SE Radio 571: Jeroen Mulder on Multi-Cloud Governance

Jeroen Mulder, author of Multi-Cloud Strategy for Cloud Architects, joins host Robert Blumen for a discussion of public cloud, private cloud, and multi-cloud computing architectures and trends. They start by considering what defines cloud computing and what differentiates the major cloud providers, including whether they are more alike or different in the services they offer.  Jeroen discusses governance, regulatory compliance, and data locality as drivers of where enterprises want to run their workload. They explore use cases for multi-cloud, and discuss architectural challenges in migrating to kubernetes, as well as issues with networking, security, and identity management with multi-cloud architectures. Finally, they discuss running public cloud compute on on-prem resources with Anthos, Outback, and related technologies.

Show Notes


Transcript brought to you by IEEE Software magazine.
This transcript was automatically generated. To suggest improvements in the text, please contact [email protected] and include the episode number and URL.

Robert Blumen 00:00:17 For Software Engineering Radio, this is Robert Blumen. I have with me today Jeroen Mulder. He is an enterprise and security architect with over 25 years in IT and cloud technology. He has held a number of roles in IT companies, including Atos and Origin. Until 2021 he was head of applications and multi-cloud services for Fujitsu in the Netherlands. Jeroen is the author of the book Multi-Cloud Architecture and Governance, and we will be discussing a range of topics in the area of multi-cloud and hybrid cloud. Jeroen, welcome to Software Engineering Radio.

Jeroen Mulder 00:00:56 Thank you very much. And compliments for pronouncing my name for being non-Dutch.

Robert Blumen 00:01:00 I do my best.

Jeroen Mulder 00:01:01 .

Robert Blumen 00:01:02 We do have listeners in over a hundred countries, so we are often dealing with people’s names from all over the world. Before we talk about multi-cloud, could you give us a brief overview of Cloud Computing, including the idea of private cloud and public cloud?

Jeroen Mulder 00:01:23 Yeah, that’s already a good start for a debate. Since what is multi-cloud in my world it’s a mix, hybrid cloud, private cloud, public cloud, et cetera. So what I usually, what I try to do in my books is to give a definition that at least gives something to work with. So multi-cloud would involve at least two clouds, basically. And whether that is a private cloud sitting on VMware or anything in combination with a public cloud, whether that’s going to be Microsoft Azure, AWS, or whatsoever, or that we have a combination of two public clouds, that’s all multi-cloud to me. The real trick in multi-cloud is whether you use it as a multi-cloud, because I can have stuff running in Azure and I can have stuff running in AWS. If these, let’s say these environments are not connected, then I’m just using two separate clouds.

Jeroen Mulder 00:02:12 If they are connected as an environment, then I’m going to talk about multi-cloud and that use typically within the enterprise that I work with. So far, we have private cloud stacks sitting in on-premises data centers mostly or in co-locations. And then stretching into public clouds for whatever usage. That can be a disaster recovery solution in public cloud or development being done in public clouds. And after all, because for instance, because of compliancy rules or whatsoever have the production on private clouds. So that’s a little bit of a definition that we use. And having said that, I know that a lot of my colleagues and other experts may have different definitions. There is even an official definition by Gartner, which is all true, basically. I don’t think that that is just one definition. Multi-cloud, basically if you just strip down the word multi-cloud, it’s two clouds as a minimum.

Jeroen Mulder 00:03:09 That’s multi. And I’m using at least two clouds, and that can be anything in my world. With hybrid cloud, it’s a little bit different. That’s more specific. That’s private combination with public cloud where the private cloud sits in an on-premises data center. So that’s a start, but it’s already a good start to have a fierce debate on what is it actually. And then if we really want to go down the rabbit hole, it is AWS, it’s Azure, it’s Oracle cloud, it’s Google cloud, it’s everything that comes with it. There’s so much choice for that matter and what you can use. And that’s where the real thing starts. What do I use? What do I want to achieve? Where do I want to use it for? That’s where the real interesting stuff starts as far as I’m concerned.

Robert Blumen 00:03:53 So you raised a ton of points that we’ll probably spend the rest of the hour discussing. I want to delve a little bit into this idea of private cloud. When cloud computing started, we had public cloud and then we had stuff in people’s on-prem data centers. I wouldn’t have called that private cloud, it’s just how we always did things. So what makes something a private cloud versus a bunch of computers that the enterprise owns?

Jeroen Mulder 00:04:21 Awfully good question. When I started off in this job, a private cloud was, at first we called it ‘utility computing.’ It was basic. And if you really look at it at its core, the big mainframes where you ran multiple applications or multiple environments on top of, basically that was already the predecessor of a private cloud. A private cloud is a hardware stack. And I’m running multiple applications or databases whatsoever on top of that hardware stack. Is that cloud or is that utility computing? Basically, I’m not running an application. It’s not a one-to-one relationship between the application server. It’s an N-to-one. So I can have different departments, different developer groups, whatsoever running on the same server with applications, et cetera. Okay. So if you want to call that a private cloud, I’m cool with that. That starts with the virtualization of the whole thing.

Jeroen Mulder 00:05:09 That’s where you actually got the possibility to chop your server into multiple servers or at least have it pretend that it was multiple servers. Yeah, you can call it a private cloud if you want. I’m not strict in, for that matter, in using the word ‘private cloud’ for that. As I said, we started off using the word utility computing because more departments or more developer groups were using the same server. It’s all good to me. It’s not like, let’s say the theory underneath it is that you share components underneath the infrastructure — so the network components or the storage or whatsoever. That’s what basically defines the cloud definition. And that’s something that in public cloud has extended to that really scaled out. And in private cloud, you could scale in private cloud obviously, but not the way that you would do it in Azure or in AWS or any public cloud.

Robert Blumen 00:06:02 So we can argue about what is or is not cloud. But I see a couple of characteristics of public cloud computing, which is self-service, API-driven, decentralized. Is that being adopted as a model for on-prem and privately owned computing so that everybody can deal with every compute resource more or less the same way?

Jeroen Mulder 00:06:26 Yeah, I would say that that’s a good definition. Still, the real definition is in the shared components. And if you allow people to work on, let’s call it the same system and enter it with an API or whatsoever, yeah, you could define it as a cloud. I love these t-shirts that says cloud is just someone else’s computer, which is basically the sole and one and only truth. It’s basically someone else’s computer that you’re working on. And you do that with an API. You get into that using an API. If that’s the definition of a cloud, yeah, then a private stack that I’m entering with an API as a developer and I’m using the stack, I’m using the hardware, the servers, and the shared components, the storage, the network cetera. That’s basically what cloud is about. And that’s not different, not really that much different, from how the public clouds work.

Jeroen Mulder 00:07:16 Let’s not overcomplicate things. The public cloud is nothing more, nothing less than indeed someone else’s computer. There are two main differences. First one is scalability. It is scalability. It is scalable to whatever, almost endlessly, which is also not completely true by the way. And the second thing might be the fact that all these public clouds really offer you services that make your life a little bit easier than it was let’s say 20, 30 years ago. So those were, I would say that these are the two main differences with a private cloud. With a private cloud, you will still have the service sitting somewhere on, somewhere on the floor. You will still have racks with network equipment, you will still have racks with storage equipment. Someone has to do with that. And that’s again, not different from public clouds. There are engineers for Microsoft or Amazon or whoever that have to deal with the physical hardware that’s sitting somewhere.

Jeroen Mulder 00:08:14 It’s, I always loved, I already mentioned that in that t-shirt. I have this one customer, I’m not going to call out names, that was really absolutely fanatic, really enthusiastic about, oh, that serverless concept, that’s something that I really want to try out. And then when I started asking, why would you really want to go into serverless? If you have a use case, a really good use case for serverless, go there. Absolutely. It’s pay as you go. It’s a fantastic technology. But don’t think that serverless means that there are no servers involved, which is a completely different thing. It’s not really cloud, basically. And it still strikes me every now and then, how many customers — not IT guys, because IT guys basically know — let’s say managers, C-level guys really think, oh, cloud is something magical. It’s not. It’s technology. Come on. It is not magic.

Robert Blumen 00:09:08 We’ve had now 20 years of cloud computing. In the early days, you wouldn’t have thought of running your entire workload on the cloud. Today if you’re a startup, you wouldn’t think of running it yourself. Twenty years is longer than the lifespan of most software. So for our first order, we could say that everything that’s running anywhere now had the option of being run either on the cloud or on-prem. And companies have decided where they want their workload to be. How are companies making that decision now of if they want to run their own workload or let someone else run it?

Jeroen Mulder 00:09:46 Yeah, really good question. We see a lot of difference between various industries. I work with customers, enterprises, large enterprises that really want to get rid of their data centers. They don’t want to manage that anymore. And also because of something that I call the voice of the customer: customers are demanding new applications, new features of applications all the time. And in even in increasing faster weight, those industries that have to deal with that type of customers are really looking into going into public cloud because it’s way more flexible, agile than their on-premises data centers. And then we have industries like healthcare, financial institutions even, that are still reluctant — not all of them, but quite a number of them, especially in Europe where I am with large banks; they are still quite reluctant to get their most critical systems into cloud. They want to have it, let’s say, tangible in their own data centers, have it really under their own control and not putting their control in the hands of a public provider.

Jeroen Mulder 00:10:47 And one of the other things that is really then an argument against using public clouds is the fact that most public clouds are American companies, which is a constraint for a lot of European enterprises. So, are we trusting an American company to work with our data basically? Because we’re putting the data on their infrastructure. So there are a number of arguments and there’s a lot of compliance and rules and stuff that you need to take into account before you start actually moving your environments into cloud. Having said that, we absolutely see a shift going on. And that’s not because of let’s say the financial component of cloud, because that’s always one of the first, well, questions or reasons that companies like ourselves. Yeah, we want to go into cloud because we think we have an idea that it might be cheaper. We go like, no, if that’s your sole reason to go into cloud, don’t go there because it’s not going to be cheaper at first.

Jeroen Mulder 00:11:47 It might be at some point, but please work out your business case really carefully because it’s not like if I get my stuff as it is and I’ll simply transition it to the cloud, then I’m better off in the financial way of speaking. It’s not going to work like that. If you go, like, but my customers and that includes banking because just look at my phone, I’ll do everything in terms of banking. I’m doing it on my phone right now. So even financial institutions, healthcare, same thing. I have my healthcare apps on my phone right now. So they are thinking of moving into cloud. They also have to deal with the voice of the customer because we as a customer, we want new features, we want new applications, we want everything as easy as it can be. And typically, well preferably I need to say with just one click on a phone, just that we can keep it with us all the time.

Jeroen Mulder 00:12:43 That means that they have to start thinking about developing new applications, new features, new code and even in a speedy way. The only way to do that or maybe not the only way, but the fastest way to do that is by using the cloud services. So yeah, there’s a shift, absolutely a shift going on right now. Is it going fast enough or I’m not exactly sure we see a shift, but we also see that there are still large enterprises that are holding onto their own data centers, let’s put it that way. So it’s still a long way to go.

Robert Blumen 00:13:15 You mentioned the idea of data governance where firms for compliance reasons may want to maintain tighter control over the assets where the data lives. I’m also aware of regulations such as GDPR in Europe that required data locality, which I think could go either way because the enterprise may or may not have a data center in the country where they want to operate. I’d like you to expand on that a bit and also take into account compute locality. Where to what extent do cloud providers offer a value proposition of they can put their compute closer to where the business’s customers are without the business having to construct the new data center somewhere where they want to have business?

Jeroen Mulder 00:14:03 Yeah, there are a couple of ways to look at that. First of all, it’s about laws and regulations and being able to move within these laws and regulations, including GDPR and all the variance(?) that we have in European countries, which are basically variance (?) on the GDPR regulations. There are differences between the countries. Some countries are really strict in where the data should be and other countries are a little bit more, let’s say flexible, do allow a little bit more. And it also depends on what sort of data that you’re keeping. If that’s really privacy sensitive data, then it’s really a completely different debate then let’s say generic data that could be found anywhere on the internet. And then there is indeed the debate. Okay, so where are the data centers? I live in the Netherlands, we have Azure data centers over here. Azure is mostly seen as a trusted company to put your data on because the data centers are in the Amsterdam region.

Jeroen Mulder 00:14:56 There are also there we have some debate on, okay, but the data centers are regulated, are owned by an American company. So are we still okay then to put our data into those data centers even though they are within, let’s say the country borders. So I would say that the Netherlands is atypically, I’m almost afraid to say so, but I can really prove it is really is an Azure country. Most companies use Azure as a public cloud in this country. In other countries where AWS has data centers, it might be completely other way around. And that, I’m not saying that AWS is not used in Netherlands. On the contrary, I work for a company called Phillips. Their house suite is built on AWS all the way. So it is used, I think that the real debate should be, okay, so what would be the best offering, the best services that a cloud has or a cloud provider can offer us in terms of what we really need to fulfill customer requirements and obviously yes, data and where the data resides, where the data is stored.

Jeroen Mulder 00:16:00 Obviously that is important. We have strong regulations, we have strong laws and rules and compliance rules and everything that ensure that your data is kept in a proper way and is stored in a proper way. Also with encryption technologies and identity and access management, especially access management, that’s, it’s not just where the data is, it’s also who can access the data. And that’s something that you control yourself. That’s not something that, sure, there are laws for that, but there’s also something that you as a company, as an administrator or a developer can control largely by yourselves, by defining the roles, access to the roles, who may access the data, when, where, why that is on top of where the data actually sits, which is, I sometimes have the feeling that these two debates are mixed or mingled with each other, but it is absolutely a debate. Absolutely.

Robert Blumen 00:16:55 So you brought up something and I, I want to come back to this, of how a company can manage identity and access management in a multi-cloud environment. So let’s put a pin in that. We’ve been talking more about what these different clouds are and the reasons the business case for being on one or another. Now to get more into the title of the conversation, we’re having multi-cloud. Do most companies then pick one single cloud vendor, or do most companies have a relationship with multiple cloud vendors for different reasons?

Jeroen Mulder 00:17:30 Again, both happen. The enterprise that I work with typically have chosen one cloud provider that is sort of their primary cloud. That can be an on-premise. So how we say a private stack. So we still have a lot of enterprises that have huge VMware stacks in their own data centers. Got nothing against that. On the contrary, and if a company chooses to go into public cloud, then we typically see that they choose one of the bigger clouds. It’s mostly with the multinationals and especially with the multinationals that also have presence in, for instance, Asian countries and especially in China, that they need to go to a second cloud, whether that’s going to be Alibaba Cloud or Transcend in China or whatsoever because of the latency, because of compliancy. Obviously there are a lot of reasons why they have to have a second cloud.

Jeroen Mulder 00:18:22 In Europe, I do see companies that have multiple clouds, public clouds, they use multiple clouds. But then it’s really a matter of the use case, typically use case that I see is that really data intensive. Companies tend to look at Google Cloud just for the data. But if you look at, let’s say the more common services that they would also use in their own premises and their own on-premises data centers, they would look at more at Azure. And then we have the typical cloud native, and I hope I’m not offending anyone, the typically cloud native companies or that are really already moving up to more cloud native are using more and more AWS. And that’s because that’s just my take on it. It’s just my perception. My interpretation if you want, is that AWS is more like building blocks that you really can play with as a developer where Microsoft Azure is built really from a services standpoint of view. If I look at myself, I find it easier to work with Azure than with AWS. But I can do stuff in AWS that I really go like, okay, so I can see why a developer would be completely thrilled by having these options in a public cloud for development. So it’s really, depending on the use cases, I would say.

Robert Blumen 00:19:39 You raised a few points and I’m making some notes, so I hope that I can get back to all of these things without forgetting anything. So one thing I want to come back to is the idea between, there’s the lowest common denominator of what all the cloud providers have, which is VMs, load balancers, VPCs, maybe blob storage. So if you’re the multinational and you’re thinking we need to run workloads on the best cloud provider in Asia, Europe, US might be a different answer. So you’re going to stick with the lowest common denominator versus somebody picking the best cloud based on differentiated services. Where Google’s better at data, AWS is better at cloud native. So do you see the competition? Is it being more driven by locality and doing the most reliable job at the same things everyone else does? Or companies trying to differentiate themselves as saying, we are better at this and you should do this thing on us.

Jeroen Mulder 00:20:48 Ooh, let’s start by saying that a lot of enterprises are still really working on VM level. So basically, it’s just the way that they were used to work in their own on-premises data center, virtual machines. That’s what they understood and that’s what they’re used to in terms of infrastructure. We also see the two big shifts that are happening, and I I don’t think that I’m popping up surprises here is, is the shift to containers. Cause containers tend to be, especially when you’re using the industry standard, which is Kubernetes, right? Right. Now, don’t think that I’m going to offend anyone by saying that Kubernetes has the industry standard with containers on top of that, that makes life easier in terms of multi-cloud and the way that you work with various Clouds. Still a lot of enterprises are struggling with putting their stuff into, let’s say, container environments.

Jeroen Mulder 00:21:38 The reason for that one is that most of the bigger enterprises have large environments and these environments are typically not invented or architected like microservices, environments, et cetera. These are in some cases really big monolith applications that you really would need to re-architect before you could get it into an architecture that would allow for microservices and containers and serverless and other native stuff. That’s basically also where I usually come in, because you really have to start thinking about, okay, so if I have this big monolith application and I want it to run it into cloud, okay, so first question is, okay, so why would you want to run it into cloud? Would that make life easier for your customers? Would that make life easier for your administrators? Whatever. So there should be a business case there. There should be a use case to start, let’s say ripping apart your monolith applications and completely re-architect it so that it could fit into a multi-cloud environment or into a cloud environment.

Jeroen Mulder 00:22:33 That’s one way to look at it. And the other way is that, okay, so leave the applications as they are and just keep them where they are. Don’t touch them, don’t do anything with them and start thinking about, okay, so maybe this is a good moment to start thinking about building new applications, Greenfield in a cloud environment. That would still mean that you will need to map your current functionality that you have in your old application and how to map that into a new development that you’re going to build out. That’s something different than taking your old application and transition it into a new environment, which that’s a different thing. So there are a lot of ways in how to do a digital transformation because that’s where you’re talking about them. We see a lot of companies really struggling with digital transformation, not just because of technology, but also because of just, do we have the right people to do this?

Jeroen Mulder 00:23:26 Do we have the skills to do this? And if we manage to get our environments into a cloud environment, do we have the skills and the people to manage that or do we know the companies that could do that for us? And if we do, so are we choosing AWS? Are we choosing Azure for what reason? So what would be the best fit for us? Us? Can we do that? Would that be a fit for, let’s say all the countries that we are present in, if we are a company that works in more than just one country, or do we need to look at for any reason, compliancy, latency, whatever, or do we need to look at different clouds in different regions? What about disaster recovery? Well, there are so many reasons that you still have to look at before you start shifting into a cloud environment.

Jeroen Mulder 00:24:12 It’s, yeah, it’s a little bit dangerous to say, so maybe, but I’m still going to say it. The technology per se is not the issue. It’s everything that comes around it. The governance, the data, the technology is usually the easy part. If you have figured out, cause okay, so this is the functionality, these are the requirements, this is what I need to build out. I have the people that can do that. Then the technology is not really that big of a hurdle anymore. Having said that, test it, test it, test it. Keep an eye on security and everything that comes with it, but technology, you’ll probably be okay to manage that. It’s a lot of stuff that comes with it. I will say.

Robert Blumen 00:24:50 You mentioned Kubernetes at the time of writing your book, which was 2020. The book is more heavily emphasizing the VMs. Yep. Older generation of technology. One of the selling points of Kubernetes is it is an interoperability layer and in the context of our discussion, the enterprise could also run it on their own machines. Is that the future of pretty much everything? And will everything now just be lift and shift and you drop it into whatever managed Kubernetes cluster meets your needs in terms of location or cost.

Jeroen Mulder 00:25:27 No, indeed. In 2020, that was the idea. And well, funny enough, we’re now in 2023, so that’s only three years. But in cloud terminology it’s almost like eternity. A lot already has happened. So in the second edition of the book, that has already been changed. Yes, it is Kubernetes, but we also see funny enough that we see companies getting stuff back into on-premises, but do use cloud technology for that one AWS outposts, Google and Anthos Azure Stack, all these technologies that you can use to run your application, even your cloud native applications into your own data center using Kubernetes. We also have quite a number of companies right now that are starting to look into IOT a lot more than they did just a couple of years ago. Using K3S as a lightweight Kubernetes version to run applications on top of their IOT stuff, data collectors all over the place, collecting data, shipping it into little mini containers and shipping it back to the environments and running in cloud for data analysis for, or to get AI on top of that to get more results or better results from data.

Jeroen Mulder 00:26:34 We’ve seen that in healthcare already, that you collect data from scanners, just scanners like MRI or CT or whatsoever. Nomenize (?) the data, then get it back into the cloud where AI regenerates the image and figures out, okay, so these might be spots that a radiologist might have missed, but AI recognizes that. Yeah, well based on whatever we already collected in the past, this might be something that you want to have a better look at. All these features or developments, it’s growing tremendously and it’s really becoming massive. And then public cloud is really almost essential because it needs so much power, so much compute power, so much storage, everything. It needs to be so scalable. You wouldn’t be able to do that in your on-premises data center unless you , you get truckloads full of servers every day in to scale out your environment. So you at a certain point, there’s no escape into getting into public cloud.

Jeroen Mulder 00:27:32 And then there’s obviously the development of your applications that come with it that it’s moving, it’s changing so, so fast. Just taking my banking applications on my phone again, as an example, I think I get every two weeks I get an update with new features into that application. And that can only happen if developers have the possibilities to work on systems that are scalable and sure, it all needs to be secure, it needs to be compliant. They really need a lot of data to work with. So coming back to your question, containers, yes, it’s still containers. It’s not just containers in the cloud anymore, it’s containers all over, it’s on IOT, it’s data collectors, it’s everywhere. So it is a technology that is expanding, it’s growing. Yes. I do still think that Kubernetes is and will be the industry standard. That’s just a prediction that I don’t think that’s anyone would, would disagree with that one. Yeah, it’s, so it’s containers. I also see a lot of movement in serverless event-based architectures completely automated. There’s a tremendous growth in that area. And then there’s data and security, but that’s a completely different topic. But still data. If I see the amount of data and the growth in the amount of data that we’re collecting right now as a, let’s say entire world community and if we expend that over the years, that’s going to be huge. It’s really going to be huge.

Robert Blumen 00:28:58 So you mentioned these on-prem hybrid models such as Anthos. I do want to also come back to that, but before going in that direction, I want to ask you about another use case. We’ve talked about companies want to run the same apps or services in different places, which may require using different vendors. Then you have the best of breed solution on a single vendor. Are there any use cases you’re aware of such as distributed cluster? I can think of product like Cassandra, where you can span a distributed database across multiple regions where you would integrate two networks from different cloud providers in order to have geographic redundancy. So what I’m asking about the same app, that the app itself is running on two or more clouds at once. Is that a thing?

Jeroen Mulder 00:29:53 I have to think about a use case. There’s one use case that, well, besides the one use case that probably will come up in everyone’s mind is, let’s say the entertainment industry, the Netflix of this world. That’s an obvious one. There’s one other use case that I can think of and that that has to do more with the fact that we, that we are living in a world where we try, where we all try to lower our carbon footprints so that we are working with that. We are building houses that with, that are really efficient energy with heat pumps. And I know one company I cannot name, unfortunately, I cannot name the name or I cannot say the name, but I know for one company that we work with that they have applications to collect data from the heat pumps and that actually also push maintenance software back to the heat pumps that are inside houses of people without them knowing that stuff is happening, it is maintained completely remotely controlled, maintained from a centralized application.

Jeroen Mulder 00:30:49 But that’s a Japanese company obviously, and that it means that they have to have that application or at least the software distributed all over the world from different places. So yes, they use different clouds for that one. The application, the app itself is this is the same wherever you are. Yapp works exactly the same, has the same look and feel. There’s no difference in whether you have the yapp in Europe or in the US or in Japan. It’s, it’s completely the same thing besides the language obviously. But to distribute, let’s say the maintenance data to the heat pumps, to the equipment and the houses, yeah, you have to have that really close to where your customers are, where the actual equipment is. And yes, they are using different data centers for that one. It’s GCP, it’s AWS, it’s Azure. It’s just where, it depends where the data centers are as close as possible to the customers.

Jeroen Mulder 00:31:40 The same applies for maintenance of electrical, of EVs. It applies for a lot of stuff, televisions, it applies to really a lot of things. It also includes for healthcare happens to be a little bit of my sweet spot. You want to have AI results to help radiologists or doctors or whatsoever in healthcare to help them with results with diagnostics, you need exactly the same technology. You have that data, that data needs to be pretty close to where actually clinicians are. Yes, a lot of companies use different clouds for that one, just with just where, where the data can be as close as possible to where the hospitals are or healthcare institutions. That includes, for instance, the use of even 5G connections, private 5G, using technologies like wavelength in AWS to get services that you run in AWS as close to the connections to cut the bandwidth or to cut the latency to an absolute minimum.

Jeroen Mulder 00:32:39 All these technologies will come down to basically the same sort of thing to get the data as close to your customer as you possibly could get it. And then the one thing that really is tricky for that matter is the synchronization of the data. Because all that data needs to be sort of the same set. I cannot have completely different data in China than I, well maybe a bad example, but let’s put it that way. The data in Europe and US should be basically the same data. So there’s, that’s the biggest challenge in multi-cloud is synchronization and keeping your environments as synced as much as possible. Not only just because of the, let’s say the services that you’re delivering to your customers, but also cause of the reasons, because of disaster recovery. For instance, if something fails, you want to be sure that somewhere your data is preserved and in the latest version and you just still can rebuild it if really needed. I did not come across any events where something was so heavily destroyed that you really have to had to get it from a different region again to build it up. But yeah, in theory it is possible.

Robert Blumen 00:33:44 If I were approaching an application like you’ve described, I might pick one of the vendors that I thought had a good telemetry stack that could input, that could ingest all the metrics, store the metrics, provide the query capability, dashboards, and then route all the data into that vendor. Is that a good way to think about the problem?

Jeroen Mulder 00:34:10 Yeah, yeah, absolutely. That is a good way. And most of the public cloud providers have these networks. They can do that already. At least the bigger ones. They’re the major ones. They have these networks that they can provide the services around the globe. The only thing is, is that they might be cloud providers or that are, are really specialized that really have a different shader in in their services. We have customers, I have customers that are located both in Japan, in Europe and in US. Some of these customers use have data stacks and they use for instance, Exadata, Oracle Exadata, or has its own cloud, Oracle Cloud infrastructure. We see and that is also multi-cloud. They want to have, or that can be because of a number of reasons they want to have the data. As Oracle data sets Exadata into Oracle Cloud, there can be a financial benefit to that one, licenses whatsoever.

Jeroen Mulder 00:35:03 But they have also because they are used to having that sort of data in specific formats that they, that you’re used to work with, which is fine. What we typically do, because a lot of these companies also work with a major cloud provider like AWS or Azure, they have the extra data in OCI and they have services running in Azure that can be workplace services, for instance. In AWS where they have development environments, I actually have one customer that actually has, all three of them has Azure because of the workplace services. They have AWS for development and they have OCI for the exit data stack. What we try to do is then that, this may sound a little bit complex, but it all needs to be connected to each other. You really have to start thinking from a network perspective and not from the server or the application layer.

Jeroen Mulder 00:35:50 You know, you have to start thinking from the network perspective. Okay, so how do we connect all these things? In this case, if we look at the data centers, if you’re lucky the data centers are situated close to each other or there might be even one data center where they both, maybe even three stacks are available or you have to start thinking about MeetMe rooms where you have really can connect the whole thing. You have to start thinking about the direct connections that they might have with express route or direct connect or whatsoever, whatever you need. But it really starts with thinking about, okay, so what are the connections that we need? And not only just connections as such, but also the speed of the connections. How much data will flow through it? How fast does the application need to be for the end customer?

