Technology Blog

Home » Hybrid Cloud

Category Archives: Hybrid Cloud

The Deep Dive on ‘Well-Architected Framework’ of AWS, Azure & Google Cloud !


Brief Summary:

In this article today, I will draw some insights of cloud’s well-architected framework of all three major cloud service providers. Firstly you will get some idea and background on why these well-architected framework and it’s pillars/principles is really needed for any business in their digital transformation journey and then I will slightly focus on life-cycle of well-architected framework from all three cloud services providers along with similarities/dissimilarities and then finally I will draw some attention on some sorts of approach each provider is following and how they are getting benefitted to their partners and business.         

Real need and importance of cloud well-architected framework in today’s digital transformation:

In today digital world, every cloud service provider in their digital transformation journey offers a large number of services and these are be it on cloud infrastructure | IoT | edge computing | software defined | data science | 5G | Networking | cyber security and so on, these services are growing/will grow very rapidly in future.  A business may consume one or more these services in various ways and each one can be configured in different ways. On the other side, what is important to understand that how on-premise hosted application (legacy, custom or inhouse, COTS, Open Source) is currently operating and how it’s can be transformed/migrated into public or private cloud.

Well this is not new, based on the cloud assessment or application rationalization through R-LANE (for example, Gartner has five R strategies model – rehost, replatform, refactor, rebuild, replace), the  application modernization and it’s migration methodologies for any on-premise hosted application can be decided whether this is either to be lift and shift (rehost) or retire the legacy application and replace it with cloud-native (replace) or with some modification in the application (replatform) or rearchitected the application (re-factor) or rebuild (rewrite the application from scratch) prior migrating them to the cloud. Each application is different and therefore deploying an application to the cloud is usually not a trivial task.

So, based on cloud assessment and rationalization results, the roadmap of any application’s modernization strategy and its cloud migration methodology are usually defined. To host or migrate these various kinds of applications in public/private/hybrid cloud and even to consume large number of cloud services along with, each cloud service provides a set of well-defined architecture, design principles and best practices those are precisely to be followed by practitioner. These set of standard architecture are to ensure that these applications are migrated smoothly, well optimized and secured, managed their operations effectively in a respective cloud.

Well-architected framework life-cycle from all three major cloud service providers:

Several years back, all major cloud service providers (such as Amazon, Microsoft and Google) has released their well-architected framework or architecture framework, they are revisiting and improving these on a regular basis. AWS has very recently announced their eighth version of the Framework since 2012.

https://aws.amazon.com/blogs/architecture/announcing-the-new-version-of-the-well-architected-framework/

In the similar way, Microsoft has also announced their revised Azure well-architected framework

https://azure.microsoft.com/en-us/blog/introducing-the-microsoft-azure-wellarchitected-framework/

Google has also released recently their updated/revised architecture framework guide:

https://cloud.google.com/blog/products/gcp/new-google-cloud-architecture-framework-guide

Well-architected framework pillars or design principles:

So, we talk little bit on the life cycle of their architecture framework and now let’s have a detail understanding on these set of well-defined architecture pillars or design principles

Amazon’s AWS and Microsoft Azure exactly follow the similar naming conventions so called “5 pillars of well-architected framework” where as Google Cloud’s architecture framework covers the same all in their 4 key architecture principles/pillars.

Amazon AWS 5-pillars of well-architected framework

As per Amazon, AWS well-architected framework helps cloud architects to build secure, high-performing, resilient, and efficient infrastructure for their applications and workloads for their business. Based on five pillars AWS provides a consistent approach for customers and partners to evaluate their cloud architectures, and implement designs that can scale over time.

Below are the five pillars of AWS well-architected framework and their purpose: 

  • Operational Excellence – focuses on running and monitoring systems to deliver business value, and continually improving processes and procedures
  • Security – focuses on protecting information and systems
  • Reliability – focuses on ensuring a workload performs its intended function correctly and consistently when it’s expected to
  • Performance Efficiency – focuses on using IT and computing resources efficiently
  • Cost Optimization – focuses on avoiding unnecessary costs

Below figure represents high-level pictorial view of AWS 5-pillars of well-architected framework

Figure-1: AWS 5-Pillars of ‘Well-Architected Framework’

Microsoft Azure 5-pillars of well-architected framework

As per Microsoft, the Azure Well-Architected Framework provides a set of technical guidance that can be used to improve the quality of a workload wherein partners can leverage this guidance to enable customers to design well-architected and high-quality workloads on Azure. The framework consists of below five pillars of Azure well-architected framework and their purpose: 

  • Cost Optimization – managing costs to maximize the value delivered to business.
  • Reliability – the ability of a system to recover from failures and continue to function
  • Security – protecting applications and data from threats.
  • Performance Efficiency – the ability of a system to adapt to changes in load.
  • Operational Excellence – operations processes that keep a system running in production.

