Hybrid cloud architecture is the combination of public and private clouds by a wide area network or broadband connection, through which applications and data can be shared and which can be managed as a single IT architecture. Hybrid cloud infrastructure is well suited to fluctuations in demand for computing resources since it enables businesses to scale from on-premises to public cloud-based to meet increased demand, and scale back from the public cloud to on-premises (private cloud) only once demand recedes.

Many organizations utilize public cloud infrastructure as a service (IaaS) to process some workloads while retaining others in their private cloud, whether for cost, regulatory compliance, or technology reasons. The most common public IaaS providers are Amazon Web Services (AWS), Microsoft Azure and Google Cloud platform.

Hybrid cloud architecture is increasingly popular with businesses – especially mid-to large enterprises who often rely on their private cloud for legacy infrastructure and mission-critical applications, and in 2018 74 percent of enterprises indicated they had a hybrid cloud environment.

• Scalability: Organizations can take advantage of the economies of cloud-based backup and disaster recovery without having to maintain an offsite facility to handle IT in case of disaster. If the primary data center or private cloud should experience an outage, snapshots stored in the public cloud can be ‘spun up’ and those applications could resume with a minimum of disruption.
• Flexibility: When needs rapidly change – for example during the holiday shopping season or thanks to a suddenly successful product release – an organization can ‘cloudburst’ from the private cloud into a public cloud provider to support an increased workload for customer-facing and business-critical applications. 
• Seamless migration: Hybrid cloud architecture lets enterprises move front-end and stateless applications to the cloud first, then bring over other applications either as VMs or in modern, containerized form while still maintaining legacy on-premises servers and applications whose data cannot be migrated to the cloud whether due to regulatory, governance, or other issue.
• Cost Savings: Taking a hybrid approach enables the enterprise to take advantage of CSP economies of scale, particularly when it comes to long term archival, backup, disaster recovery and business continuity.

Hybrid cloud architecture patterns combine the on-premises private cloud with one or more public cloud provider’s IaaS offerings, which is then managed as a unified, policy-driven cloud environment. This approach enables capabilities to be extended from private to public cloud and vice-versa, for example to take advantage of economies of cloud-based storage for archival and backup with existing data protection tools.

Additionally, hybrid cloud patterns include utilization of the public cloud as a sandbox for testing applications before deploying enterprise-wide. Many organizations migrate certain applications to public cloud providers, initially migrating stateless front-end applications with limited data processing requirements, and increasingly deploying applications that have been developed with modern methodologies like APIs and microservices in cloud-based containers such as Docker, managed with deployment tools like Kubernetes, which can span public and private cloud infrastructure.

This differs from multi-cloud architecture, where more than one public cloud provider is utilized to take advantage of each public cloud provider’s features, tools, pricing, or geographical nexus.

Enterprises should assess both current and future needs as they consider their hybrid cloud strategy, including an assessment of current on-premises and cloud infrastructure already in use, as well as rationalizing why a particular application is running where it currently is. Here are some key considerations for developing hybrid cloud architecture.

Which cloud operating environment should you use?

Hybrid clouds are managed through a cloud operating system (OS) which enables management, orchestration, and monitoring of the entire hybrid environment from a single pane of glass / single tool set.

Organizations should choose the cloud OS that offers the data management and flexibility required to manage their applications and without the need for retraining the entire organization. These cloud OS frameworks like VMware Cloud and Kubernetes often work in concert to achieve the desired IT goals.

The decision of cloud OS often has implications for all the decisions that follow, so organizations should invest the time to ensure the cloud OS they adopt is the best fit for their organization and IT needs.

Which cloud platforms should you utilize?

Although all the major public cloud providers have similar IaaS offerings, there are many differences in the tools, physical geographies, interfaces, and dependencies for each competing public cloud service provider (CSP).

Start by choosing providers who align best with your chosen cloud OS foundation and consider not only today’s needs but how your cloud profile will shift over time. This way you can help ensure that chosen cloud platforms can handle migration of workloads as they are modernized, and that the cloud platform can integrate seamlessly with existing on-premises private cloud assets and workloads.

