Cisco Blogs

Cisco Blog > Enterprise Networks

Why Hybrid Clouds Look Like my Grandma’s Network?

Do you think hybrid clouds look like your granny’s network too? Well, that may be extreme, but there is no doubt that hybrid clouds are networked in ways we saw things connected a decade back. Consider a recent example I came across while discussing cloud adoption at a large global enterprise headquartered in the US. Their Asia office wanted to deploy a regional application for local use. It was impractical to deploy it at one of the two large data centers in the US since user experience would be sub-optimal due to latency issues. Hence they chose a local cloud provider to host the application. Sort of a hybrid cloud situation. So what? Well, the only way to network the regional cloud to meet corporate security policy was to set up a point-to-point secure connection from the data center, and have the traffic go through the data center. What? Isn’t this worse than hosting the app in the data center itself? Precisely. That’s why the local business leaders trumped the IT dictate and chose to go directly to the regional cloud to preserve user experience. Unfortunately with existing constraints, enterprises can’t enjoy the benefits of public clouds without sacrificing security, or user experience, or both!

That got me thinking. Why couldn’t a public cloud behave like an integral part of the enterprise network? And users get direct access to the applications, whether they were hosted in the data center or the cloud? The answer lies in the way you design your network. While setting up a traditional data center, enterprises control networking assets and deploy full mesh network topologies, so any remote site can talk to the data center or to another remote site. However, when the same enterprise starts leveraging clouds to extend the enterprise IT infrastructure, they network it by creating a fat, point-to-point secure connection from the data center to the cloud and have the traffic flow through the data center. This is how point-to-point networks were set up a decade back. While this keeps IT life simple, it sacrifices user experience for remote locations and also wastes expensive bandwidth from going back and forth from the user to the data center to the cloud.

What’s the answer? Think of the cloud as another node in your overall network. Especially, when you know there won’t be a single cloud, but many. Using our Asia office example, there are good reasons to use public clouds for some use cases, and hybrid clouds for others. This becomes even more complex with mergers and acquisitions, when a multitude of cloud infrastructures have to be meshed together. How long will we keep these clouds tethered to the data center?

Isn’t this networking 101? Set up networks in the cloud as if you are setting up a remote site. Deploy the same full mesh routing and VPN technologies that you use today. Insist on your cloud provider supporting a full range of networking and routing protocols to truly extend your enterprise infrastructure in the cloud. You can achieve this by deploying physical devices like today, or virtual devices where you don’t control physical assets. But the key is consistency of networking throughout the enterprise and not leaving the clouds with antiquated networking.

A paradox? But isn’t this how we are setting up clouds today? I’m interested in your thoughts on this subject.

More information on Cisco cloud solutions here.

Tags: , , , , , , , , ,

In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.


  1. It's so simple really but until people really get the idea that you can do what you want in the cloud it's going to be a slow process, as you say demand the services you need to make the cloud work for you, not the other way round.
  2. Hi Rahul Very insightful article. I have one query though, When we attach or consider public cloud as a node then we are relying on the security measures implemented by cloud provider. So a very accurate security audit of the service provider is needed. Am I correct?
    • You are right. And therein lies the problem. Public Cloud providers do not offer enterprise class networking or security capabilities today. There are two potential solutions: (a) Control web access and protect against malware by transparently intercepting public cloud bound traffic via innovative security solutions like Cisco Scansafe. This solution works in conjunction with Cisco Integrated Services Routers (ISR G2) and provides cloud based web security for both outbound and inbound traffic from the branch to the cloud on public internet. See: (b) Allow for enterprise class networking solutions to be hosted as VMs in Enterprise Virtual Private Cloud (VPC) areas of public clouds . For example, Cisco provides its Nexus 1000v switch for VMware environments. More of the same approach is needed for public clouds to be ready for enterprise requirements. I guess industry will move in this direction and Cisco will be in the forefront.