Below figure represents high-level pictorial view of Azure 5-pillars of well-architected framework

Figure-2: Azure 5-Pillars of ‘Well-Architected Framework’

Google GCP 4-key architecture principles/pillars

Likewise, Amazon and Microsoft, the Google too have 4-key architecture principles/pillars those covers all 5 similar pillars of what Amazon and Microsoft is having.

Google cloud’s architecture framework provides a set of best practices and implementation guidance to architects on their products and services to aid application design choices based on their unique business needs. The framework provides a foundation for building and improving their Google cloud deployments to ensure standardization and achieve consistency.

The Google 4 key architecture principles/pillars and their purpose are as below:

  • Operational excellence – guidance on how systems efficiently running, managing, and monitoring that deliver business value
  • Security, privacy, and compliance – guidance on appropriate security controls, approach privacy, and meet compliance levels and standards
  • Reliability – guidance on how to build reliable and highly available solutions
  • Performance and cost optimization – suggestions on various available tools to tune your applications for a better end-user experience and analyze the cost of operation while maintaining an acceptable level of service

Below figure represents high-level pictorial view of 4-key architecture principles/pillars of Google cloud’s architecture framework.

Figure-3: 4-Principles of ‘Google Cloud Platform Architecture Framework’

Cloud provider’s approach and benefits of each their well-architected framework:

In previous section, I have brief explanation on each well-architected framework (pillars/principles), their purpose and pictorial view from all three cloud providers and you might have observed the purpose of each is very similar but what may be differ from each that’s their approach, each service provider has slightly different approach to implement their framework.

Amazon AWS Approach: Apart from dedicated focused training to build the internal distributed decision-making capabilities in architected framework, below are the approach which Amazon follows usually:  

  • The AWS WA (well-architected) tool, available at no cost in the AWS Management Console, provides a mechanism for regularly evaluating customer workloads, identifying high risk issues, and recording their improvements.  
  • AWS well-architected partner program members have in-depth training on the well-architected framework that can help partners architect to implement best practices, measure the state of customer workloads, and make improvements where assistance is required.
  • The Lenses extend the guidance offered by AWS well-architected to specific industry and technology domains, such as machine learning, analytics, serverless, high performance computing (HPC), IoT (Internet of Things), and financial services. to fully evaluate the specific industry and technology domain workloads, use applicable lenses together with the AWS well-architected framework and it’s five pillars.

Microsoft Azure Approach: Similar to Amazon, Microsoft does also carry a focused and detailed approach for their well-architected framework by using five pillars, below are the approach which Microsoft follows:  

  • Detailed study on framework content, reference material, and samples those are available in the Azure Architecture Center
  • Taking a deep-dive Azure well-architected review on Microsoft assessments through an online tool
  • Building a great (secure, scalable, high-performing) solution with Microsoft Azure well-architected framework on Microsoft learn.
  • A cloud adoption framework which is a collection of artifacts, implementation guidance & tools from Microsoft to accelerate customers cloud adoption journey and managing their cloud portfolio
  • By providing technical guidance and best practices to architect workloads, Microsoft partners enables business to define, deploy and manage well architected workloads on Azure.

Google Cloud Approach: Google’s framework recommends reviewing their “System Design Considerations” first then follow their 4-key architecture principles/pillars and then enters into a deep-dive into others process below such as discover, evaluate and review based on business needs. This framework is modular so customer can pick and choose process which is most relevant to them

  • Discover: Use the framework as a discovery guide for Google Cloud Platform offerings and learn how the various pieces fit together to build solutions.  
  • Evaluate:  Use the design questions outlined with a detailed thought process while business is thinking about their system design. If they are unable to answer the design question, then they can review the highlighted Google Cloud services and features to address them.
  • Review:  If customer is already on Google Cloud, use the recommendations process to verify if customer is following best practices or as a pulse check to review before deploying to production.

