What is multicloud?

Multicloud is a cloud computing deployment model that enables organizations to deliver application services across multiple private and public clouds. The multicloud environment may contain any combination of the following: multiple cloud platforms and vendors, multiple cloud accounts, multiple cloud availability zones, and multiple cloud regions or domains.

Multicloud management is the process of using a software tool to deploy, upgrade, secure, or otherwise manage applications across a mixed IT environment of on-premises and public cloud platforms. Because cloud computing has become integrated into nearly every aspect of IT, virtually any application can be managed in a multicloud environment. 

Multicloud tools can vary widely in functionality. Some are built to support a single application that has been deployed in multiple clouds. Others let you use a single management interface to manage infrastructure components (such as databases) with instances that exist in multiple clouds. Another type of tool lets you manage entire workloads across multiple clouds; virtualized and containerized workloads are commonly used in this scenario.

The three most common reasons to use a multicloud approach are performance, resiliency, and security. It should be noted that cost is rarely cited as a top motivating factor behind successful multicloud deployments. Let’s look briefly at each of the three biggest multicloud drivers.

• Performance. Like content delivery networks (CDNs), multicloud can deliver performance advantages by moving resources closer to the end user. CDNs store data and multimedia content as geographically close as possible to the networked end-user; similarly, multicloud deployments can move some (or all) of an application to a network region or domain that minimizes the physical distance between user and resource. Improving user-resource proximity reduces the network latency associated with accessing data and applications over a wide-area network; the more geographically distant users are from the resources they access, the more latency (delay) they’ll experience.
• Resiliency. Hosting your applications in more than one cloud guards against the failure of any individual cloud, though it’s important to point out some nuance when talking about cloud resiliency. Public cloud providers do build a measure of redundancy into their infrastructures by operating data centers across multiple regions. These setups enable a base level of resiliency without customers having to use multiple cloud providers. However, billing disputes and human errors, such as configuration mistakes, can put all workloads hosted and processed by a single cloud provider at risk. There are many workarounds for this, such as having each region managed under different accounts with different credentials. However, these workarounds create operational complexity issues similar to those associated with multicloud deployments. 
• Security. Multicloud – especially a combination of private and public cloud – may also be deployed for security reasons. Many organizations want to take advantage of cloud computing’s economic and scalability benefits or the capabilities offered by a particular cloud service provider but must keep certain data and/or workloads restricted to specific geographical locations or on-premises deployments. Typically, these circumstances are dictated by regulatory requirements, such as the European General Data Protection Regulation (GDPR) for information privacy, or by data sovereignty concerns. See the discussion below for additional multicloud security considerations.

Multicloud makes the geographical location of your data a core consideration of modern information technology. Legal requirements for data storage and data sovereignty vary greatly between jurisdictions, and the existence of multicloud creates data locality considerations that are receiving increasing legal scrutiny around the world.

If you are using an application that makes use of multicloud behind the scenes but which you don’t manage directly, then you must determine the implications of that. In most jurisdictions your organization, as the user of that application or service, is responsible for knowing all the possible places where your data could be stored by your vendor’s multicloud-enabled application. Depending on the data involved and the jurisdictions in question, your data may need to be in legal compliance with every jurisdiction in which it might be stored, processed, or accessed.

The same legal considerations exist if you are managing your own multicloud deployment; however, you have much more control over where that data is stored. Multicloud deployments you operate yourself allow you to choose where you store which data, allowing you, for example, to store highly sensitive data in on-premises repositories only. 

Multicloud security varies depending on the skill of the operators and vendors involved. Every infrastructure component and application involved in a multicloud must be secured. The more components there are in a multicloud deployment, the more opportunities there are for misconfiguration or security vulnerabilities.

Every cloud you use as part of your multicloud environment is a separate infrastructure that must be designed, deployed, monitored, and continuously maintained to remain secure. In addition, there are separate security considerations for any applications and data that run on top of the multicloud infrastructure.

Applications and infrastructure components explicitly designed for multicloud environments can significantly reduce the security burden. Virtualization and containerization, for example, allow administrators to deploy identical stacks of software, regardless of the underlying cloud platform. These stacks can contain one or more applications in addition to security defenses, such as virtualized or containerized firewalls.

Another important multicloud security consideration is networking. Multicloud applications may contain or even operate on sensitive data, such as personally identifiable information (PII). If this data is being transmitted between applications or application components, it’s advisable that this communication occur across a secure network.   

Juniper offers several solutions, products, technologies, and services that enable customers to create secure multicloud networks. Among them are AI-driven SD-WAN and secure edge connectivity, which together provide a secure multicloud deployment foundation. In addition, Juniper offers containerized routing, application discovery and monitoring, and network security.

Routing. Juniper’s MX Series Universal Routers and Session Smart™ Routers deliver policy-driven, automated routing that enables network administrators to optimize the end-user experience at any scale across an organization’s entire WAN footprint. Customers can manage branches, data centers, and cloud routers centrally via Session Smart™ Conductor or the AI-driven Juniper Mist cloud. In multicloud environments, MX series routers tie on-premises and collocated data centers together with one another and with public cloud deployments.

Juniper’s Cloud-Native Router is a containerized router that uses Juniper’s proven routing technology to link public cloud services with on-premises data centers. It uses cRPD and a Contrail DPDK vRouter forwarding plane, implemented in Kubernetes, for performant, seamless Kubernetes Container Network Interface (CNI) framework integration.

Security and QoS. Monitoring and application flow discovery are an important part of securing multicloud networks and crafting quality-of-service (QoS) policies. Elements of this broad range of functionality can be found in Juniper switches, routers, and firewalls running the Junos® operating system. Juniper’s Cloud-Native Router, and the Juniper Secure Analytics portfolio also provide some of this functionality.

Network security does not end with identifying and monitoring data flows, and Juniper has several security-focused technologies to defend your multicloud deployment. Juniper SRX Series Firewalls are ready to handle any scale, with physical, virtual, and containerized options available. Juniper Cloud Workload Protection helps defend individual workloads, while Juniper Advanced Threat Prevention features such as AI-predictive threat prevention, SecIntel, and Encrypted Traffic Insights enhance network-based defenses. These technologies use real-time threat intelligence feeds, block lists, and dynamic detection to enable automatic, responsive traffic filtering anywhere in the network. This enables administrators to detect and block malicious botnet traffic, even if it has “gone dark” via encryption, without additional hardware and at wire speed.

All of this is managed by Juniper Security Director Cloud.  Security Director Cloud enables you to secure your multicloud architecture with consistent security policies across any environment and expands zero trust to all parts of the network, delivering unbroken visibility, policy configuration, administration, and collective threat intelligence all from one place.

Finally, inline distributed denial-of-service (DDoS) protection is a serious concern for any Internet-facing services. The Juniper and Corero Joint DDoS Protection solution provides this functionality.