Community Blog Cloud-Native Encountering Hybrid Cloud: How to Balance between Change and Stability

Cloud-Native Encountering Hybrid Cloud: How to Balance between Change and Stability

This article discusses the benefits of hybrid cloud and multi-cluster architectures.

By Hao Shuwei

Flexera's 2021 State of the Cloud Report pointed out that 92% of large enterprises adopt hybrid cloud strategies. Gartner also said in a report that 90% of large and medium-sized enterprises will use hybrid cloud architecture to manage infrastructure in the future.

Over the years, the rapid development and launching of cloud computing technology have caused more enterprises to use cloud computing to digitalize their businesses to better adapt to market changes and obtain more market share. A large number of enterprises deploy their businesses on the cloud in the hope of reducing the costs of technology development and O&M and enjoying instant services anytime and anywhere. Some enterprises build private cloud platforms in their internal data center environments to ensure data sovereignty and security. Enterprises with needs for public and private clouds can build hybrid cloud architecture.


Why Do We Need Hybrid Cloud Architecture?

…For Business Security

Risks may occur if enterprises, especially large ones, entrust the key lifeline businesses to an external cloud service provider. Public cloud service providers usually provide secure and reliable redundancy solutions to ensure the service continuity of enterprises, but unexpected events occur occasionally. Hybrid cloud enables enterprise users to select and switch between solutions A and B, maximizing their business stability.

…To Meet Regulatory Requirements in Data Sovereignty, Security, and Privacy

Some laws and regulations or the security policies of companies have mandatory requirements for the location where enterprises store their data. For example, the General Data Protection Regulation (GDRP) of the European Union exerts digital regulatory measures on data controllers and processors. Some corporate policies require that data can only reside in designated locations to ensure data privacy and security. Hybrid cloud architecture can help enterprise users meet this kind of demand.

…To Enjoy the Service Advantages of Cloud Service Providers

The quality of service provided by the local cloud and public cloud service providers differ. These differences are reflected in all aspects, depending on the needs and considerations of the users. Let's take the difference in regional coverage as an example. Enterprise users usually provide services in the local cloud. However, if the service provided by a cloud service provider has lower access latency in a specific region, the enterprise user has important customers in this region, and high requirements for access latency is needed. They can deploy their services in this region in the public cloud and other services in the local cloud.

…For Cost-Effectiveness

The local cloud lacks flexible scaling capabilities in infrastructure and cannot reasonably arrange basic computing resources according to needs during peak and trough periods. This increases resource waste and cost. The public cloud offers flexible and agile services and supports on-demand scaling, making up for the disadvantage of the local cloud.

…To Follow Technological Innovation

Cloud service providers can provide corresponding cloud services for the innovation and evolution of cutting-edge technologies, such as artificial intelligence, machine learning, and the Internet of Things. Enterprise users can use these cloud services at a lower cost to promote technological innovation and development. Hybrid cloud architecture allows enterprises to adopt the best cloud services anytime and anywhere.

How Cloud-Native Helps the Evolution of Hybrid Cloud Architecture

The public cloud and the local cloud are different in infrastructures, capabilities, and API interfaces. Building hybrid cloud architecture requires cloud service providers to work hard to adapt to and integrate with cloud platforms. Besides, users cannot switch cloud service providers based on their demands in this architecture, which is another form of binding. Various shortcomings of traditional hybrid clouds have prevented this cloud architecture from forming a standardized ecosystem. This also explains why we have been unable to build unified management and delivery for this cloud architecture.

The emergence of Kubernetes marks the 2.0 era of hybrid cloud architecture. Multiple features of Kubernetes and the associated ecosystem provide the possibility for the standardization of hybrid clouds:

  • Cloud-native technologies represented by Kubernetes shield the differences in infrastructure. Various cloud service providers and data centers have implemented these technologies, making it possible to define applications once and deploy them everywhere.
  • The standardized and declarative API operations of Kubernetes simplify the deployment of applications and make application delivery more standardized and unified. Kubernetes also supports describing and orchestrating applications in the same way in different clouds.
  • The mesh service technology enables you to realize traffic management and service governance in a unified manner across Kubernetes clusters. This way, the application services in the hybrid cloud architecture are integrated into one control plane for management.

In the cloud-native era, cloud-native technologies represented by Kubernetes have driven the advent of application-centric hybrid cloud architectures. Kubernetes has become the base of multi-cluster management for enterprises.

Typical Scenarios for Cloud-Native Multi-Cluster Hybrid Cloud

Active Geo-Redundancy – Cross-Region Disaster Recovery

Users can build business architecture with high availability at a low cost from the dimensions of infrastructure services and the Kubernetes container platform. However, businesses that require higher disaster recovery capabilities need regional disaster recovery capabilities such as active geo-redundancy.

Users can build multiple clusters in different regions of a single cloud service provider or build multiple clusters in different regions of offline IDCs and online cloud vendors to deploy the active geo-redundancy of business applications. The following figure shows the Active-Active deployment of container clusters in IDC and on the public cloud in a hybrid cloud scenario. In the active geo-redundancy architecture, the business load of an application is deployed on multiple clusters at the same time. A global DNS service is used to forward the requests to the corresponding backend clusters. If one of the clusters fails and cannot process requests, the DNS service automatically processes and forwards requests only to healthy clusters.


Low Latency – Nearest Access

Service visitors are widely distributed for enterprise users that develop international businesses. Poor network experiences in other regions may be brought about if the server is deployed in a specific region.

In this scenario, you can deploy clusters in multiple regions and forward user requests to the nearest cluster using intelligent DNS. Thus, network latency is minimized. For example, in the following figure, an application service is deployed in Kubernetes clusters in Beijing, Chengdu, and Hong Kong. User requests from the North China regions are parsed and forwarded to the Kubernetes cluster in Beijing, users from the Southwest China regions go to the Kubernetes cluster in Chengdu, and users from overseas go to the Kubernetes cluster in Hong Kong. This minimizes network latency caused by distance and brings consistent service experiences to users in different regions.


Lower Blast Radius

Typically, faults can be isolated easier in multiple small-scale clusters rather than in one large-scale cluster. Clusters may be unable to process requests due to disk and network faults. You can confine and isolate faults in a certain cluster to avoid chain reactions by using multiple clusters.

Business Isolation

Isolation is usually needed for different businesses. Kubernetes provides the namespace mechanism to realize security isolation, but the isolation is the only logical soft isolation. Different namespaces can still communicate with each other on the network and compete for resources. Further configurations on network isolation policies and resource limits are required.

You can physically implement complete business isolation by deploying different businesses in different Kubernetes clusters. The security and reliability of such deployment is higher than the isolation using namespaces. For example, you can deploy independent clusters for different departments in an enterprise and use multiple clusters to deploy development, test, and production environments separately.


Migration to the cloud is the trend of the times. However, enterprises may use hybrid cloud architecture to ensure control over data and data security. Some enterprises use hybrid cloud and multi-cluster architectures to ensure data sovereignty, reduce costs, and increase regional coverage. Hybrid cloud and multi-cluster architectures have become the new normal for enterprises to migrate to the cloud.

About the Author

Hao Shuwei, Technical Expert of Alibaba Cloud Container Service and a core member of the Cloud-Native Distributed Cloud Team, focuses on the research of cloud-native technologies, such as unified management and scheduling in cloud-native multi-cluster scenarios, hybrid clusters, and application delivery and migration.

Click this link to learn about the User Guide for Hybrid Cloud Clusters of Alibaba Cloud Container Service for Kubernetes (ACK)

0 0 0
Share on

You may also like