Conclusion:

So, finally we are able to cover the below topics on well-architected framework from all three major services providers

  • Why a cloud well-architected framework and its pillars is needed for business
  • Life cycle of a well-architected framework, its purpose and a pictorial representation for each service providers
  • Similarities /dissimilarities of each well-architected framework from each
  • Some sorts of approach that each cloud service provider is following and how they are getting benefitted to their partners and businesses.

Rajeev Ujjwal has more than 18 years of transformation delivery experience in cloud computing, infrastructure, directory service, and cyber security with larger global customers. He is a senior cloud consultant and successfully delivered various kind of global project delivery such as greenfield, consolidation, separation and migration. 

HCX Migration Known Issues and Solution-Lessons Learnt !


Problem StatementReasonSolution
Failed to create the replica placeholder disks at the target site. Unable to create dummy disk at target siteTarget is having the folder with the same nameSearch the folder with VM name in datastore and delete before starting the replication
VM power off task status failed during VR migrationServer did not powered off during the cutoverSelect forced power off option before migrating the server
Failed to enable replication. Enable replication on HBR manager failedServer is having RDM or Source ESXi is not in healthy stateConvert RDM into VMDK or change the compatibility mode physical to virtual
Replication stuck at any pointDisk is added or removed during the replicationDo not do any hardware changes during replication
Fleet applaince is not found for the serverMigration service is not deployed for clusterIncluded that cluster in any existing migration service or deploy new CGW for that cluster
Cutover failed due to reserver MAC addressVM is having vCenter reserve MAC addressDo not select option ‘retain MAC address’
Table: HCX Migration Lessons Learnt

Dhiraj Dhall has more than 15 years of transformation delivery experience in cloud computing, infrastructure, dev-ops, microservices and container with larger global customers. He is a senior Architect and successfully delivered various kind of global project delivery such as greenfield, consolidation, SDDC and migration. 

Co-existence between Azure Virtual WAN and SD-WAN is shifting a gear in the digital transformation


Introduction:

Last year in November, Microsoft has released a new networking services named as Azure Virtual WAN as a general availability. This is an additional service over existing services such as ExpressRoute, Site-to-Site, Point-to-Site VPN and few more, these earlier services are responsible for connecting or extending the customer on-premises data centre’s or branch office network into azure public cloud.

It’s not only Microsoft and even its major competitors such as Amazon and Google are bringing some major services (may not exactly the same) towards to the similar model. AWS recently launched its Transit Gateway, which is greatly simplifying the process of routing between VPCs and customer on-premises network. Google Cloud Platform too allow for virtual private connectivity on directly into their backbone

Prior we proceed to further have a deep dive into Azure Virtual WAN, Lets go a decade back and discuss about the network connectivity.

Traditional MPLS and IPSec used as a corporate WAN:

Let’s have some light on how widely MPLS along with IPSec VPN networks are/were deployed, particularly in large global enterprises. this was the standard approach for building a on-premises corporate WAN where all customer data centres and branch offices are getting connected and access their business and infra applications to operate their business, sometimes IPsec VPN were used as a backup service and even used for remote sites to connect where MPLS was either too expensive or not feasible.

Not even that, there are physical constraints imposed by the propagation time over large distances, and the need to integrate multiple service providers (including multi-clouds) to cover global geographies, MPLS face important operational challenges, including network congestion, packet delay variation, packet loss, and even service outages.

Current huge demand in digital transformation and it’s modern applications such as, IoT, machine learning, data science, analytics, VoIP calling, videoconferencing, streaming media, and virtualized applications require low latency. Bandwidth requirements are also increasing, especially for applications featuring high-definition video and sudden hike in data growth. It can be expensive and difficult to expand MPLS corporate WAN capability, with corresponding difficulties related to network management and troubleshooting.

The role and importance of cloud exchange providers:

While connecting to Public Clouds, customer has to depends on Cloud Exchange Provider to have established connectivity between On-Premises MPLS and Public Cloud VNet/VPC, in this scenario latency becomes a challenge for business to connect their branch offices/remote sites into public cloud to access their applications. At the same time the data centre connectivity was seamless (via ExpressRoute /DirectConnect) and it’s allowed business to migrate and access their applications into cloud.

