IT pros debate: Should network teams design cloud?

Critical Conversations on Critical Infrastructure Ep. 4: “Should the network architects design your cloud environment?”

The cloud has left many technology organizations questioning who should lead the design and stewardship of their newly hybrid networks.

Is it the cloud teams, the cloud vendors, or the network teams?

As development and site reliability engineering teams focus on making applications work, and cloud vendors continue to make their solutions stickier, the network team could be the key to de-risking and supercharging cloud strategy.

In this roundtable featuring a diverse group of panelists and contributor IT pros, we examined some of these questions. And we looked at ways that organizations can include network teams in hybrid cloud implementation.

Moderator: Andrew Wertkin [LinkedIn |Twitter], Chief Strategy Officer, BlueCat, and host of Network Disrupted podcast

Panelist: Ivan Pepelnjak [LinkedIn | Twitter], Network Architect, ipspace.net

Panelist: Denise Donohue [LinkedIn | Twitter], Systems Architect, Cisco

Panelist: Ned Bellavance [LinkedIn | Twitter], Founder, Ned In The Cloud

Contributors: John Capobianco, Jody Lemoine, Evan Selkirk, and Jesse Prowisor

Below are the highlights from BlueCat’s fourth installment of Critical Conversations on Critical Infrastructure. To continue the conversation, follow up with panelists, and see what others have said about the roundtable, join Network VIP—our Slack community where pros in IT connect and share their expertise on all things networking.

What’s wrong with modern hybrid network design?

Wertkin kicked things off by asking the panel how they see hybrid networks designed today. The panelists were unanimous in their reactions.

“Poorly,” said Bellavance.

“Not in a well-organized way,” Dohonue added.

“Google-based trial, fail, repeat,” Pepelnjak said.

Bellavance noted that the kinder term might be “organically”. He sees many business units carry out unsanctioned public cloud deployments that need tying into existing networks after-the-fact.

In other words, there’s some room for improvement when it comes to hybrid cloud design.

‘Proof of concept’ a dying excuse for organic network additions

The panelists joked about why so much of a network’s topology is unplanned-for. Through the irony, it was clear that ‘we never intended for this pet project to go to production’ is no longer a viable cop-out for surprise computing.

“As we all know,” Bellavance said, “the proof of concept for the pet project is what ends up running in production for the next 10 years.”

Whether it’s a pet project, a proof of concept, or a team trying to demonstrate how quickly it can deploy in the cloud, the result is the same, said Wertkin. “It’s something unplanned that potentially is unmaintainable.”

Effective hybrid cloud architecting is a team effort

The panelists agreed that networking in the cloud is a different beast than on-premises.

“And it’s a whole different thought process too,” Dohonue said. “You can’t just ask a network person, how would you do this or that because how it’s done in the cloud is different. You’ve got to make that paradigm shift.”

However, Pepelnjak argued that it’s not that much different. “It’s exactly the same thing we’ve been doing for the last 30 years. Only, we don’t control the other endpoint anymore.”

“I think the big deal is that line where the cloud vendor starts inserting their technology to take over. For instance, like in AWS, all the restrictions on how you can peer things and when you’re using their VPN gateway, who’s going to initiate the connection,” Bellavance noted.

“And then, how routing is controlled between all the various [virtual private clouds] VPCs you might have. Can you put it through a transit gateway? Are you going to try to build a mesh?” he continued.

Ultimately, he said, effective hybrid cloud network architecting requires collaboration between networking and cloud teams.

“When you get to the cloud side of things, then, it’s going to have to be a mind-meld between the cloud architect who understands enough about the cloud and a network engineer who understands enough about the networking constructs to, kind of, piece something together.”

‘The curmudgeon factor’ can hamper critical learning

People being people, they tend to do what they already know how to do and may resist learning new ways of doing things. The same can hold true for networking teams when it comes to hybrid cloud.

“The strange thing that we have in IT—and I’ll go back to what I call the curmudgeon factor—is that, despite the fact that we’re in an information-based industry, there are so many of us who just don’t want to learn,” observed contributor Lemoine. “They get that the other perspectives are out there. But the idea that we can’t hand it off to someone else and let them take care of it is a very odd thing in the industry.”

But, argued Wertkin, “You don’t need everybody to be generalists. You’ve got people with a tremendous amount of depth and skill in one area. And you don’t necessarily want them to be complete generalists, which is the curmudgeon.

“But there are certain roles, certainly on the architecture side—whether it’s software architecture, or network architecture, security architecture—where you’d better have some broad general knowledge. And if you’re an architect and you’re not constantly trying to expand that knowledge, then you’re not fulfilling the requirements of your role.”

Practitioners tend to be transactional thinkers

“There are three levels of knowledge,” Pepelnjak added. “You have what I call practitioners. And then you have people who could rightfully be called engineers, and then you have people who maybe deserved the title architects. And for practitioners, I totally get it. They don’t want to know anything left and right of them.

“On the other hand, the multi-region, scale-out, highly available application, that’s a really tough thing to do,” he continued. “And it involves the understanding that you can’t get it unless you get rid of a transactional view of the world. But of course, not everyone needs to know all the details.”

Network teams just virtualizing what’s on-premises

The trouble is, the on-premises teams may not see the cloud as part of their turf and therefore not acquire the knowledge they need.

For example, by not really understanding how the cloud architecture, network teams sometimes just virtualize what they have on-premises and thinking they’re good to go.

“What I see is immediately the network and the security teams want to put a virtual router and a virtual firewall up there. Because that’s what they know,” Donohue said.

Based on his consulting experience, Bellavance agreed. “Whenever the network or security team got involved, rather than trying to learn the constructs that were available in one of the public clouds, they instead just wanted to go spin up the virtual version of what they’re running on-prem,” he said.

He understands their reasoning—they get the same administrative interface and can run the same policies. But they don’t realize that what they want to do will cost more and may impair functionality.

IT leadership must take a more active role

Another obstacle to effective hybrid cloud implementation is that the networking team is often the last to know about new deployments.

“The networking team is involved on Friday afternoon when they have to do an impossible task so that the application will go live on Sunday morning,” Pepelnjak said.

Networking teams can have a reputation of being unfriendly, but that would make anyone grumpy. So, what should we do about it?

Have a networking person in the room from the start

To start, Pepelnjak suggests that a networking team representative should be in the room during project design.

“Have that networking person have some input on how the project would be designed so that it would be easier to implement. And that—oh my god—there is this thing called DNS, and maybe you should use it, then everyone’s life would be much simpler,” he went on.

“And it’s not just networking; it’s the same thing with security, the same thing with network services like load balancing. It’s the same thing with even sys admins and virtualization people.”

Still, noted contributor Prowisor, we can’t put all of the responsibility on IT staff.

IT leaders should be business partners

“Too many IT teams take the approach and complain, ‘Why are we not included?’” he said. “But I would turn around and say to IT leadership, ‘Why are you not jumping in? Why are you not including yourself in the business and in the requirements, in the projects and the needs of the business and stepping forward to be that partner?’ Don’t wait for someone to come to you. They’re going to come to you after it’s too late. You’ve got to be there and you’ve got to show that you are business-focused and not just technology-focused.”

Most importantly, said Pepelnjak, “You don’t want to fight the cloud. You want to go with the cloud.”

That’s all for our fourth Critical Conversations about Critical Infrastructure roundtable. Stay tuned for more about our next conversation coming in May 2021. Until then, join the discussion in Network VIP on Slack.