Although choosing software-as-a-service (SaaS) vendors may be the simple matter of which application and APIs best align with needs, IaaS platform idiosyncrasies can lead to vendor lock-in, so care should be taken to develop application interfaces that are as vendor-neutral as possible. When possible, work early to develop relationships with the major cloud providers, even if you are not utilizing them today, as new offerings or expansion may warrant adoption of new cloud providers down the road.

Which workload should run in which cloud?

There are many factors to consider when planning which cloud to use for each workload, including security, regulatory compliance issues, price, accessibility, and the needs of each individual application.

For example, some application data must be located either on-premises or in specific geographies for governance mandates. Other legacy systems may not be suitable for migration into a public cloud provider’s environment and will require their own management tools and APIs to integrate their data with that of modern, cloud-based applications. Enterprises need to balance the need for application accessibility against the security and compliance requirements, recognizing that CSP physical security policies are often much more stringent than an enterprise’s own on-premises capabilities.

Fortunately, there are a number of excellent public cloud providers to choose from, so choose the one best aligned to on-premises tools and applications. For example, VMware shops can accelerate their move to the cloud by choosing CSPs who support VMware Cloud, and Windows-heavy IT organizations might find it easier to migrate workloads to Microsoft Azure’s Windows platforms.

What modernization plans should you consider?

IDC has predicted that by 2021 enterprises will see a 50/50 split for on-premises versus public cloud-based application workload placement. Although much of the hype around application modernization focuses on cloud and multi-cloud containers, there will continue to be a substantial need for high-performance, secure, flexible on-premises infrastructure for years to come. Whether enterprises are considering hyper-converged infrastructure (HCI) or disaggregated composable infrastructure (DCI) or some combination thereof, modernizing on-premises IT resources can give an organization a competitive edge by ensuring that all application workloads can take advantage of the latest technologies, whether hosted at a public CSP on in the enterprise’s private on-premises cloud.

How can you secure a hybrid cloud architecture?

According to the Ponemon Institute 2020 report, the average cost of a data breach is $3.86 million, and the average breach goes undetected for 280 days. And although CSP physical security often far exceeds an enterprise’s on-premises capabilities, many CSPs do not offer cybersecurity controls that equal those on private cloud environments. In a hybrid cloud environment organizations need visibility into all aspects of security, and organizations who rely on modern microservices-based applications must also be concerned with where the API calls that applications make actually sends their data to be processed, as well as what data is actually traversing the REST API calls between microservices or between applications.

Enterprises should begin thinking about security needs as early in the process as possible, to help ensure that the resulting hybrid cloud network is physically secure and hardened against cybersecurity issues that could lead to potential data loss and resultant penalties, loss of goodwill, and negative market impact.

• Resource Issues: Many born-in-the cloud organizations do not have a substantial in-house IT organization and would find it challenging to deploy a private cloud on-premises
  
• Heterogeneity: Since CSPs each have their own infrastructure, tools, and access methods, organizations have no control over changes at CSPs that could impact overall operations in a hybrid environment. 

As always, each organization must determine if hybrid cloud architecture is right for them.

A hybrid cloud architecture combines the best of both private clouds and public clouds, connected in such a way as to enable data to move smoothly between the two, and facilitating the migration of workloads from private cloud to public cloud provider – and back again – as business and technical factors dictate. The migration of workloads is largely made possible by the use of virtualization platforms such as VMware, container platform like Docker, network virtualization through virtual private networks (VPNs), and modern application deployment methodologies including microservices, APIs, and Kubernetes.

By leveraging the best elements of public and private clouds, a hybrid cloud architecture enables applications to be located closer to the ultimate users, which reduces overall latency and improves the end-user experience which is increasingly critical in competitive markets.

Today, most organizations have seen a sudden sharp increase in the number of remote workers, many of whom are being serviced by desktop virtualization of some kind. By hosting those desktops in the cloud as opposed to on-premises, much of the internet traffic for those remote users can be isolated away from the private cloud so it does not impact business-critical back-end operations.

Hybrid cloud architecture provides for a single, centralized management platform, which can help implement stringent security protocols and reduce global risk.