In the meanwhile, many players had emerged and have started to offer on-demand global interconnectivity and becomes network hub to reach/connects most of public and private clouds along with on-premises data centres and even terminate these connection into corporate MPLS network. Now, business is allowed to migrate/host their business application based on their choice, flexibility and needs. It’s was the time where customer can host/migrate their enterprise application between multi-cloud service providers and create their seamless hybrid cloud platform but the real business challenges about latency, cost and others for accessing their cloud application from remote sites/ branch offices are still present

Another evolution and revolution in the network landscape:

On the other side, as cloud computing and mobile device has transformed the modern digital workplace, digital transformation is now taking major shift in the networking landscape. the cloud computing has evolved the terminology “as a service” several years back and that becomes mature and reality in the today business.

In the current digital transformation era, the dynamic (on-demand) provisioning and scaling of network capacity and slicing the network resources is now more aligned and satisfying the current enterprise needs. Likewise, the automation has gained the presence in the cloud, the Network-as-a-services (NaaS) has evolved into new phase and becomes a potent technology in a very short period of time.

the virtualized network function (VNF) as a software-based services, software defined networking, network as-a-service and 5G/Edge computing are the emerging trends in the network services, and those are adding another revolution remark in digital transformation industry, in the similar line of software-defined networking revolution, the SD-WAN has emerged and become a new digital transformation pillar which address the traditional MPLS limitation and challenges

SD-WAN simplifies the management and operation of a traditional corporate WAN by decoupling the networking hardware from its control mechanism. This concept is similar to how software-defined networking implements virtualization technology to improve data center management and operation.

A key application of SD-WAN is to allow organization to build higher-performance WANs using lower-cost and commercially available Internet access, enabling businesses to partially or wholly replace more expensive corporate WAN connection technologies such as MPLS

As per research firm Gartner prediction in 2018, by 2023 more than 90 percent of WAN edge infrastructure refresh initiatives will be based on virtualized customer premises equipment (vCPE) platforms or SD-WAN software/appliances

Azure Virtual WAN goes hand in hand with Partner’s SD-WAN/vCPE NVA:

Now we are entering into a new emerge model which is taking the cloud connectivity to the next level where the cloud is moving closer to the business and on other side the business moving closer to the cloud. So, we foresee a new gear shift where the existing MPLS WAN will be transformed to a SD-WAN based network. Precisely, you might have observed a parallel thread is running where all major cloud service providers are building their own network presence globally.

Microsoft, Google and Amazon are rapidly increasing their global network reach and created their own global network backbone and that has large number of PoPs/Edges locations across globe and these are very close to business enterprise. In other words, we will eventually see a compelling alternative to traditional MPLS providers where the connectivity is served directly into the business by cloud service provider. This kind of transition is already witnessed with AWS. AWS now allows the companies to run AWS infrastructure in their own private data centers.

Microsoft Azure Virtual WAN has brought a WAN-centric service to the market last year that brings many networking (utilizing their existing services such as ExpressRoute/Site-to-Site VPN), security, and routing functionalities together to provide a single operational interface. These functionalities include branch connectivity (via connectivity automation from Virtual WAN Partner devices such as SD-WAN or VPN CPE), Site-to-site VPN connectivity, remote user VPN (Point-to-site) connectivity, private (ExpressRoute) connectivity, intra-cloud connectivity (transitive connectivity for virtual networks), VPN ExpressRoute inter-connectivity, routing, Azure Firewall, and encryption for private connectivity.

Summary:

Initially you might not need all of these Azure Virtual WAN functionalities to start using Virtual WAN. You can simply get started with just one or two, and then adjust further your network as it evolves. The Virtual WAN architecture is a hub and spoke architecture with scale and performance built in for branches (VPN/SD-WAN devices), users (Azure VPN/OpenVPN/IKEv2 clients), ExpressRoute circuits, and virtual networks. It enables global transit network architecture, where the cloud hosted network ‘hub’ enables transitive connectivity between endpoints that may be distributed across different types of ‘spokes’.

The Virtual WAN key promising is the potential for API-based integration with various SD-WAN solutions (various third party such as Cisco Meraki, Citrix, Fortinet, Barracuda Networks, Check Point etc.), that would allow for the encrypted tunnel creation process to be automated. A branch office would connect to their nearest PoPs and this would automatically allow the branch to communicate with the rest of the global WAN.

To have further more insight technical details about Azure Virtual WAN design and architecture, Refer to below article:

Microsoft Azure Virtual WAN – How it’s getting closer to Business!

Rajeev Ujjwal has more than 18 years of transformation delivery experience in cloud computing, infrastructure, directory service, and cyber security with larger global customers. He is a senior cloud consultant and successfully delivered various kind of global project delivery such as greenfield, consolidation, separation and migration.