Book Image

Multi-Cloud Architecture and Governance

By : Jeroen Mulder

Book Image

Multi-Cloud Architecture and Governance

By: Jeroen Mulder

Overview of this book

Multi-cloud has emerged as one of the top cloud computing trends, with businesses wanting to reduce their reliance on only one vendor. But when organizations shift to multiple cloud services without a clear strategy, they may face certain difficulties, in terms of how to stay in control, how to keep all the different components secure, and how to execute the cross-cloud development of applications. This book combines best practices from different cloud adoption frameworks to help you find solutions to these problems. With step-by-step explanations of essential concepts and practical examples, you’ll begin by planning the foundation, creating the architecture, designing the governance model, and implementing tools, processes, and technologies to manage multi-cloud environments. You’ll then discover how to design workload environments using different cloud propositions, understand how to optimize the use of these cloud technologies, and automate and monitor the environments. As you advance, you’ll delve into multi-cloud governance, defining clear demarcation models and management processes. Finally, you’ll learn about managing identities in multi-cloud: who’s doing what, why, when, and where. By the end of this book, you’ll be able to create, implement, and manage multi-cloud architectures with confidence

Preface

Who this book is for

What this book covers

To get the most out of this book

Download the color images

Conventions used

Section 1 – Introduction to Architecture and Governance for Multi-Cloud Environments

Section 1 – Introduction to Architecture and Governance for Multi-Cloud Environments

Free Chapter

Chapter 1: Introduction to Multi-Cloud

Chapter 1: Introduction to Multi-Cloud

Understanding multi-cloud concepts

Multi-cloud – more than just public and private

Setting out a real strategy for multi-cloud

Introducing the main players in the field

Further reading

Chapter 2: Business Acceleration Using a Multi-Cloud Strategy

Chapter 2: Business Acceleration Using a Multi-Cloud Strategy

Analyzing the enterprise strategy for the cloud

Fitting cloud technology to business requirements

Keeping track of cloud developments – focusing on the business strategy

Creating a comprehensive business roadmap

Mapping the business roadmap to the cloud-fit strategy

Further reading

Chapter 3: Getting Connected – Designing Connectivity

Chapter 3: Getting Connected – Designing Connectivity

Connectivity is king – connectivity concepts in multi-cloud

Designing a network topology for multi-cloud – thinking ahead

Understanding network protocols in multi-cloud

Chapter 4: Service Designs for Multi-Cloud

Chapter 4: Service Designs for Multi-Cloud

Introducing the scaffold for multi-cloud environments

Cloud adoption stages

Translating business KPIs into cloud SLAs

Using cloud adoption frameworks to align between cloud providers

Understanding identities and roles in the cloud

Creating the service design and governance model

Further reading

Chapter 5: Managing the Enterprise Cloud Architecture

Chapter 5: Managing the Enterprise Cloud Architecture

Defining architecture principles for multi-cloud

Creating the architecture artifacts

Working under architecture for multi-cloud and avoiding pitfalls

Change management and validation as the cornerstone

Validating the architecture

Further reading

Section 2 – Getting the Basics Right with BaseOps

Section 2 – Getting the Basics Right with BaseOps

Chapter 6: Designing, Implementing, and Managing the Landing Zone

Chapter 6: Designing, Implementing, and Managing the Landing Zone

Understanding BaseOps and the foundational concepts

Creating a multi-cloud landing zone and blueprint

Managing the landing zone using policies

Orchestrating policies for multi-cloud

Global admin galore – the need for demarcation

Further reading

Chapter 7: Designing Resilience and Performance

Chapter 7: Designing Resilience and Performance

Starting with business requirements

Exploring solutions for resiliency in different cloud propositions

Optimizing your multi-cloud environment

Performance KPIs in a public cloud – what's in it for you?

