Despite increasing adoption of the cloud, there’s likely one topic you haven’t heard much about: where the giant public cloud providers are falling short.
The truth is that the large commodity cloud providers (think AWS, Azure, Google Cloud) don’t support many of the complex networking features needed to bring on-premise enterprise applications to the cloud unchanged.
This problem is especially pertinent for providers of cybersecurity, data management, firewall and other complex applications. Unfortunately, it is not always readily apparent. Cloud engineers risk becoming deeply involved in the process before they discover these issues.
In fact, it is likely that vendors of traditional classically-built on-premise applications will face multiple challenges and will need to resolve many questions before they fully understand the amount of effort involved in bringing their solution to a commodity cloud – if it can be done at all.
To help shed light on this important issue, we’ve highlighted the top capabilities not supported today by general public cloud providers and their implications for cloud migration. While this may be disconcerting to some, do not fret. We won’t leave you hanging without an alternative solution. We will also introduce you to specialized cloud service providers that enable you to leverage the benefits of the cloud immediately, without rewriting your application or documentation.
So enough with the suspense. Let’s dive in.
Networking Elements and Structures
Customers considering general public cloud providers should be aware that implementing your required network customization can be quite the challenge. If you are used to spreading your subnets across multiple noncontiguous CIDR blocks, creating VLANs for lower level isolation, or creating logical inner zones like DMZs, which may or may not be connected, at the very least you’ll be faced with a struggle. At worst, you’ll be committed to completely re-architecting or modifying your solution – and your documentation.
In addition to aligning the network structure to your existing architecture, you might be in need of “specialized” networking features. A notable example is a promiscuous mode NIC, which is the basis for any network tap, the key deployment strategy for many network-security applications, such as intrusion prevention systems (IPS), content-aware firewalls, etc.
The lack of such networking features on generic public cloud providers means that migrating environments that include port mirroring will not be straight forward, if attainable at all, without a major rewrite of your application.
The ability to deploy a single VM containing multiple NICs with IPs from multiple subnets (maybe even on different CIDR blocks) is another feature not commonly available on generic public clouds. Even if the NICs and IP are from the same subnet, the number of NICs per VM is limited unless you opt for a much bigger and more expensive instance. Coupling CPU/RAM with a number of NICs forces networking-heavy applications to opt for very expensive instances with wasteful compute resources.
Nested virtualization, where a VM runs nested VMs on top of it, is a go-to architecture for many network appliances and security solutions. If your solution includes the use of nested VMs, you would likely want to replicate this when harnessing the cloud for your needs. Yet, nested virtualization is not supported out-of-the-box by many generic cloud providers. This lack of support also makes nested virtualization a non-viable workaround for lack of instance networking support (as we mentioned above).
In some cases, you might be able to work around this limitation by “stripping out” the nested VMs and uploading them to the cloud as individual VMs. However, in most cases it means that you will be faced with that dreaded long haul of re-architecting or modifying your solution (and in some cases will not be possible at all if you’re using the nested architecture features as integral parts of your solution).
Virtual Machine Import/Export
The ability to move fully-configured machines in and out of the cloud, in their exact states, is an amazing feature. In fact, it’s not all that uncommon to see boxes that are running for years and have been altered numerous times, with some of those moves undocumented.
Why is this a problem?
The main issue is that existing import/export tools are made for a limited type and version of operating system, and as a result, not all instances can be imported to the cloud. This is likely the case for the ones that need to be imported the most – the ones that are already outdated. For example, if your application contains 32-bit Linux, Kali Linux, customized kernel, or Windows XP, most commodity cloud providers will not support importing those machines. And again, you will face the long haul of re-architecting or modifying your solution. Another point worth mentioning is that most commodity cloud providers only allow you to export VMs that were previously imported into their cloud, and not “native” VMs. As a result, any configuration or modification that is done on the cloud instances needs to be repeated manually on the on-premise counterpart to prevent configuration drift. It practically forces you to develop and modify your application only on-premise and to keep re-importing it into the cloud when a new version is ready – a very time-consuming and inefficient method.
The Cloud with a Difference
Don’t misunderstand. The information in this article isn’t meant to advocate against migrating to a generic cloud or to tell you that it’s not worth the try. Our intent is to alert you to hurdles that might cause you considerable effort and to make you aware of specialized providers that enable you to leverage the benefits of the cloud immediately, without rewriting your application or documentation.
Unlike the giant generic cloud providers that were built to support cloud-native applications, specialized cloud providers were purpose-built to make it easy to move complex on-premise applications to the cloud unmodified. Therefore, they support many complex networking features out-of-the-box.
One such provider is CloudShare, which was built from the bottom up to support the migration of complex applications to the cloud. By exposing more of the underlying virtualization system, CloudShare’s platform enables the user to take advantage of the same architectures and topologies available in on-premise deployments. Moreover, it adds the ease of a managed environment by providing features such as templates of complex environments, policy-based environment lifecycles, quick replication of environments, and collaboration tools for efficient follow-the-sun scenarios.
On top of its cloud platform, CloudShare offers specialized solutions for the entire application development lifecycle, including development and testing, training, sales enablement and customer support.
As with anything, it’s always important to look at both the pros and cons. The public cloud is no exception to that general rule. By looking at the cases where generic cloud providers fail, you’ll get a clearer picture of how to best leverage the cloud for your business advantage.
Cloudhare is a specialty cloud provider that helps software companies replicate complex on-premise IT environments in the cloud for training, PoCs, and sandboxing for support and testing. CloudShare’s specialized solutions help vendors of on-premise and SaaS applications to grow revenues, increase efficiency and improve customer success.
To learn more about how CloudShare can help your organization, visit us at:
Trusted by worldwide industry leaders: