Networking in cloud: The context

Network management in public cloud is fundamentally different from how organizations used to manage legacy networks in their on-premises data centers.

Public clouds bring a unique set of hyperscaler-specific models for network and security management, including access controls (IAM), accounts, subscriptions, subnets, tenants, routing tables, etc. These constructs abstract the underlying network into cloud-native resources and services for simplicity, leaving limited ability for engineers to control and manage them.

The challenge

Application and user traffic in the cloud needs to traverse multiple network paths – across the internet, across the DCs, to the cloud, within the cloud, and between clouds. The networking must be able to scale-up and scale-out across multiple paths at high throughput (active-active paths). Additionally, enterprises need to insert advanced security controls in between, segment the traffic according to policies, provide end-to-end encryption, and inspect inbound and outbound traffic. They need to automate the lifecycle of infrastructure and need to be provided with deep visibility and troubleshooting tools to improve the performance and MTTR of the application services.  

The public cloud comes with basic constructs such as VPCs, routetable, subnets, etc. to manage networking – which is simple to start with. However, as the cloud deployments accelerate and span across regions and multi-cloud boundaries, the complexities start evolving. The lack of mature operational toolkits, limited visualization, and the lack of interest from cloud providers to support your multi-cloud patterns make the matter worse, leaving engineers and operators to “figure out” things on their own.

The opportunity: Solve networking challenges for enterprises in public cloud

The opportunity is here to create a network control plane that runs over public clouds to provide enterprises with the flexibility to build, configure, and operate a network, securely and in a repeatable way. This provides engineers with the ability to dynamically manage network performance for improved application and user experience. Achieving this goal requires the following:

• Develop a simple and consistent, declarative networking architecture in and across cloud service providers
• Use a unified and single Terraform module to build, deploy, and manage network as a code
• Embedded network security to deliver central policy creation with distributed inspection and enforcement
• Deep operational observability and control to increase agility and automation and reduce MTTR and costs

Figure: Multi Cloud Networking Architecture

Summary

Software-defined networks (SDNs) revolutionized network management in DCs.  SDWAN/SASE simplified the connectivity across branches and DCs. All these innovations along with cloud-specific constructs such as ExpressRoute, Direct Connect, Cloud Interconnect, Transit Gateways, Azure vWAN, and GCP NCC are allowing organizations to drive the best path to access public clouds. However, within cloud, due to the inherent limitations of visibility and control of the underlying network construct, organizations are challenged with scaling their cloud across regions and multiple clouds and providing a consistent user and application experience.  

This is where the need for building cloud networking as a unified control plane arises. It simplifies network management, centralizes policy management, and provides engineers with control and visibility to manage network lifecycle and application traffic as a code. 

How we deliver value

At Capgemini, we help clients establish a cloud platform team, with a community focus on engineering innovation in the cloud. We bring expertise in cloud platform engineering to enable a lifecycle approach to cloud services, from engineering to operations, by abstracting cloud foundational services into developer-friendly self-services for agile and high-speed development.

Our thought leadership and services are creating a profound impact in the market, helping organizations to deliver products faster while ensuring resiliency and reliability, and driving customer experience.