What is a Hybrid Cloud Architecture?

Cloud Computing and Security

A hybrid cloud architecture is an environment that combines private computing resources with a public cloud. A public cloud is a cloud computing platform provided by a third-party company, and a good example would be Microsoft Azure, Amazon Web Services, or the Google Cloud Platform.

In this article, we’ll explain how a hybrid cloud architecture works and how it differs from more traditional IT environments. We’ll also detail the advantages of using hybrid cloud storage, as well as some specific use cases such as disaster recovery plans and data processing.

In recent years, many organizations have adopted hybrid cloud architectures to make their IT environment more scalable. Hybrid clouds are indeed well suited for most workloads, though many organizations may still have some concerns regarding security and compliance. As we’ll see in this article, there are also some situations where using a hybrid cloud isn’t really recommended.

What is a hybrid cloud architecture?

In general, a hybrid cloud architecture is an environment built on a public cloud service like Microsoft Azure or Amazon Web Services, with the addition of an on-premises component.

A hybrid cloud architecture combines private and public computing resources
A hybrid cloud architecture combines private and public computing resources

A hybrid cloud is generally understood as a private cloud environment combined with some public cloud services like the ones we’ve mentioned above. This slightly outdated definition is still shared by the National Institute of Standards and Technology (NIST) today.

The cloud infrastructure is a composition of two or more distinct cloud infrastructures (private, community, or public) that remain unique entities, but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting for load balancing between clouds).

The definition of a hybrid cloud has since evolved as IT departments progressively took a much wider role. As an example, IT pros now allow hybrid clouds to include on-premises environments and deployments managed by different cloud services.

The definition of a hybrid cloud has evolved
The definition of a hybrid cloud has evolved

A great example of such an approach is Microsoft’s Azure Arc, which is a multi-cloud and on-premises management platform. Azure Arc allows customers to manage and deploy services from a public cloud environment to on-premises servers or other cloud services.

Azure Arc is a multi-cloud and on-premises management platform
Azure Arc is a multi-cloud and on-premises management platform

Hybrid clouds could be described as the best of both worlds, in most cases: On one hand, you can take advantage of seamless management, cost savings, fast development, and flexibility from public clouds. On the other hand, you can still benefit from data sovereignty provided by an on-premises environment.

If you find all these advantages relatable, you may already be working with a hybrid cloud.

What’s the difference with a multi-cloud architecture?

If a hybrid cloud architecture combines on-premises resources with public cloud services, a multi-cloud architecture is different: It usually combines different public cloud providers with a private cloud or on-premises environment.

A multi-cloud architecture
A multi-cloud architecture

Most customers opting for a multi-cloud environment are looking for one or more of the following criteria:

  • Vendor redundancy between different providers.
  • A specific application or service that’s not available from other vendors.
  • Costs or features being more suitable for the company’s use cases with a different vendor offering.
  • Regional availability due to latency and connectivity requirements.
  • Regional data center and service availability.

There are many more factors that could play a role in the decision to opt for a multi-cloud environment, but from my own personal experience, these are the five most pressing ones.

A good example of a multi-cloud environment would be a customer using Microsoft 365 services for Office 365, all while having Kubernetes and SQL Server virtual machines hosted on Amazon Web Services and Google Cloud managed by Microsoft’s Azure Arc.

Another example of a multi-cloud architecture
Another example of a multi-cloud architecture

How does hybrid cloud storage work?

The main use case for hybrid cloud storage is to extend your storage with the cloud when your environment is running out of capacity. There are many more use cases for hybrid cloud storage, though I will concentrate on the two major ones here.

Seamless storage expansion

Having access to seamless storage expansion is something that many cloud vendors use to sell their services. These companies may offer you some local cache, but most of the storage capacity they can provide comes from a cloud vendor.

If you write data to those cloud services, the data is first cached during the upload process, then it will become only accessible from the cloud. If you decide to add more storage, you’ll just be extending the storage within the cloud environment you pay for.

Hybrid cloud storage lets companies extend their storage with public cloud resources
Hybrid cloud storage lets companies extend their storage with public cloud resources

Seamless integration and download on demand

With download-on-demand capabilities, you’re using your local storage as a caching device for the most frequently used and demanded files. In that case, you’re usually using an application running on a server or client operating system. These applications can take user behavior into account to download files on demand.

Normally, files on demand are represented as linked files, though users may not even encounter any difference from local files. When using a client application, users may see a slightly different file item for files downloaded on demand.

A hybrid cloud storage environment provides download-on-demand capabilities
A hybrid cloud storage environment provides download-on-demand capabilities

A great example of a server-integrated hybrid cloud storage service is Azure File Sync. This service uses an application client on a file server cluster or single file server to integrate and replicate the file server to Azure storage and Azure Files.

On the other hand, Microsoft OneDrive and Google Drive are great examples of client applications where the cloud storage client directly integrates with your operating system.

OneDrive integrates with File Explorer on Windows
OneDrive integrates with File Explorer on Windows

When you browse cloud folders that are synced with these clients, you may often see a status icons like the ones shown below.

