What Is a Hybrid Cloud Model for Federal Agencies?
As the GSA guide notes, a hybrid cloud model deliberately integrates public cloud platforms from cloud service providers (CSPs) like Amazon Web Services or Microsoft’s Azure along with private cloud and on-premises infrastructure. Though it is often mentioned as a form of multicloud, the guide notes, the multicloud model does not use on-premises IT infrastructure.
Within the hybrid cloud model, there are composite architecture and redundant architecture, the GSA notes.
“Composite architecture contains a portfolio of applications distributed across public CSPs, private CSPs, and on-premises infrastructure,” according to the guide. “As in multi-cloud, composite architecture is preferred in hybrid cloud when performance is the key consideration.”
Redundant architecture contains copies of the same application across all the different IT environments and enables agencies to have a failover capability if one of them should fail. “Redundant architecture is the favored approach in hybrid cloud when availability and resilience of the application is a key consideration,” the guide notes.
There are several advantages to a hybrid cloud model. It allows agencies to keep legacy applications on-premises while still allowing it to use modern cloud tools. It also helps agencies retain sensitive applications and data on-premises. Additionally, it leverages functional advantages from a combination of public and private CSPs. It also potentially decreases the total cost of ownership.
However, there are several downsides to hybrid cloud, including that it increases the attack surface for cyberattacks due to increased complexity. The model also requires the IT workforce to become proficient with multiple tools, increasing hiring and training costs. Often, the available workforce with the necessary expertise is still limited, as it can be costly for some agencies to train IT workers. Plus, network constraints can lead to increased latency between public and private cloud environments.
“Although COVID-19 accelerated cloud adoption, there are still many situations where a private cloud is required — hence the popularity of hybrid IT environment,” Brandon Shopp, group vice president of product strategy at SolarWinds, writes in Nextgov. “But these can be hard to manage at scale and require a specific skill set that’s not always easy to find.
The Defense Information Systems Agency and the Army have recently ramped up efforts to support hybrid cloud deployments. The Army is setting up a hybrid cloud system to support tactical operations for a unit in the Pacific, the first tactical cloud setup of its kind. Meanwhile, DISA expects to unveil a Container as a Service product in the next few months to synchronize various Defense Department cloud efforts.
What Is a Multicloud Model for Federal Agencies?
In comparison, as the GSA notes, a multicloud model for agencies involves the use of the same type of cloud services from multiple Infrastructure as a Service (IaaS) cloud service providers.
“It is a broad term, sometimes denoting associated multi-cloud management/operations or non-integrated use of multiple clouds,” the guide states. “The term may encompass all-private clouds, all-public clouds, or a combination of both.”
As with hybrid cloud, there are composite and redundant architectures in the multicloud model. “In composite architecture, a portfolio of applications is distributed across two or more CSPs. It is preferred when performance is the key consideration,” the GSA notes.
Redundant architecture in a multicloud model involves two or more instances of the same application and allows for one cloud to take over when another fails. This approach is preferred when the availability and resilience of the application are the key considerations, according to the GSA.
A multicloud cloud approach enables agencies to leverage “best-of-market innovations and capabilities, and mitigates risk of vendor lock-in,” the guide notes. Multicloud also boosts agility, scalability and flexibility, and it “can help agencies evaluate and improve their current management practices and application portfolio.”
Additionally, multicloud models potentially decrease the total cost of ownership for agencies, and there is often less risk associated with cloud-agnostic contracts, according to the GSA.
However, as with hybrid cloud, there may be downsides in multicloud models for federal IT leaders, including latency issues in transmitting data between public and private cloud environments. And, similar to hybrid cloud, there are potential increases in hiring and training costs.
“There is an increased need for the IT workforce to understand and adopt knowledge of multiple tools, providers, and system,” the GSA notes. “Often, an agency’s existing IT workforce does not meet the new skill requirements, raising training, recruiting, and hiring costs for the organization. Agencies must also account for an increase in training costs for teams and individuals directly responsible for the cloud service and periphery teams and individuals who support it.”
Relatedly, agencies often face a higher burden in managing an increasingly complex system. This can create silos, including in the management of different CSP networks, firewall rules and security rules. However, agencies can turn to trusted partners to help them manage multicloud environments.
Nevertheless, multicloud is becoming a popular option for agencies. Most prominently, last year the Defense Department decided to scrap its single-cloud approach for its enterprise cloud contract known as the Joint Enterprise Defense Infrastructure (JEDI) and instead go with a multicloud approach for its Joint Warfighting Cloud Capability program.
“A good multi-cloud strategy provides a single set of management tools,” Keith Nakasone, federal strategist at VMware, writes in Nextgov. “Teams should use those tools to secure consistent configurations and policies across their clouds, no matter the number of applications and environments. A platform that provides a single set of tools across the infrastructure gives agencies consistent cross-cloud governance and compliance. As a result, they can better track spending, manage services and mitigate security risks.”
Hybrid Cloud vs. Multicloud: What’s the Difference?
As the GSA blog post on the guide notes, there are many dimensions that an agency must consider when deciding which cloud model best suits its needs. They include cost-effectiveness, manageability, performance, reliability, security and privacy, and the IT workforce.
A multicloud approach allows agencies to only pay for cloud resources when there is demand, and cloud management platforms can help agencies manage and optimize costs. In a hybrid cloud model, agencies can keep legacy apps on-premises and avoid migration costs.
Hybrid cloud environments can be more difficult to manage for agencies since there is both on-premises infrastructure and IaaS to manage, which can lead to interoperability and standardization issues, according to the GSA.
In terms of performance, hybrid cloud setups may suffer from more latency issues since there might be a performance and networking mismatch between on-premises and cloud infrastructure, the GSA notes. “In contrast, multi-cloud architecture can leverage horizontal and vertical scaling from public CSPs, and can offer high availability for production applications,” the GSA blog notes.
For both hybrid cloud and multicloud models, the use of redundant architectures increases reliability for agencies. However, the GSA notes, “an on-premises data center would require substantial resource investments in building and maintenance to match the reliability of a public CSP.”
With security and privacy, the differences get a bit complicated, and IT leaders must weigh which factors are more important. “Multi-cloud security infrastructure is typically easier to manage, is cheaper, provides many features, and is shared with best-in-class CSPs,” the GSA notes. However, hybrid cloud security infrastructure “requires a decentralized approach to enterprise security, which means additional applications, monitoring, time-to-value, and cost.”
Both hybrid cloud and multicloud models require agencies to have staff that’s trained to manage the different environments. Cloud management platforms that are well integrated into an agency’s multicloud environment can help with training. In hybrid models, “an IT workforce familiar with each agency’s on-premises infrastructure may be receptive to leverage cloud technologies,” according to the GSA blog post.