Jeroen Mulder 00:36:32 And also there, there’s a big difference in the sort of industry we are in. If you’re in healthcare applications should be fast as lightning because a doctrine doesn’t have the time to wait minutes for results to come back. And the example that I just mentioned with, uh, utilities, it might, might even be okay if something takes a little bit longer than a couple of minutes or even an hour or whatsoever to get your maintenance software to equipment in your house, nothing will happen if that’s a little bit delayed. So all these different parameters you need to take into account where you start divining and, and architecting your environment and, and especially your cloud environments and network. I found this pretty unbelievable when I started off in cloud, which was really a long time ago, but in data centers we used to start thinking from the networks.

Jeroen Mulder 00:37:16 The network was number one, that was your foundation. And I was surprised to find out that companies, as soon as they start moving into cloud, they don’t start thinking about networks. They start thinking about the applications and the servers and all that kind of stuff. It’s the same thing in cloud. You have to start thinking about your networks and your security. I always stress the fact that whatever you do, keep security always on top of mine because if you don’t, it’s not something that you can put on top of later on. It’s, it needs to be completely intrinsic. And for some reason in data centers, we were used to that kind of thinking. We had these gates, with batches and no one was able to enter if they were not allowed to enter. And for some reason in cloud, yeah, we need to do something about access management. Oh, we need to do something about security. Start thinking like you would start thinking in your own data center. You didn’t want anyone to enter your data center. If that person didn’t have anything to look for in that data, didn’t have any business in that data center. It’s the same thing in cloud and network-wise, it’s exactly the same thing. Start thinking from your networks. That’s where it starts.

Robert Blumen 00:38:24 There are a lot of directions we could go with this in limited time, but I have had experience with AWS, even networking between two AWS regions was not particularly well supported at one time. I haven’t been on AWS in a bit, so that may have improved. We’ve been talking about this idea that you outsource your computing to somebody who has infinite compute power so you don’t have to worry about it. And then you find that you still are constrained on the network level. Looking at a larger topology, what is the cutoff where you can use the public internet and just route over that to where you need to start building specialized networks and bringing in telcos or physical spaces where you start connecting your network gear in order to get, amount of bandwidth you need?

Jeroen Mulder 00:39:19 The answer to that question is actually quite simple. It starts with what sort of data are you transporting? Are you transmitting over those connections? If that’s private, there are two answers. Basically it’s a criticality of your applications, it’s a criticality of your data. And those are the two main differentiators for having to decide whether you’re going to have to use private connections or that you’re going to route it just over the plain internet. I would not recommend to do that anyway. By the way, in the book I described two ways, VPNs and private connections. The two main drivers are data and the criticality of your application. And with that last thing, what I do mean is that there are a lot of quality attributes that you can use to design and to architect your application. An application that is running production, that is running sensitive data.

Jeroen Mulder 00:40:09 And that needs to be, for instance, seven by 24. If your business is, depending on whether the application is up or down, if your business is, depending on whether the data is safeguarded, is protected, et cetera, et cetera or not, then please don’t go over just, just over plain internet and just don’t do that. And to be quite honest with you, I hardly can think of companies that, that work with data and applications that I would not advise to at least give it a serious thought about how they protect their connections and how they would protect the networks. Yeah, even not in development. I do see it happen though, developers just working from home and just going out on the internet and just fiddling around a little bit with code and that code eventually ends up in application code for their employer, for the companies where they work for.

Jeroen Mulder 00:41:03 And I really wouldn’t go like, oh man, I would rather have you do that in a protected environment where I’m sure that data is not leaked out somewhere. Or maybe it’s not even that you are aware of the fact that you’re working with data that might be sensitive or that might be useful to someone that you don’t want to have that data in into their hands. I see a lot of developers that are simply not aware of the fact that they’re working with critical stuff. They’re working with sensitive stuff. So basically that’s where awareness starts by start thinking, is this something that would harm anyone if it drops somewhere in a public GI repository, if someone started using that, a matter of mindset, that’s not even technology, that’s just plain mindset. But coming back to the question companies, I would always really give serious thoughts about how to secure your connections, what sort of connections you use, who is allowed on those connections, who has access as all those kind of things. And that’s governance.

Robert Blumen 00:42:03 Time we have left, we have time for a couple more questions. I wanted to delve a little bit into one of the things I put in our backlog, the identity and access management. Each of the cloud providers offers their own model for this company that is not all in on one cloud may have its own identity provider or run LDAP or Windows directory internally. And if you’re wanting to deal with multiple cloud services, where is the source of truth for your employees identity and authorization? And how did that extend onto different cloud providers without just replicating or having multiple conflicting ideas about this?

Jeroen Mulder 00:42:50 Well, most enterprises that I work with still work with active Zachary (?). Most of the enterprise do or they have Okta or something like that. I don’t have a preference for anything as long as you are absolutely clear on what is your single source of identity provision. So what is your source of identities that should be one source and one source only. And don’t start using Facebook for that one, please don’t. , I’ve seen that. I really have seen that. Oh yeah, yeah, no, no. Our developers can go in with a Facebook account. Oh man, come on. I know that you can do that. I know that. So active directory, it’s still commonly used and I’m totally fine with that is what I said. Make sure that that is your one and only single source of identities and that is maintained and managed by yourselves. Here it comes already, I’ve seen companies where directories are managed by, I don’t know how many people also don’t do data. Yeah, sure. Break glass accounts, everything. Something that you all have to have in place, but your source of identities should be protected like a vault, really a vault and only a few people should be allowed to go into that vault to make changes, to elevate rights or whatsoever. That’s the basic, really the core of governance in my world.

Robert Blumen 00:44:07 Starting from that point. Now you want employees to have access to do different things on AWS, on Google, but you want control that centrally. How do you extend your internal identities and authorizations into granting employees the permissions to do the work they need to do on the different cloud services and yet keep it under central control so they don’t now have these distinct identities on each cloud that are, you know, unmanaged or you have to manage them multiple times.

