNS across hybrid environments is often complex and still managed manually.

In this new cloud environment, manual processes around DNS, DHCP and IP management, collectively known as DDI, can often have a negative impact on cloud agility. In addition, such legacy approaches can cause inconsistencies across hybrid deployments, and an increase in vulnerabilities that can lead to outages, security breaches and a poor experience for end-users.

Legacy DNS infrastructure, for example, is one of the most exploited parts of a network, and can often be the hidden crack in the foundation that derails a business; especially one using dynamic, next-generation initiatives such as public and hybrid cloud. As illustrated by the case of the Millennium Towers luxury high-rise in San Francisco, a problem at the foundation can be hard to diagnose, and can have a costly, devastating impact on the wider infrastructure.

To avoid such an impact on a network’s security, integrity and efficiency, it’s important for organizations to consider the benefits of investing in a

Ashraf Sheet, Infoblox (News - Alert)

unified platform to centralize the management of the core services that lie at its foundation.

A promise far removed from reality

The differences between spinning up a new compute instance and actually getting a working instance on to a production network, into service, and in sync with the traditional network infrastructure, can mean that the hype and promise of the cloud is often far removed from reality.

Automation of core DDI network services in the cloud can often lag behind compute and storage processes, which can delay application rollout and can increase the number of inconsistencies in network policies.

If DNS and IP addresses in the cloud aren’t being managed from a central resource, IT teams may find themselves faced with an incomplete and out-of-date view of their networks, their virtual private clouds (VPCs), IP addresses, and the DNS records being assigned. The use of multiple platforms in the hybrid environment also means that there is no correlation and consistency of common resources such as DNS zones and networks.

For example, while the virtualization component may be handled by the server team, a different team entirely may be responsible for all the network aspects. As a result, the network team may have no visibility into virtual machine (VM) resources as they’re created and destroyed, which makes it difficult for them to link these to automated set-up and configuration tasks.

Indeed, without this visibility, and the lack of up-to-date and accurate information on which IP addresses and DNS records are assigned to which VMs at any given time, there’s very little point in networking teams even attempting to comply with audit and security policies.

Various different factors such as applications, locations, and users need to be tracked for VMs and networks, IP addresses and DNS zones but, while most server admins will have access to this information, it’s likely that most networking teams won’t. A reliance on using manual methods for the creation and deletion of VMs will result in their responses being slow.

Arguably one of the main attractions of cloud deployment - the promise of rapid delivery - can be hindered by the time it can take for the manual provisioning of DNS records and IP addresses in a virtual environment. It may sound simple, but without a DNS entry, those virtualized resources cannot be seen on the network.  And if they can’t be seen, they can’t be used.  If you can provision resources in a matter of minutes, but have to wait days or even weeks to get them in use, you’re not getting the value from your investment in cloud technology

What’s more, the possibility of a potentially costly network outage caused by unreliable DNS, DHCP and IP address management services can pose a significant threat to any organization, with risks that extend beyond just the network itself, as evidenced by recent news headlines.

The foundation of any organization

Those organizations with clouds running critical workloads or spanning multiple different geographical locations require a foundation of highly available and secure DDI services to provide them with the scalability and resilience they need to perform effectively.

A centralized platform is required that will deliver greater automation and visibility, and help to control, secure, and analyse next-generation data centers and cloud environments.

Improving resource planning and reducing security risks, the automation of DNS provisioning as part of existing workflows, and the clean-up when VMs are destroyed can eliminate unnecessary manual processes and trouble tickets. As a result, the bottleneck most commonly affecting successful cloud application implementation and rollout will be removed, and hybrid cloud deployments can be optimized to meet an organization’s particular needs.

In order to avoid any blind spots and incongruent views within the network, the consolidation of different terms and naming conventions via a single, unified console allows virtual machines and network components to be discovered and tracked across disparate platforms and cloud environments. The destruction of a VM will automatically be documented, its DNS record cleaned up, and its IP address released, ensuring that all appropriate information is accurate and up-to-date.

One further benefit of having this current and historical visibility into an organization’s network is that it will enable more efficient auditing of its virtual resources for compliance purposes.

Furthermore, distributing authorization for permission can empower the workload of individual departments within an organization while maintaining complete oversight and control of the hybrid cloud as it evolves.

The network is the foundation of any organization, and keeping that network strong, stable and secure should be a top priority as more businesses transition to a hybrid cloud environment.

Making it fast and easy for IT teams to take charge of core network services and security through one unified platform will strengthen and secure that foundation, increasing business speed and agility, and will allow organizations to embrace the opportunities this new paradigm represents. 

Edited by Alicia Young