Hybrid Cloud

For many companies that are willing to move to the cloud, but still want to run applications in their own on-premises network, the hybrid cloud is a suitable option.

It offers the flexibility to continue to operate your own legacy applications on-premises, but at the same time to build a modern cloud environment in parallel, into which those workloads are relocated that do not necessarily have to be based on the on-premises infrastructure. The best of both worlds?

With permission, because a hybrid cloud always means that the company must operate or manage two platforms in parallel: The on-premises infrastructure and the cloud infrastructure. If the hybrid cloud is the best possible model can only be answered on a case-by-case basis. Unless there are compelling reasons not to do so, CIOs should critically evaluate whether or which parts of the on-premises infrastructure are still required and what costs and strategical implications are incurred to operate them.?

If the hybrid cloud is the best possible model can only be answered on a case-by-case basis.

If the introduction of a Microsoft hybrid cloud is planned, the following four elements should be considered in the IT strategy:

Networking - Networking for hybrid cloud scenarios includes the connectivity to Microsoft cloud platforms and services and enough bandwidth to be performant under peak loads.

Identity - Identity for SaaS and Azure PaaS hybrid scenarios can include Azure AD as a common identity provider, which can be synchronized with your on-premises Active Directory Domain Services (AD DS), or federated with AD DS or other identity providers. You can also extend your on-premises Identity infrastructure to Azure IaaS.

Security - Security for hybrid cloud scenarios includes protection and management for your identities, data protection, administrative privilege management, threat awareness, and the implementation of governance and security policies.

Management - Management for hybrid cloud scenarios includes the ability to maintain settings, data, accounts, policies, and permissions and to monitor the ongoing health of the elements of the scenario and its performance. You can also use the same tool set, such as Systems Management Server, for managing virtual machines in Azure IaaS.

In addition to the elements mentioned above the architecture of the hybrid cloud is also an essential element which needs to be evaluated. The high-level Microsoft hybrid cloud architecture is illustrated in the following picture:

As you can see Modern Work is mainly located in the SaaS (Software as a Service) layer. Whereas hybrid apps located in the PaaS (Platform as a Service) layer and VM (Virtual Machines) workloads located in the IaaS (Infrastructure as a Service). The elements Identity, Network and On-premises affecting SaaS, PaaS, and IaaS workloads.

On-Premises - On-premises infrastructure for hybrid scenarios can include servers for SharePoint, Exchange, Skype for Business, and line of business applications. It can also include data stores (databases, lists, files). Without ExpressRoute connections, access to the on-premises data stores must be allowed through a reverse proxy or by making the server or data accessible on your DMZ or extranet.

Network - There are two choices for connectivity to Microsoft cloud platforms and services: your existing Internet pipe and ExpressRoute. Use an ExpressRoute connection if predictable performance is important. You can use one ExpressRoute connection to connect directly to Microsoft SaaS services (Microsoft 365 and Dynamics Online CRM), Azure PaaS services, and Azure IaaS services.

Identity - For cloud identity infrastructure, there are two ways to go, depending on the Microsoft cloud platform. For SaaS and Azure IaaS, integrate your on-premises identity infrastructure with Azure AD or federate with your on-premises identity infrastructure or third-party identity providers. For VMs running in Azure, you can extend your on-premises identity infrastructure, such as AD DS, to the virtual networks (VNets) where your VMs reside.

Since now we covered the elements of the hybrid cloud you may ask yourself how to implement it. The good news is that Microsoft has already a defined three-phase cloud adoption process for ?the hybrid cloud:

1) Move productivity workloads to SaaS - For productivity workloads that currently are or must stay on-premises, hybrid scenarios allow them to be integrated with their cloud counterparts.

2) Develop new and modern applications in Azure PaaS - Azure PaaS hybrid applications can securely leverage on-premises server or storage resources.

3) Move existing (legacy) applications to Azure IaaS - For lift-and-shift and build-in-the-cloud scenarios, server-based applications running on Azure VMs provide easy provisioning and scaling.

In summary the hybrid cloud can be a good solution to start the cloud journey. The process is well structured, and the concept is established and tested. But since the operating of two infrastructures, cloud and on-premises, can be very cost intensive. CIOs should evaluate very well if their current legacy workloads justify their costs.?