How Cloud-Native Can Tame Operations Complexity

DevOps is challenging. Some of its complexity requires a platform that is both SaaS and managed environments running on top of several cloud providers and potentially on-premises as well. Is there a platform that connects applications and systems while supporting enterprises as they accelerate their digital transformation efforts? If done the traditional way, you have all the ingredients to fall into an operations nightmare. Unless you tackle the challenges with cloud native approach from day one.

Let’s explore three ways to tackle DevOps’ operations complexity.

Step 1 of 7

14%

Which of the following best describes how you currently monitor and manage systems across your hybrid cloud environment?(Required)

Multiple separate tools for different environments

Multiple separate tools for different monitoring and management functions

Single consolidated dashboard

Custom built monitoring and management solution

No full monitoring and management solution

Don’t know

How valuable would it be for your monitoring and management solution to incorporate predictive analytics to help you identify and address system issues that are critical and not waste time or effort working through all the data and “noise” that is not critical?(Required)

Extremely valuable

Moderately valuable

Somewhat valuable

Slightly valuable

Not valuable

How do you most typically address potential system issues BEFORE they impact your operations?(Required)

Automated workflows and playbooks to remediate potential issues as soon as they are detected

An orchestrated response process that leverages automation, AI, and human expertise to rapidly respond to potential issues

Advanced monitoring tools such as predictive analytics and anomaly detection to proactively identify and address potential issues

Respond to issues as they arise, using manual processes and troubleshooting techniques

A combination of automated remediation, orchestrated response, and/or proactive monitoring to address potential system issues

Don’t know

Other

What methods does your organization use to control and monitor cloud/IT spending?(Required)

Centralized procurement processes

Pre-approved budget thresholds

Automated cost monitoring tools

Department-level spending controls

Regular cost audits and reviews

Cloud cost optimization platform

Approval workflows for resource provisioning

Native financial operations tools provided by the cloud provider

No formal controls in place

Don’t know

Other

Please specify:

Which methods do you rely on most to detect security vulnerabilities in your systems?(Required)

Automated scanning tools

Manual assessments

Vendor notifications

Threat modeling (for early detection)

None of these

Don’t know

Other

Please specify:

What are the TWO most common ways you prioritize vulnerabilities to address within your environment?(Required)

Based on potential impact

Based on exploitability

Regulatory compliance requirements

Based on CVSS scores

Risk-based analysis of multiple factors

First-in-first-out approach

No formal prioritization process

Don’t know

How do you typically handle system updates and security patches?(Required)

Automated updates and patches

Manually review and apply updates and patches on a regular schedule

A combination of automation and manual review

Apply updates and patches on an as-needed basis.

Outsourced update and patch management

No defined process

Don’t know

Other

Δ

Cloud Native Architecture

Why use Kubernetes? This technology is an open source system for automating deployment, dealing with massive scale and management of containerized applications. If the main initiative is to isolate every single integration that runs, then select an architecture component that could give you a head start.

A well-designed application based on microservices and running on containers can benefit heavily from technology such as Kubernetes in the following ways:

• Resilience and fault tolerance: These are key ingredients for today’s highly available, always-on systems. With the help of liveness and readiness probes, we can set up an environment where any misbehaving container could be automatically recycled and have a new instance ready to use.
• Multizone cluster: With a multizone cluster, it is possible to apply fault-tolerant architectures in which a container running on a zone is automatically moved to another zone if there is a failure. By coupling that with Google Cloud Platform (GCP)’s ability to replicate volumes across zones, and you can deliver a true fault-tolerant architecture.
• Millisecond recovery: Any restarted container takes milliseconds to get ready again, so absolutely no interruption occurs.
• Microservice isolation: Misbehaving containers won’t affect others as there are reinforced limits in terms of CPU and memory usage.

Deployment as Code

GitOps is our mantra. GitOps is a way of implementing continuous deployment for cloud-native applications. It focuses on a developer-centric experience when operating infrastructure, by using tools developers are already familiar with, including Git and continuous deployment tools.

The technique here is to follow regular Git Flow methodology and have automated “operators” apply changes to a Kubernetes cluster. These operators are regular containers running on a Kubernetes cluster that constantly monitor Git source repositories for changes. Once a change is detected, the operators automatically trigger an update.

For the automated installations, use Helm as the deployment engine. When changes are committed to the Helm configuration in Git, the operators automatically apply those changes.

This approach essentially reverts the classical imperative deployment model wherein actions are performed in the environment to a declarative approach in which the state of the environment is defined by a set of rules and kept in sync by these operators.

Outstanding levels of governance can also be achieved in all clusters, from a single source of truth. If a manual change is introduced in any of the environments, the operator would detect and revert back to the defined state.

Normalize Hybrid Environments

Kubernetes is powerful but comes at a price. It is very challenging to maintain different versions and distributions, especially when using different cloud providers and on-premises environments. Due to that fact, you must identify a technology that would abstract the complexity away, normalizing the operation.

Consider Google Anthos for this, which is a full Kubernetes distribution based on Google Kubernetes Engine and is available to GCP customers. Over the years, Google refined its Kubernetes distribution and eventually released it as a product in its cloud platform. It is a very well-designed and solid platform.

For difficulty running a SaaS platform in GKE, look at selecting Anthos as the basis for all our implementations, SaaS, dedicated SaaS or on-premises.

Main advantages of using a technology such as Anthos include:

• Standard Kubernetes installation for on-premises, VMware-based environments.
• Connectors for Kubernetes Engines in AWS and Azure cloud providers.
• Built-in configuration management capabilities allowing us to declare our clusters and keep them in-sync.
• Remote-controlled Kubernetes environments from a single admin portal so all cluster resources are easily accessible.
• Monitoring metrics consolidated on Google’s StackDriver.

The three ways are more than enough to achieve greater scalability, governance and control of hybrid environments. They are actually a new mindset for an application’s design and operations. I truly believe that they can help companies deliver better software while recognizing the complexity and challenges of dealing with enterprise applications.