Hybrid Cloud

Got hybrid? Getting started with hybrid patterns and practices

google cloud header generic

Our solutions team here at Google Cloud is made up of solutions architects who are industry veterans and experts in cloud architecture and applications. Our goal is to help you put Google Cloud Platform (GCP) services together for you to solve your business needs and create the best solution for the infrastructure you’re building.

One topic we work on a lot is hybrid cloud. As we hear from many of our customers, you want to move some of your workloads to the cloud to create a hybrid cloud, with some workloads on-premises and some on GCP. Where do you start? What do you have to think about? What does the topology look like? In this post, we’ll look at some of the solutions that we've published that can help you implement hybrid cloud topologies, starting from the very beginning of setting them up.

Hybrid cloud patterns and best practices
Implementing a cloud architecture that involves workloads that run on-premises, on GCP, and possibly on another cloud provider can be a bit challenging. Let’s start with an overview of the process and what that architecture might look like once you’ve implemented it.

Our Hybrid and Multi-Cloud Patterns and Practices series addresses precisely the types of questions you're probably asking. This series, written by one of our solutions architects, Johannes Passing, distills his decade-plus years of experience with creating cloud-based architectures into solutions.

The series starts by walking through the preliminaries, like articulating what your goals are for using hybrid cloud. You’ll then see some of the options for moving workloads to the cloud, and which approach might best suit your goals. The discussion is copiously illustrated with diagrams that offer a high-level view of what a hybrid solution might look like, such as this one:

gcp hybrid cloud solution diagram.png

At each stage, you’ll see a list of the advantages of the various approaches to hybrid cloud and a concise list of best practices. Everything in the documents is very much rooted in the author’s hands-on experience with designing these types of systems.

Authentication and single sign-on in hybrid cloud
Managing authentication and authorization in a hybrid environment generally means matching your existing, on-premises identity system with how it's done in GCP. For example, you might already run Active Directory on-premises. How can you map your user identities to GCP identities so that your users don't have to sign in separately to your on-premises services and to GCP?

In a three-part series, Federating Google Cloud Platform with Active Directory, Johannes tackles the topic of integrating Active Directory with Cloud Identity using Google Cloud Directory Sync. This series discusses how to deal with various Active Directory topologies (such as single or multi-forest), and how to perform Windows-integrated authentication and single sign-on (SSO) for apps running on GCP.

"Rip and replace" with GKE
There’s another approach to moving systems to the cloud. If you’re modernizing a complex website to a refactored, container-based microservices platform (Google Kubernetes Engine, or GKE) on GCP, check out Migrating a monolithic application to microservices on GCP, from solutions architect and DevOps engineering veteran Théo Chamley and Marco Ferrari.

As an example in this solution, Theo uses an e-commerce site. You’ll see how to perform the migration feature by feature, avoiding the risks of a large-scale, all-at-once migration. During the migration itself, the application has a hybrid architecture, where some features are in the cloud and some are still on-premises. After the migration is finished, the complete application is hosted in the cloud, but it still interacts with back-end services that remain on-premises. In addition to describing the architecture of various steps in this migration, you’ll see how to take advantage of a variety of GCP services as part of the process, including Cloud Interconnect.

Wait, there's more
Several other solutions architects have also been writing about hybrid architectures to share best practices and offer advice. Here are a few to check out:

  • What if you want to communicate between GCP and another cloud without using public IP addresses? Etsuji Nakai's solution Using APIs from an External Network shows how to use a private network on Amazon Virtual Private Cloud (Amazon VPC) to emulate an on-premises private network.

Check out all of our solutions here. And take a look through all the hybrid cloud sessions from Google Cloud Next ’19.