Enterprises that move from on-prem or a single cloud to a multi-cloud environment will face several challenges. Some of these include lack of visibility, architecture gap, and difficulty to scale to meet new business needs. More often than not, connectivity between clouds can also become a serious performance bottleneck for multi-cloud architectures.
READ: How to Simplify your Multi-Cloud Networking
While a multi-cloud transit can provide robust networking between the clouds, it is important to look at the total architectural requirement. A good multi-cloud network architecture should allow enterprises to control not only the native cloud constructs, but also advanced features beyond what the cloud service providers (CSP) offer. It needs a balanced approach where all dimensions are combined to produce a well-rounded architecture.
When building a multi-cloud network architecture, there are several aspects you need to consider:
1. Robust Connectivity
The transit must have awareness of not only the transit routing but also of the VPC/VNET routing. It should be able to adapt to changes in the architecture without the need for manual intervention. When adding or removing new VPCs/VNETs, the transit network should be auto-aware of the change and ensure transit routes reflect the change.
Transit network architecture should not assume that the security posture of all VPCs and VNETs is going to be same, since they always have varying requirements. Some environments will have public IP based subnets, some will need local egress to internet, some may have direct peering in addition to the transit connection. A well-designed transit network should be able to adapt to the routes.
2. Pod-like characteristics
One transit network is going to connect several parts of the architecture, but it is not going to be the entire infrastructure. A public cloud architecture will need multiple transit networks, be it a single cloud or multiple cloud. Even for a single cloud in a single region, you will still need to provide isolation, control, security and operational visibility between the applications, users and business units.