Learning Library

← Back to Library

Hybrid Cloud Connectivity Deep Dive

13mUnknown Channeldevopsdeep-diveintermediateWatch on YouTube ↗

Key Points

  • Savannah, an IBM developer advocate, opens the hybrid‑cloud architecture series by emphasizing that establishing solid connectivity between private and public clouds is the foundational step for any hybrid‑cloud strategy.
  • The video outlines three key connectivity topics: (1) basic methods for linking private and public cloud environments, (2) using a service mesh to unify communication among microservices, and (3) leveraging integration tools to simplify connections to internal and third‑party services.
  • A “stock trader” sample app is used to illustrate the architecture: a consumer (mobile/web) contacts a private‑cloud endpoint, which routes traffic into a Kubernetes cluster hosting the Trader service that creates portfolios.
  • The Portfolio service calls out to public‑cloud APIs (via a “get” service) to fetch real‑time stock prices and uses an egress setup for external API access, while an MQ service in the same cluster communicates with the public cloud to manage loyalty‑level data for users.
  • By walking through this end‑to‑end flow, the presentation sets the stage for deeper discussions on service mesh capabilities and integration solutions in subsequent parts of the series.

Sections

Full Transcript

# Hybrid Cloud Connectivity Deep Dive **Source:** [https://www.youtube.com/watch?v=Fp2In_la9DE](https://www.youtube.com/watch?v=Fp2In_la9DE) **Duration:** 00:13:20 ## Summary - Savannah, an IBM developer advocate, opens the hybrid‑cloud architecture series by emphasizing that establishing solid connectivity between private and public clouds is the foundational step for any hybrid‑cloud strategy. - The video outlines three key connectivity topics: (1) basic methods for linking private and public cloud environments, (2) using a service mesh to unify communication among microservices, and (3) leveraging integration tools to simplify connections to internal and third‑party services. - A “stock trader” sample app is used to illustrate the architecture: a consumer (mobile/web) contacts a private‑cloud endpoint, which routes traffic into a Kubernetes cluster hosting the Trader service that creates portfolios. - The Portfolio service calls out to public‑cloud APIs (via a “get” service) to fetch real‑time stock prices and uses an egress setup for external API access, while an MQ service in the same cluster communicates with the public cloud to manage loyalty‑level data for users. - By walking through this end‑to‑end flow, the presentation sets the stage for deeper discussions on service mesh capabilities and integration solutions in subsequent parts of the series. ## Sections - [00:00:00](https://www.youtube.com/watch?v=Fp2In_la9DE&t=0s) **Hybrid Cloud Connectivity Deep Dive** - Savannah introduces the first part of IBM’s hybrid cloud series, covering how to connect private and public clouds, service mesh basics, and integration tools using a stock‑trader sample app. ## Full Transcript
0:00hi everyone my name is Savannah and I'm 0:02a developer advocate with IBM today 0:05I want to start with the first part of 0:07the hybrid cloud architecture series 0:08with a deep dive into connectivity 0:11connectivity is an important concern 0:13when you're starting with your hybrid 0:15cloud strategy and that's why I want to 0:17start with it first by establishing 0:19connectivity we can then start thinking 0:21about other requirements and then move 0:23on to the other parts of the series 0:24there's three major parts about 0:27connectivity that won't that I want to 0:28hit with this video starting with very 0:31simply how do you actually connect 0:32private and public cloud environments 0:34next I'll be moving on to the service 0:37mesh essentially enabling your 0:39applications and micro services to work 0:41with one another as one singular mesh 0:44and then we'll close it off by talking 0:45about some integration tools that we 0:47have available to make it easier to 0:49connect up your services and third-party 0:52services and that kind of thing to 0:54better explain and set the set the stage 0:57for the rest of the topics I want to 1:00introduce a stock trader sample 1:02application that will be kind of 1:04revisiting with this architecture so 1:07let's get started over here we have a 1:10consumer application whether it's a 1:11mobile app a web browser whatever it 1:14might be 1:14and whenever user accesses the stock 1:17trader application they'll be hitting 1:19the private cloud endpoint at this point 1:23they'll be fed into the kubernetes 1:25cluster that we have here and within 1:29this kubernetes cluster we have a number 1:30of services the first service that 1:33they're going to hit is the the trader 1:36so this will be the end of the 1:40application so there'll be kind of an 1:43exposure from the trader to the outside 1:46of that cluster the trader in turn goes 1:49in creates portfolios so this 1:52essentially is the the reason why people 1:56use stock trader is to create these 1:58portfolios to manage their investments 2:00and their and their trades and that kind 2:02of thing this portfolios app then in 2:05turn has a couple of services that it 2:07takes advantage of which it actually 2:09pulls from the public cloud one it 2:12actually needs to get the 2:13price of a stock and to do that we have 2:16a service in the public cloud which 2:18we'll call get which actually goes off 2:23to the investors exchange API to access 