File Explorer on Windows can show folders synced with OneDrive
File Explorer on Windows can show folders synced with OneDrive

The example above shows how Microsoft’s OneDrive client integrates with File Explorer on Windows:

  • There’s no symbol for local files that are not synced.
  • There’s a cloud symbol for files stored online.
  • There are curved arrows for files that are currently being uploaded or downloaded.
  • There’s a green checkmark for files stored on the local machine and in the cloud.

After we’ve explained how hybrid cloud storage works, let’s now take a closer look at the integration options at your disposal.

How does a hybrid cloud architecture work in practice?

A hybrid cloud infrastructure essentially interconnects on-premises services and a public cloud offering. These connections are mostly based on network availability: Different environments can connect to each other using the Internet or private connection services such as Microsoft Azure ExpressRoute or AWS Direct Connect.

The interoperability between on-premises environments is often made possible by using APIs. Other solutions may use agents to connect and sync data with public cloud services. Popular examples include Dropbox, OneDrive, Azure Files, and Azure File Sync. Other examples include Azure Stack HCI, Azure Stack Edge, and Azure Arc.

If you want to build or use a hybrid cloud service, you’ll need to choose the services you want to use, then build the network connection between them. In most cases, you’ll need to install an agent to enable the integration between your chosen cloud services.

Below, you can find some links to online resources for some of the aforementioned services:

The advantages of using a hybrid cloud architecture

In general, a hybrid cloud architecture can give you the best of both worlds. You get a combination of flexibility and scalability. And you can also save money with a solution that can improve security compliance.  

Cost savings

If you’re counting on a hybrid cloud solution to cut costs, this will depend a lot on your purchase process and vendor discounts. As you may know, the ongoing chip shortages have affected a lot of different industries in recent years. A growing number of organizations facing long waiting times to purchase their own hardware may now be tempted to adopt hybrid scaling.

Companies can still continue to use their existing on-premises investments and complete them with clusters in a hybrid cloud environment. That way, they can access more resources when required without spending more money on new hardware.

Another way to cut costs is to optimize how the personal files of end-users are stored. Most organizations use large file servers to store and back up personal data, but cloud services like OneDrive for Business can do that more efficiently. You get a high amount of storage and reliable recovery options in a cost-efficient way. OneDrive also makes your files globally available without you having to set up redundant file servers.

Flexibility and scalability

For IT pros, an hybrid cloud environment is definitely more flexible and scalable. Let’s take an example of a business relying on another company to do some video editing.

With a hybrid cloud, this company can use services like Azure File Sync to replicate video files in Azure. Then, the contractor can either directly work on the files in Azure or sync them back to its own file server. There’s no additional hardware required, and the contractor is free to do its video editing in the cloud independently from your on-premises environment.

When it comes to scaling, a hybrid cloud also provides some advantages. If we stick with our video editing example, the videos that have been edited will need to be rendered as well. In a traditional workload, you may use your own on-premises systems to execute the video rendering. With a hybrid cloud, though, you could add additional rendering servers to your environment to speed up the rendering process. This is a more affordable and efficient alternative to purchasing additional hardware.

Cloud Computing

Compliance

Using a hybrid cloud gives you more options to make your IT environment compliant with the latest security and data protection standards. Since most cloud vendors are already compliant and certified by different global organizations, you would only need to get your on-premises environment certified.

If you ever decide to open offices in another country or host services that require additional compliance standards, you would only need to host these services on the cloud platform that offers the compliance standards you need. Afterwards, you can just connect that platform to your hybrid cloud environment and carry on with your work.

Use cases for hybrid cloud architectures

We’ve explained why a hybrid cloud infrastructure can make a lot of sense for organizations looking for a combination of flexibility and scalability. Now, I’m going to detail some specific use cases for hybrid cloud environments.

Disaster recovery plans

If your IT environment includes on-premises servers, you must have a disaster recovery plan for emergency situations. Those emergency cases could be a fire in your data center or a total power outage.

Most organizations build georedundant locations or data centers, but that can be very expensive. As a result, many organizations are now building disaster recovery sites using cloud providers and cloud services.

For those scenarios, cloud vendors including Azure and Veeam are now offering special solutions to improve disaster recovery services. With these solutions, virtual machines or physical machines are replicated by cloud providers. In case of a disaster, virtual machines can be launched in the cloud and later moved back to on-premises servers.

You can read more about these two solutions below:

Cloud providers can also help to protect and recover other resources including databases and application services. This can bring down your time to recover and even keep critical services running during an unexpected disaster.

Development and testing

During the testing phase of the development of a new service, organizations may face resource shortages. This isn’t a great situation to be in, as it can result in extended development cycles or issues during the actual deployment.

With a hybrid cloud environment, you have the option to spin up and integrate test and development environments into your network. This will give developers the best environment to properly develop and test their services before putting them into production.

With new services and technologies like Kubernetes, development environments can really improve development cycles. Developers can seamlessly transfer applications from a cloud-based test environment to an on-premises environment without any major changes to their projects.

