Hybrid Cloud for Architects
Title Page
Copyright and Credits
Hybrid Cloud for Architects
Packt Upsell
Why subscribe?
PacktPub.com
Contributors
About the author
About the reviewer
Packt is searching for authors like you
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the example code files
Download the color images
Conventions used
Get in touch
Reviews
Introducing Hybrid Cloud
The cloud's demographics
Based on abstraction
Service down clouds 
Infrastructure up clouds 
Differentiating service down and infrastructure up clouds 
Based on services offered
Based on consumers of the services 
Choosing different cloud combinations
Summary
Hybrid Cloud – Why Does It Matter?
What does the world say? 
Pure-play public cloud strategy 
Public cloud benefits
Need for agility
Ability to experiment without upfront cost
Reducing operational overheads
Ability to consume enhanced services
Shortcomings of a public cloud
Cost 
Control/customizability
Compliance 
Fear of lock-in
Hybrid cloud case study
Summary – maximizing benefits
Hybrid Cloud Building Blocks
The story of a web application 
Transport level 
Case 1 – without a proxy
Case 2 – with a proxy 
Application level 
Web tier 
Application tier 
Database tier 
Putting it all together
Use cases of a hybrid cloud 
Isolated use case 
Distributed use case 
Co-Existent use case 
Cloud bursting 
Using cognitive services 
Supporting application use cases 
Backup and disaster recovery in the cloud
Decoupling the tiers
Case in point – architecture of OpenStack
Services to enable a hybrid cloud 
Network connectivity 
DNS service 
Public cloud services for hybrid deployment
Amazon Web Services ⠀䄀圀匀)
Storage gateway
Direct connect
Route 53
Amazon EC2 run command
VMware cloud on AWS 
Microsoft Azure
Azure Stack
Azure Site Recovery ⠀䄀匀刀)
Azure Traffic Manager
Summary – setting up hybrid cloud
Architecting the Underpinning Services
Networking
Underlay network
LAN architecture
WAN architecture
Overlay networking
GRE
VXLAN
Virtual Private Network ⠀嘀倀一)
Encrypting data using IPSec and SSL – concepts
IPSec VPN
SSL VPN
MPLS connectivity – direct connect
Routing table
Domain Name System ⠀䐀一匀)
How does DNS work?
Global load balancing
Identity and Access Management ⠀䤀䄀䴀) 
Identity Federation 
Multi-Factor Authentication ⠀䴀䘀䄀)
Application components
Global databases 
Using Cockroach DB in a hybrid cloud environment 
Database log shipping
Choosing the right components
Network connectivity 
DNS services 
IAM and Active Directory 
Conclusion 
Hybrid Cloud Deployment – Architecture and Preparation
Getting started with the public cloud – AWS
AWS terminology 
Account
Region 
Availability zones ⠀䄀娀)
Virtual private cloud ⠀嘀倀䌀)
AWS services 
Architecting the AWS environment 
AWS account design
VPC design 
Designing an AWS environment 
Connectivity to the private cloud
Setting up a public cloud – AWS
Creating an account in AWS
Creating a VPC and subnets
Creating the IGW and VGW
Setting up AWS API access 
Setting up the private cloud 
Basics of designing an OpenStack environment
Choosing an OpenStack distribution 
Choosing the deployment method
Installing DevStack 
Configuring DevStack to enable Heat
Summary
Building a Traditional CMP-Based Hybrid Cloud
Supporting applications use case
Traditional operations 
Modern outlook
Using the AWS storage gateway
File gateway
Volume gateways
Tape gateway 
Isolated/distributed application use case
General architecture of CMP
ManageIQ
Installing ManageIQ
Preparing the host environment 
Containerization basics
Understanding and installing Docker
Installing a ManageIQ container
Configuring ManageIQ to connect to AWS and OpenStack 
Adding a new AWS EC2 provider 
Adding our OpenStack endpoint 
Provisioning virtual machines using ManageIQ 
Creating a catalog
Creating a Service Dialog
Creating a catalog item and catalog
Testing the catalog
Policies and user authentication
Creating cloud images
In conclusion – architecting with a CMP
Summary
Building a Containerized Hybrid Cloud
Evolving to containers
Container networking 
None – no networking
Bridge networking
Host networking 
Overlay networking 
Underlay networking 
Container orchestration engine 
Kubernetes architecture 
Basic concepts in Kubernetes
Pod
Controllers
Service 
Volumes
Namespaces
Kubernetes deployment
Introduction to Juju 
Installing the Juju client and bootstrapping clouds
Bootstrapping an AWS Cloud 
Bootstrapping an OpenStack Cloud 
Accessing the Juju controller using a GUI
Deploying Kubernetes with Juju
Deploying a second instance of Kubernetes 
Connecting to the Kubernetes clusters
Federation using Kubernetes
Reasons for consideration 
Application migration – avoiding vendor lock-in
Enforce policies 
High availability and application upgrades
Cloud bursting 
Federation challenges
Implementing a Kubernetes federation
Step 1 – setting up the federation controller 
Step 2 – combining the Kubernetes configuration ⠀漀瀀琀椀漀渀愀氀)
Step 3 – creating the federation 
Creating the DNS provider 
Initializing the federation 
Summary 
Using PreBuilt Hybrid Cloud Solutions
Azure Stack 
Getting the Azure Stack
OpenStack Omni 
Installing OpenStack Omni on DevStack
Removing the DevStack instance
Modifying the local.conf file
Running DevStack 
vCloud Air
Using the different hybrid cloud solutions 
Summary
DevOps in the Hybrid Cloud
The development cycle and DevOps 
The traditional development stages 
Merging the different teams
Creating the infrastructure
Configuring the infrastructure
Templatize
DevOps or NoOps
IaaC with Terraform 
Installing Terraform 
Configuring and using Terraform
Configuration management using Ansible
Installing Ansible
Configuring Ansible and a sample playbook 
Summary
Monitoring the Hybrid Cloud
The traditional concepts in monitoring
Availability monitoring 
ICMP monitoring 
TCP/UDP monitoring 
Enhanced monitoring 
SNMP-based availability monitoring
Performance monitoring 
SNMP monitoring
WMI monitoring and custom agent monitoring
Monitoring the hybrid cloud
Prometheus
The implementation architecture of Prometheus
Installing Prometheus
Downloading Prometheus
Setting up directories
Setting up startup script
Setting up node exporter
Configuring Prometheus
Grafana
Installing Grafana
Configuring Grafana to use Prometheus
Summary
Security in a Hybrid Cloud
Components of security
The CIA triad
Confidentiality
Integrity
Availability
Tools to protect against the breaches
IAM systems
Data encryption in rest and in motion
Network perimeter security
Firewalls
IDS/IPS
Proxies
Host controls
High availability and disaster recovery
Detection and analytics mechanism
Minimizing shared infrastructure
Compliance standards and controls
HIPAA compliance standards
Administrative controls
Physical controls
Technical controls
Security controls consideration in hybrid cloud
Common controls
Implementing the controls on AWS – public cloud
Security – shared responsibility model
Implementing the controls in private cloud
Security – best practices
Implementing a CMDB/asset list
User accounts and authentication
Provisioning and postprovisioning controls
Networks 
Other practices
Summary
Other Books You May Enjoy
Leave a review - let other readers know what you think