2:27the the current stock price so it'll 2:31take advantage of that and then to kind 2:33of feed that data back we have a egress 2:36setup so external API request that 2:40allows the portfolio app to work 2:42directly with the service that we have 2:45in the public cloud another service that 2:48we have that backs is a stock trader 2:50application is the mq service which is 2:54essentially a message queuing capability 2:56and we're going to be using that to keep 2:58track of the loyalty levels that a user 3:01has when working with their portfolios 3:03so various Commission's would be changed 3:06based on how long that they've kept a 3:07particular stock within their portfolio 3:10and the same thing here so in addition 3:12to portfolios working with the public 3:14cloud the mq service is also going to be 3:17accessing the public cloud however the 3:19mq service isn't concerned with getting 3:22stock prices instead it wants to notify 3:25users whenever there's a change in their 3:28loyalty or in their in their portfolio 3:31and to do that we're actually going to 3:33take advantage of several as 3:35capabilities using cloud functions which 3:38in turn will go and send a message to 3:41the user using a slack integration so 3:45this kind of sets the stage for the 3:47various parts that we have within the 3:49stock trader application and actually 3:51before I forget there's one more piece 3:53to actually persist the data for the 3:55portfolio's we have a dedicated database 3:58service that's hosted in the private 4:01cloud outside of the cluster that the 4:04portfolio's application will be using to 4:05persist the data this kind of sets the 4:08stage for us to jump into the very first 4:10piece that I want to talk about which is 4:12connect so although we've laid out the 4:15architecture here we haven't really 4:17talked about how these applications are 4:21able to work with the public cloud 4:22services although you know generally a 4:25private cloud is going to be behind a 4:26firewall 4:27it's going to be in a restricted network 4:29there's one very easy way to expose 4:31services from private cloud to a public 4:34cloud and that is by taking advantage of 4:36a VPN tunnel and that's one of the 4:40easiest ways to get started an IPSec VPN 4:42tunnel essentially exposes a subnet of 4:45IPs 4:46that can be exposed from the private 4:48cloud and public cloud enabling those 4:50connections to happen so we'll create 4:52that VPN tunnel between the two 4:56environments and one key thing to note 4:59here is that this is all happening over 5:01public internet so this has some caveats 5:06although it was very easy to setup the 5:09problem is that when you're working over 5:10the public Internet you're kind of you 5:13can be kind of affected by variability 5:16in the amount of time a request takes to 5:18travel between the private and public 5:20cloud 5:21in addition VPN you know you're not 5:24gonna get the best bandwidth 5:25capabilities out there because you're 5:28going over the public Internet flows so 5:30there's an alternative to VPNs and 5:32that's taken advantage of direct link 5:34capabilities to create entirely private 5:37connections between your private and 5:38public cloud this is made possible by 5:40taking advantage of apop which is a 5:44point of presence generally provided by 5:47a public cloud and enables completely 5:50private connections to that private 5:52cloud and this kind of always exists to 5:57enable your existing architecture to fit 6:00into this you will need to work with 6:02your network service provider and create 6:05a direct connection for all connections 6:08coming out of your private cloud maybe 6:10you have a whene wide area network to 6:13make sure that all of these connections 6:15flow privately in this way you never 6:20actually actually take advantage of 6:22you're never actually using the internet 6:24for this connection it's all private and 6:26in addition the big advantage of that is 6:29you get much higher bandwidth 6:30capabilities there is one thing though I 6:33want to mention once you have a direct 6:35link like this setup it's also possible 6:37to have a failover which in case that 6:40this doesn't work it'll 6:41kind of fall back and use the VPN over 6:43Internet and by using those two in 6:45conjunction I'd say that's probably the 6:47best way to connect up your networks 6:49from a private and public cloud 6:50environment next I want to talk about 6:53the service mesh there's a great project 6:57out there that you might be familiar 6:58with it's completely open-source it's 7:01called Sto it was created by a number of 7:04industry leaders like Google IBM lifts 7:07and a number of other leaders out there 7:09and you know when we've noticed here we 7:12had taken advantage of kubernetes on our 7:14on our private cloud and let's say that 7:17we're also using kubernetes on the 7:19public cloud although we only have one 7:21service in there so far we'll get around 7:23to creating some additional ones later 7:25on so what we have is two different 7:29clusters in different environments we 7:31want to make sure that they get managed 7:33in an easy way so that your operations 7:36teams don't have to concern themselves 7:37with working with multiple environments 7:39multiple clusters which can lead to you 7:42know an increased kind of load and and 7:45it can be quite difficult to manage so a 7:47service mesh essentially in generally in 7:50the context of is do you manage the 7:52services within a single cluster but 7:55there's been new developments in