If such a test environment is no longer needed, an organization can just shut it down until it’s needed again. This is a convenient and efficient way to avoid major investments in hardware, services, and maintenance.

Data processing

I currently work with some customers who need to perform data processing on-premises, and then send their processed data to the cloud for further use. Most of these customers are far away from any wide area network access, and they can only access the Internet via expensive satellite connections.

That’s why it’s best for them to process most of their data on-premises, then only send their processed data to the cloud. This situation could apply to a mine in a remote area or a ship crossing oceans on a regular basis. In those cases, customers can leverage hybrid cloud services such as Azure Stack HCI. It will allow them to run their IoT or application workloads and enable centralized management from a single plane of glass.

Azure Stack HCI solution
Azure Stack HCI solution

In another situation, customers may need to store data on-premises before processing that data in the cloud. Those customers may also want to use confidential computers for data processing. Microsoft has a solution for this with its Azure confidential computing products.

Processing data in the cloud means that customers don’t have to invest in their own hardware, and data processing can be done on demand. Once the data is processed, it can be stored back on-premises. That’s typically a scenario you may see at insurance and financial companies.

The challenges of using a hybrid cloud architecture

Organizations can really benefit from using a hybrid cloud environment, though they may face some challenges along the way. Some workloads may not be well suited for a hybrid cloud environment, a,d organizations may also have concerns about the security of their confidential information.

I always say to my customers that no one forces them to bring any confidential information to the cloud. It’s entirely possible to keep confidential data on-premises while leveraging other benefits from a hybrid cloud environment.

Most issues with hybrid and public cloud environments come from trust in the vendor and/or technical standards. However, if an organization can overcome these trust issues, a new world of possibilities will be opened to them. Companies like Microsoft maintain their own “Trust Centers” to show how they protect data in public and hybrid clouds, and you can learn more about that on Microsoft’s website.

Are hybrid clouds secure?

A hybrid cloud is as secure as you make it. I’ve had a lot of discussions with customers wanting to break the encryption of Azure Arc service packages to see what is actually sent to the cloud. However, breaking up those packages introduces a much higher risk potential than leaving them as they are.

With most hybrid cloud solutions, packages sent to the public cloud are encrypted, which guarantees their integrity and security while they transit through the Internet. If you break the encryption on-premises using a security device, you’re just extending the attack surface, and you don’t want to do that.

As I’ve explained previously, it’s important for an organization to have trust in the public cloud services they use. If a vendor agrees to let you open a few packages during the pilot phase of a hybrid cloud environment, then you can be sure that this company doesn’t sneak in any additional confidential information. From this point on, you should turn off package inspection for hybrid cloud communications.

If you have any issue with transferring data over the Internet, even with a very high encryption standard, you can opt for a more private connection using private peering technology. That’s an option provided by most hybrid cloud and public cloud providers. I’ve already mentioned Microsoft Azure ExpressRoute and AWS Direct Connect, which are targeting Platform as a service (PaaS) and Infrastructure as a service (IaaS) integrations.

Azure ExpressRoute
Azure ExpressRoute (Source: Microsoft.com)

For integrating your IT environment with a public cloud, which implies a connection to the Internet, you still have some options to improve connectivity to public cloud services. With these solutions, your Internet service provider will replace communication through public peering with a private connection with the public cloud provider.

As an example, Microsoft’s Azure Peering Service brings Internet service providers on board to deliver higher reliability and minimal latency. Customers can also receive additional telemetry and monitoring data if they want to.

These solutions are not available with any hybrid cloud offerings, though. If you’re interested in these more secure connectivity options, you should discuss them with your cloud vendor. Whatever you decide to do, if you think your on-premises environment is more secure than a public cloud, it probably isn’t.

If you’re interested in building a hybrid cloud solution, there are also very good guides on hardening your environment without compromising on performance, reliability, and security. Microsoft also has extensive documentation on how to harden security for its Azure Stack HCI solution.

That being said, is a hybrid cloud environment really suited for all types of workloads? Let me answer that question in the next section.

Are hybrid clouds suited for all workloads?

In most commercial use cases, I’d say that using a hybrid cloud environment makes sense for 90% percent of all workloads. However, there are some IT environments where using hybrid cloud or public cloud solutions is just not an option. Those environments are called “air-gaped,” and they’re mostly seen in military or critical infrastructure contexts.

Picture10
An air-gaped IT environment is necessary for some industries

In air-gaped environments, IT pros mostly work with highly confidential data or critical infrastructures like energy grids. In that case, governments and institutions need to build environments that are completely isolated from other networks. That’s why in those scenarios, using a hybrid cloud solution is technically not possible.

Conclusion

As you can read through the article, a hybrid cloud environment is very well suited for most businesses, and you may already use parts of a hybrid cloud without even knowing it. The rising popularity of hybrid cloud environments is also a consequence of the pandemic and global ship shortages. This unique situation is currently forcing most organizations across the world to rethink how they operate.

Using a hybrid cloud environment should be part of every IT strategy, whether it’s a commercial or governmental structure. Compared to a pure public environment, a hybrid cloud can provide the best of both worlds, and this new IT architecture is definitely here to stay.