Cloud Journey: Starting with Enterprise Scale — Part 3

Photo by Science in HD on Unsplash

(PART 1: Isolate cloud infrastructure for IaC Automation)
(PART 2: Organisation structure and hierarchy in the cloud)

PART 3: Single control and management plane

The next challenge would be to define “How to operationally maintain an enterprise estate with centralized management and monitoring at a platform level”

As the number of business units and teams looking to scale on the cloud. Organizations must undergo operational and organizational transformation to ensure consistent deployment, monitoring, and configuration.

We would look at various approaches available

• Hub-Spoke model
• Multi-cloud scenario

Hub and Spoke

Hub and spoke is a networking model for efficiently managing common communication or security requirements. It maintains the Separation of concerns. You can deploy individual workloads between central IT teams and workload teams.

Simple hub and spoke setup (drawn using draw.io)

Example of setting up resource in azure

• Logging: Centralised logging is configured with a log analytics workspace for all the resources.
• Security Center: Regulatory compliance for resources is monitored from a single security center dashboard.
• Policy: Policy compliance is monitored at the root management group level.
• Cost: Cost is monitored for all the subscriptions centrally at the root management group level.

Azure resource view for hub-spoke setup (drawn using draw.io)

AWS Hub Spoke Setup — Documentation 1 Documentation 2
Azure Hub Spoke Setup — Documentation
GCP Hub Spoke Setup — Documentation

Multi-cloud Scenario

The complexity of achieving single management and control plane increases as we bring in hybrid and multi-cloud resources. Setup of Networking is Complex in Multicloud Environments.

To achieve a single plane :

1. Use Google Anthos / Azure Arc.
2. Use abstraction layer with developer portals like Spotify Backstage, Lyft Clutch, or third-party tools.

Google Anthos / Azure Arc

Microsoft and Google have been pushing new features to Azure Arc and Google Cloud Anthos respectively. Making it easier to manage resources across cloud providers.

These tools enable single monitoring and control plane, provided that we either use Google Cloud as the primary cloud provider in the case of Anthos or use Azure as the primary cloud provider in Azure Arc.

With the use of either tool, you can retain the organization hierarchy and maintain central monitoring at the root level.

Azure Arc

Hybrid infrastructure architecture including non-Azure resources via Azure Arc

Google Anthos

One multi-cloud management layer for all your apps

AWS Outposts focuses solely on the on-premises use cases. Moreover, by using hardware provided by AWS itself, Outposts effectively prevents multi-cloud scenarios and even the use of your own hardware. Refer

References

• https://cloud.google.com/blog/topics/hybrid-cloud/three-ways-google-cloud-delivers-hybrid-and-multicloud-today
• https://techcommunity.microsoft.com/t5/itops-talk-blog/azure-arc-jumpstart-azure-arc-enabled-server-walk-through-for/ba-p/2005588
• https://a.aviatrix.com/solutions/multicloud-peering.php