STL 7:56that allow you to connect up multiple 7:58clusters together and have the services 8:00behave as one singular cluster one mesh 8:04across multiple environments to better 8:06kind of explain this let's let's say 8:10that stock trader wants to create a new 8:12version of trader 8:14so we've got v1 here and we want to make 8:17v2 and this time we want to host it on 8:19the public cloud let's say because we 8:21want to have the front end of the 8:23application geographically closer to 8:25wherever most of our customers are so 8:27we'll create another trader application 8:31and this one is going to be v2 let's say 8:37that you know all this traffic coming 8:39right now so a hundred percent of 8:40traffic flowing into the application is 8:43flowing in here with Sto what we're 8:45going to essentially set up is a gateway 8:48right here and this gateway has a number 8:53of policies that 8:54are kind of enabled and set up by a 8:57control plane so we got here 9:00make a misty Oh control plane so we've 9:11got sto here and that's essentially 9:12enabling us to create policies for this 9:14ingress gateway so essentially all 9:16requests that are flowing in and now 9:18let's say that we want 50% of traffic to 9:23flow through to v1 and then we want 50% 9:26of traffic to flow to v2 very simply 9:29once we have the service mesh set up all 9:31we have to do is create a policy in sto 9:33that tells the Gateway to route the 9:35other traffic and that will actually go 9:37ahead and take advantage of the VPN or 9:40the direct link connection we have to 9:43move 50% of all traffic to this version 9:47of the trader application so you know 9:50very simply taken advantage of sto our 9:52existing connection policies as well as 9:54a control plane we're able to create a 9:56policy that allows us to route a certain 9:58percentage traffic to the new version of 10:00the application this is very useful when 10:03you start thinking about creating new 10:04versions of your app and rolling them 10:07out to your users the last thing I want 10:10to mention along with a steal you also 10:12get a number of awesome analytics and 10:14metrics tracing management capabilities 10:17so all of those health management 10:19capabilities that sto offers they're not 10:22limited to the cluster itself they will 10:24actually manage requests that flow 10:25between all of your services that your 10:28STL mesh is connected to essentially 10:31this gives your operations point 10:32operations team a single point of 10:34management for all of your services 10:36across your environments and the last 10:39thing I want to touch on is integration 10:42so there's a lot of things out there 10:44that are repeated quite often that means 10:46customers are kind of constantly doing 10:49these things so iBM has created a suite 10:51of tools to make integration with those 10:53services easier for example let's 10:56imagine that you have a set of user data 10:58that's stored in Salesforce and you've 11:02already taken advantage of this data 11:03this account data and your on-prem 11:06private cloud applique 11:08but you want to start reusing those 11:10capabilities in the public cloud so in 11:13the public cloud maybe there's certain 11:15network or network challenges that that 11:17change how its implemented you can take 11:20advantage of these integration tools to 11:21very quickly move that data between 11:24Salesforce and your public cloud micro 11:26service applications take an advantage 11:28of some of these tools this is made 11:30possible through connectors that you 11:32know not only connect up Salesforce but 11:34a lot of other services out there things 11:36that we notice that our customers are 11:38doing quite often another integration 11:42tool I want to talk about is an API 11:44gateway and we're noticing more and more 11:46that this is something that really is 11:49something that's really important to the 11:51overall hybrid cloud architecture 11:52especially when you're working with 11:54third-party services so here we actually 11:57have a number of them with Salesforce 11:59slack and the investors exchange let's 12:02say that one of our engineers has a bug 12:04that accidentally hits the investors 12:07exchange way too many times and they're 12:09throttling us which ends up bogging down 12:12the whole system to prevent that from 12:14happening or just to be more secure 12:16about how we're accessing third-party 12:18services what we can do is create a 12:20gateway that essentially sits in between 12:22the public cloud and those third-party 12:24services and allows you to do things 12:26like manage rate limits create 12:31authentication since like oh ah there 12:33maybe even basic keys to really restrict 12:37how your public cloud services as well 12:40as users are accessing those third-party 12:42services so we've noticed that API 12:44gateways in addition to those suite of 12:46tools that I mentioned are a core part 12:48of connecting up your your cloud 12:51services to third-party services and as 12:53well as kind of some of the things that 12:55you have going in your private cloud I'd 12:59say that these three topics are the main 13:01things you want to think about when 13:02figuring out connectivity with your 13:04hybrid cloud architecture as always 13:06we're checking comments for feedback or 13:07ideas for new videos so feel free to 13:10drop a comment below and definitely 13:12subscribe because the next part of this 13:13series would be talking about strategies 13:15to modernize legacy applications thank 13:18you