For many involved in enterprise IT, one lingering concern of cloud computing deals with application and data visibility as compared to operating within a private data center. Because the cloud service provider controls and manages specific parts of the infrastructure in SaaS, IaaS and PaaS cloud platforms, these components become abstract to the end-customer. Today, we’re going to first look at why administrators desire more visibility into the cloud -- and then move onto different ways to actually achieve the level of visibility they’re looking for.
Why is cloud visibility so important?
Whether you’re dealing with public or hybrid cloud environments, a loss of visibility in the cloud can mean a loss of control over several aspects of IT management and data security. Shadow IT is a great example of how IT can lose control when they have a blind spot in their cloud architecture. Administrators must be able to control which applications are being used, who is using them, and what data is being generated and shared within cloud environments. Without the proper cloud visibility tools, IT is stuck with having to assume that their user base is adhering to written policy on the use of unauthorized apps. As we all know, you can’t run a successful IT department built on assumptions. Lack of visibility also creates a hole in terms of a sound business continuation and disaster recovery (BCDR) plan. Within a cloud environment, data has a way of going into a cloud without any way to track it.
Performance optimization is another concern when administrators lose underlying network infrastructure visibility in a cloud environment. The need for optimizing applications and workloads in the cloud is an absolute necessity. In many situations, moving to the cloud adds network latency due to the lower speed Internet or WAN links used to connect to a cloud service provider. Therefore, it is critical that the operating systems, databases, applications and workloads be operating at peak performance to make up the difference. But determining what parts of the underlying infrastructure needs to be tuned can be a challenge. Is there a performance problem in the application, OS or load balancer? Or is it that your virtual networking within the cloud not properly configured? Without the ability to tap into the lower level infrastructure components, you’re left to simply guess.
Finally, the biggest issue with a lack of cloud visibility has to do with data security. As the old saying goes: “you can’t secure what you can’t see”. Up until recently, moving into a PaaS or IaaS cloud meant that the processes, procedures and methods used to secure your cloud environments was a manual process to deploy and maintain. This fact often significantly increases the workload of your server, network and IT security administrators as they suddenly have multiple, disparate environments that they are responsible for maintaining. And considering that cloud computing was meant to simplify administration, that’s a huge step in the wrong direction.
Ways to achieve cloud visibility
Now that we’ve described some of the serious issues that are apparent with the lack of visibility in cloud environments, the question then becomes, what can we do about it?
Fortunately, quite a bit.
Cloud providers and infrastructure vendors are beginning to flood the market with plenty of visibility tools for a variety of application and data deployment scenarios. Amazon CloudWatch is a great illustration of a provider-driven cloud monitoring tool that continues that assists customers in keeping an eye on AWS applications, data and resources. Alternatively, there are third-party tools that are great at delivering monitors, alerts and reporting on low-level application performance metrics. Riverbed’s AppResponse and AppInternals are great examples of these types of application visibility tools that can be deployed in the cloud. If you require even more detailed visibility – even down to the packet-level – tools such as Gigamon’s recently announced Visibility Platform are a definite option.
[Want to know more about the management tools and other capabilities of cloud vendors? Read 25 Cloud Vendors Worth Watching.]
But while individual visibility tools are a great, low-cost option to see into the underlying infrastructure layers that your service provider manages, they may not scale well. If you have grand cloud ambitions that perhaps deal with large multi-cloud deployments, you may want to consider multi-cloud management platforms – or a move to a software defined networking architecture.
If you are juggling performance and security policies in multiple cloud instances, a multi-cloud management platform might be right for you. While it technically doesn’t provide lower-layer visibility, it does allow you to automate and manage policy across multiple cloud environments from a single pane of glass perspective. Alternatively, if you want to be able to not only manage policy across large private and public clouds, then you may want to consider building your cloud based on SDN. By centralizing the control plane throughout your cloud deployment, you not only regain end-to-end visibility, you also achieve vastly better end-to-end control over data flows.
Whether you are simply looking to regain specific cloud visibility using application and network tools, centralize control over network and security policy, or achieve the ultimate in visibility and flexibility using SDN, the choices are plentiful. It’s simply up to you as to what level of visibility is necessary. But it’s safe to say that in 2017, the days of being concerned of not losing site of data and applications are coming to a rapid end.Andrew has well over a decade of enterprise networking under his belt through his consulting practice, which specializes in enterprise network architectures and datacenter build-outs and prior experience at organizations such as State Farm Insurance, United Airlines and the ... View Full Bio