Jeroen Mulder 00:44:41 It really should be coming from that one source of identities with assigned roles. And that role can have a definition. Okay, so you’re allowed to work in Google using IM from Google, you’re allowed to work in AWS using AWS identity and access management whatsoever. But the role should always be the same and that should have the same definition and that is managed centrally. And if a user and all these clouds have exactly the same sort of mechanism to elevate rise if needed. So don’t go into what I call, again, I’ve seen companies where developers have really have got mode almost in AWS or an Azure, they can do anything. So it really starts with separation of duties. And it starts with setting up your clouds in such a way that they only can access those parts that they really should be have access to.

Jeroen Mulder 00:45:31 And that has to do with the way how you set up your PPCs and everything that is inside the PPCs your resources. So it’s also a matter of controlling the resource management itself on the resource itself. And then there is the identity. And what I describe in the book is that everything is an identity. If you perceive everything as an identity, including service, including services, including users, et cetera, then start thinking about, okay, so if everything is an identity, every identity should have a role and every role should have certain tasks or allowance or whatever. That’s basically what an ARBE (?) model does. You should have that in place. And then you can connect to from your single source of identities, you can connect to Google IM, you can connect to Azure AD you can connect to AWS IM or have a more agnostic platform in terms of Okta, for instance, that manage it for you, which is fine as well. I have quite a number of customers that work with Okta for that matter, just as a centralized management platform, which is absolutely good.

Robert Blumen 00:46:34 The last thing I want to cover is the space that you mentioned earlier that includes outpost, Google Anthos in which it blurs the distinction between what is really a cloud service and who owns the resources, explain what this space is about, what problem it’s trying to solve and what some of the offerings are doing in that area.

Jeroen Mulder 00:46:56 It solves two main problems. The first issue that it solves is that you have your data as close to your customers or to your developers as it as it can be because you’re running the stuff really in your own data center, but you still want to use the cloud services. You still want to be able to work from that one cloud console or with the one CLI that you’re using with or CK or whatsoever. That is what all these offerings provide you. So you’re getting an extension of their public cloud in your own data center. So it gives you a feeling that might not be the right word, but at least a lot of companies you choose for that form because they have, it gives them the ability to have it all under their own control. They have the machines sitting right next to them sort of, and they still can work as they would work in the cloud, in the real cloud and the public cloud.

Jeroen Mulder 00:47:47 So that’s number one. So having the data, your applications really sitting next to you in your own environment, that is one of the reasons, I think one of the main reasons to have these propositions, just to have applications and data in an on-premises setting, but still be able to use cloud services as you would use them in the public cloud. So that’s the main reason for having these propositions. And I also see it happening for companies that have distributed applications and distributed data that they have at the customer sites. So again, it’s a matter of limiting the latency of applications and data communication as much as they can. So it’s basically, there are a couple of reasons. So it’s compliancy and security, so there might be a reason to have the data on your own data center floor.

Jeroen Mulder 00:48:34 There might be a reason for latency to cut down latency to have it really close to your customers. And then still all these propositions come with the fact that you could still work with these on-premises stacks as you would work in the public cloud with exactly the same services. Which is not completely true by the way, because if you look at the public cloud services, for instance in Google Cloud, it’s not going to work exactly the same on Anthos. So there are differences. Azure stack, a lot of services that you will have in Azure are available in Azure stack. The same applies for AWS Outposts. A lot of services that you have in AWS are available on Outposts, but again, not in every region and not every services available. So also here you will really have to think about, okay, so what am I going to use it for? What services do I need and does it fit them? Is it a good fit? And coming back to containers, most of these services do support in the meantime container services in AWS. So we have EKS and AKS and Azure and thoughts is basically invented to run containers on premises. So there we go again, containers is still probably one of the main solutions for the future.

Robert Blumen 00:49:45 In Kubernetes you have the concept of the cluster auto scaling or the cluster itself can either acquire more nodes or VMs or release them based on the overall workload of the cluster. Would any of these hybrid solutions support the ability to either run the managed cluster and the enterprise would supply some of the nodes to auto scale or the reverse where you have the Kubernetes running on the enterprise’s assets and it could pull in auto scale resources from the cloud or however you want to mix and match it. Is that a use case for this model?

Jeroen Mulder 00:50:26 What I always tell my customers that are looking into these propositions is that, okay, you are buying a piece of kit of hardware that is not as scalable as you would have it in the public cloud. And indeed with auto scaling of clusters, hardware that sits on your floor has a certain limit. It can only scale to that what the hardware actually has available, which is different in public cloud. And here, this is the interesting part of it because a lot of companies say, yeah, but that’s good, that’s exactly what I want because I know them for sure that it does not go beyond the boundaries that I have. So it can scale up until these limits and that’s it. So I have also with that, I have full control about my financials for that matter. I know exactly it’s going to cost me this and nothing more than that.

Jeroen Mulder 00:51:14 If you run your auto scale extending into public cloud, and please make sure that you have these parameters set very really well. Again, this is more the topic for FinOps, financial operations. Be sure that you have set limits parameters that control your costs in cloud. Auto scaling is a wonderful feature. You also have to manage that. Auto scaling does not mean that you do not have to manage it anymore. You still have to manage to what extent is something allowed to scale to, you need to have thresholds. Cloud providers, they will tell you that. Yeah, sure. And I believe them. Absolutely, I believe them. But cloud providers will tell you, okay, so we are, you can auto scale, it’s almost infinite, whatever you want. And they also will tell you, but please be aware that nothing comes for free basically. So there will be bill at the end of the month that specifies, okay, so this is what you have been using in the cloud and they will also provide you with services to control those costs.

