The public cloud offers agility in networking and security that traditional methods often lack. However, organizations can adopt certain strategies and technologies to achieve a similar level of flexibility in their private clouds, such as full stack networks and rapid security policies with few to no hardware dependencies.
"The public cloud has become the yardstick for agility," said VMworld 2020 presenter Umesh Mahajan, senior vice president and general manager of NSX Networking and Security at VMware, in a virtual session called "Making Your Private Cloud Network Run Like a Public Cloud." "In the public cloud, I can spin up applications immediately. I should be able to do that on-prem, too."
Application deployment and development have changed and advanced drastically in the past few years. With proper network and security measures, organizations can alter their private clouds and on-premises environments to reflect this evolution.
Infrastructure as code
Creating an agile, flexible private cloud begins with analyzing an organization's networking infrastructure, from its security footprint to its virtual LAN construction. Then, an organization must extract the configurations that live on different devices on its network and apply a singular management system -- such as NSX, VMware's primary software-defined networking product -- onto multiple types of environments. NSX's infrastructure-as-code approach enables admins to manage the network via software, rather than configure discrete devices and operating systems.
"If you can recreate that network intent into the device that you want -- no matter if they're on your on-prem private cloud, your hybrid cloud, your public cloud -- that is where the true benefit of cloud computing and cloud networking comes into play," said session guest Andrew Hrycaj, principal network engineer at IHS Markit, an information provider headquartered in London.
Cloud networking and security
VMware announced Virtual Cloud Network in 2018. It and NSX provide software-defined networking services to on-premises data centers, the public cloud and remote locations. Virtual Cloud Network includes intrinsic security with firewalling capabilities and load balancing, and many of its features come from key VMware acquisitions such as Nicira, VeloCloud, Avi Networks and Lastline.
NSX provides switching, routing, firewalling and load balancing from a single platform and code base, operable from a single point of management. Admins can deploy it as a singular networking tool for several purposes, as opposed to using a variety of tools for different network tasks, which can save time and money.
"You don't have to go to 15 different places like you'd have to do if you're using the traditional networking portfolio," Mahajan said.
Load balancing for application deployment and delivery
VMware incorporated its 2019 acquisition Avi into its NSX portfolio for cloud networking. Avi provided load-balancing capabilities and web application security firewalls to what VMware now calls NSX Advanced Load Balancer.
NSX Advanced Load Balancer separates the control plane from the data plane. The controller -- a single RESTful API housing the system policies -- manages the lifecycle of the data plane and its service engines. The feature set remains the same across all environments, including bare-metal, VMs and containers.
"[It] gave us the ability to take a closer look at our application flows. It's helped reduce troubleshooting times and it's also helped provide accountability to the application owners, so if an application's misbehaving, it's a lot easier to find it," said session guest Chad Kotil, senior systems engineer at PayPal.
It also features built-in analytics and central management, such as network, application and security telemetry, which help to create the cloud-native experience for organizations.
Why private cloud over public?
An organization might opt to fashion its private cloud to mimic the public cloud -- rather than just adopting a public cloud service -- for a handful of reasons. Although the public cloud isolates workloads at the software level, all workloads in the public cloud reside on a shared infrastructure. Customers with greater security concerns, such as government organizations, might avoid public cloud providers as a result.
Public cloud services also operate on a pay-as-you-go model. Companies that would rather swallow the upfront cost but pay less over time might also prefer to run a private cloud for this reason.