Further reading

Chapter 8: Defining Automation Tools and Processes

Chapter 8: Defining Automation Tools and Processes

Cross-cloud infrastructure automation

Automation processes using a code repository and workflows

Exploring automation tools

Architecting automation for multi-cloud

Further reading

Chapter 9: Defining and Using Monitoring and Management Tools

Chapter 9: Defining and Using Monitoring and Management Tools

Defining monitoring and management processes

Exploring monitoring and management tools

Consolidating and interpreting data from monitoring systems

Discovering the single-pane-of-glass view

Further reading

Section 3 – Cost Control in Multi-Cloud with FinOps

Section 3 – Cost Control in Multi-Cloud with FinOps

Chapter 10: Managing Licenses

Chapter 10: Managing Licenses

Types of license agreements

Software licenses in cloud platforms

Managing licenses and contracts

Using third-party brokers for licenses

Setting up an account hierarchy

Further reading

Chapter 11: Defining Principles for Resource Provisioning and Consumption

Chapter 11: Defining Principles for Resource Provisioning and Consumption

Avoiding Amex Armageddon with unlimited budgets

The provisioning and consumption of resources in public cloud platforms

The provisioning and consumption of resources in on-premises propositions

Setting guidelines and principles for provisioning and consumption

Controlling resource consumption using cost alerts

Further reading

Chapter 12: Defining Naming Conventions and Tagging

Chapter 12: Defining Naming Conventions and Tagging

Creating a naming convention

Creating a tagging convention

Implementing naming and tagging

Managing naming and tagging conventions

Further reading

Chapter 13: Validating and Managing Bills

Chapter 13: Validating and Managing Bills

Exploring billing options and using cost dashboards

Validating invoices

Centralizing billing in multi-cloud

Further reading

Section 4 – Security Control in Multi-Cloud with SecOps

Section 4 – Security Control in Multi-Cloud with SecOps

Chapter 14: Defining Security Policies

Chapter 14: Defining Security Policies

Understanding security policies

Defining the baseline for security policies

Implementing security policies

Managing security policies

Further reading

Chapter 15: Implementing Identity and Access Management

Chapter 15: Implementing Identity and Access Management

Understanding identity and access management

Using a central identity store with Active Directory

Designing access management across multi-cloud

Exploring Privileged Access Management (PAM)

Enabling account federation in multi-cloud

Further reading

Chapter 16: Defining Security Policies for Data

Chapter 16: Defining Security Policies for Data

Storing data in multi-cloud concepts

Understanding data encryption

Securing access, encryption, and storage keys

Securing raw data for big data modeling

Further reading

Chapter 17: Implementing and Integrating Security Monitoring

Chapter 17: Implementing and Integrating Security Monitoring

Understanding SIEM and SOAR

Setting up the requirements for integrated security

Exploring multi-cloud monitoring suites

Further reading

Section 5 – Structured Development on Multi-Cloud Environments with DevOps

Section 5 – Structured Development on Multi-Cloud Environments with DevOps

Chapter 18: Designing and Implementing CI/CD Pipelines

Chapter 18: Designing and Implementing CI/CD Pipelines

Understanding CI/CD and pipelines

Using push and pull principles in CI/CD

Designing the multi-cloud pipeline

Exploring tooling for CI/CD

Further reading

Chapter 19: Introducing AIOps in Multi-Cloud

Chapter 19: Introducing AIOps in Multi-Cloud

Understanding the concept of AIOps

Optimizing cloud environments using AIOps

Exploring AIOps tools for multi-cloud

Further reading

Chapter 20: Introducing Site Reliability Engineering in Multi-Cloud

Chapter 20: Introducing Site Reliability Engineering in Multi-Cloud

Understanding the concept of SRE

Working with risk analysis in SRE

Applying monitoring principles in SRE

Applying principles of SRE to multi-cloud – building and operating distributed systems

Further reading

Assessments

Other Books You May Enjoy

Other Books You May Enjoy

Leave a review - let other readers know what you think

Customer Reviews

5 star

0

4 star

0

3 star

0

2 star

0

1 star

0

Exploring Privileged Access Management (PAM)

In previous sections, the principle of least privilege was introduced: users only get the minimum set of rights to the systems that they are authorized for/require. Least privilege works with non-privileged accounts or least-privileged user accounts (LUA). Typically, there are two types of LUA:

Standard user accounts
Guest user accounts

Both types of accounts are very limited in terms of user rights.

There are situations where these accounts simply aren't sufficient and inhibit people from trying to do their job. The user would then need elevated rights: rights that are temporarily assigned so that the user can continue with their work. An account with such elevated rights is called a privileged account. Examples of privileged accounts are the following:

Domain administrative accounts: Accessing all resources in the domain
AD accounts: Accessing AD with rights to, for example, add or remove identities...