Jeroen Mulder 00:52:15 All these cloud providers do that. This is still, it’s your responsibility as a customer that uses the stuff. And the same applies. I always have, I have this one slide in my deck that is basically a toolkit. Cloud provider is basically a toolkit. They have all the services of the world and you can build the most wonderful things with it. It’s scalable. It’s absolutely scalable to whatever you want. They have all the security in the world available at your fingertips and they need to be secure. There is no way that they cannot be secure because they run thousands of customers on their platforms. If they’re not secured, they’re out of business within before you know it. That does not mean that responsibility for using these services lies with the providers. The responsibility lies with you to use these tools. They have the tools. You are the one that decides to use them.

Jeroen Mulder 00:53:04 That applies for auto scaling, even with things like serverless options with event driven architectures that really are depending on scale because event driven, if you run a web shop and that hits its maximum at Christmas time when everyone does, does their shopping, you do not want to ha they hit the limits within let’s say the first hour of the sales event driven as soon as sales hit, then you really want to have skill, but still half boundaries, half thresholds in place, have parameters in place that will allow you to control the whole thing. It sounds like the obvious thing, but still I noticed that it’s something that you did not have to have to worry about whether you were still in the old data center because it only could go as far as it as it went. The hardware would allow you to do as much as it could do and that was it.

Jeroen Mulder 00:53:51 In cloud with auto scaling, if you do not set thresholds, I hardly can imagine that anyone would not set a threshold. So if you do that to their environments or butcher the lures (?) or whatever you want to call it. But still you have to think about, okay, if I use the cloud, what are the boundaries? What are the definitions? What are the parameters? How do I scale? To what extent do I scale? What do I use and for what reason do I use it? Do I really need to use it? Everything coming back to the phrase that I used before, start thinking of the cloud as it was your own data center still. It comes with a lot of benefits, but it does not mean that you do not have to think of the, let’s say the basic stuff that you would have to think about when you were setting up your own data center. That’s what I call BaseOps in the book. It’s called BaseOps Basic Operations. And that’s not really that different, much different from let’s say, the basic operations that we would have in the old-fashioned data centers.

Robert Blumen 00:54:49 If you could pick any topic we’ve discussed where you think the world has not reached an equilibrium or endpoint, where do you see that going in the next three years?

Jeroen Mulder 00:55:02 I would pick two topics and I already mentioned them. The first one is security. I see so much wrong stuff happening in cloud in terms of security. And that’s because again, it’s all about governance and control. The amounts of data are beyond my expectations that I had 10 years ago, for instance. And it’s growing. It’s growing awfully fast. If I look at my own house, almost everything is connected to, except for my coffee machine. That’s the one thing that’s not connected to the internet right now. But almost everything’s connected to the internet and it actually collects data. It collects a lot of data. It collects data about my energy levels, it collects data about the life cycle of my lamps for even, all that stuff. So that’s number one. But I also have to be, I have cameras, surveillance cameras on my house collects data.

Jeroen Mulder 00:55:49 The one thing that I need to be aware of is that as, and that all comes, it is all collected and it’s ending up somewhere in a cloud. I don’t know, because I’m buying it as a service. I don’t know exactly in what cloud it ends up, but I know one thing that I need to be aware of the fact that it is sending data to some cloud by the guys that actually provide me the services. I need to be aware of that, and I also need to be aware of that. And as soon as anyone hacks into my camera, they’re basically on my network and they, they can hop onto almost anything exactly the same thing for companies. I have witnessed audits with, let’s say an ethical hacker that actually went to the entrance of a company with the, what do you call it?

Jeroen Mulder 00:56:33 The bar that goes up where we, as soon as you enter the park drive and the bar, goes up. That was connected to a system that was connected to the internet. And I witnessed the fact that an ethical hacker actually went into that system and was able to hack or to go into the database with all the HR data. It’s all connected. So that’s number one. Number two is financials, I already mentioned that couple of minutes ago, companies that come with me with a question or with the assignment, yeah, we want to go into cloud cause probably it’s going to be a lot cheaper if we move our stuff into cloud. If that’s your sole reason to go into cloud, I’m not going to help you with that one because it will certainly end up in a big disappointment. If you want to go into cloud because your customers demand new applications, new features, you want to be able to develop faster. You want to use services that are available in the Cloud that can help grow your business. I’m your man, I can help you with that one. If you want to spend $1 million in cloud, I’m fully okay with that. As long as you make a 101 million back from the cloud again, with your business by using the services, that should be your motivation to move into new technology. So security, financials.

Robert Blumen 00:57:49 I do want to point listeners towards earlier episodes we did, which I’ll put in the show notes about FinOps, which goes into more detail about some of those topics you touched on. To wrap up, I have the 2020 edition of your book. Is that the first edition?

Jeroen Mulder 00:58:05 That’s the first edition. The second edition just came out two weeks ago.

Robert Blumen 00:58:10 Okay. And where is that available?

Jeroen Mulder 00:58:12 That’s available on Amazon, Same publisher packed Multi-Cloud Strategy for Cloud Architects . That’s a completely revised edition. Includes BaseOps, FinOps, DevOps, but it also includes OCI and a little bit of Alibaba Cloud even in this edition.

Robert Blumen 00:58:28 Anywhere else on the internet where you’d like listeners to find you?

Jeroen Mulder 00:58:32 My LinkedIn profile is open to anyone. I am on Twitter. I’m not really active on Twitter right now. I also have an account on Mastodon and my own website, That’s where I keep, where I write the blogs and all the kind of things and where you also will find the books.

Robert Blumen 00:58:48 Jeroen, thank you so much for speaking to Software Engineering Radio.

Jeroen Mulder 00:58:52 Thank you for having me.

Robert Blumen 00:58:54 This has been Robert Blumen. Thank you for listening. [End of Audio]

Join the discussion

More from this show