3 min read azure

Observability & Security For Hybrid And Multi-Cloud

Observability & Security For Hybrid And Multi-Cloud

Everything starts at the network. Whether you're on-prem, in the cloud, or running a hybrid environment, engineers cannot perform any action at the system or application layer without proper networking. Whether your applications are in Kubernetes or in a Virtual Machine (VM), packets need to flow from one destination to another.

In this blog post, you'll learn about one method of ensuring proper observability and security with Infoblox.

Proper Observability For Hybrid Environments

Engineering has gone through various forms of transition. At first, everything was on-prem and in a data center (or a coat closet) in some location. Fast forwarding a few years, workloads began to get deployed in something called "the cloud". Once companies got used to the cloud and were comfortable deploying workloads there, they started to deploy workloads both on-prem and in the cloud. With proper hybrid solutions like Azure Local and AWS Outposts, engineers could then configure these systems and applications to communicate with each other. For example, Azure Local allows you to deploy Azure Kubernetes Service (AKS) clusters in your on-prem environment, but manage it via the Azure portal.

Because of this transition to the cloud, back on-prem, and then implementing a combination of both with hybrid cloud, there was a realization that data is flowing quite literally all over the world, but more importantly, those packets flowing had a combination of responsibility from the engineer's and the cloud providers. With that responsibility comes another level of observability.

Organizations and engineers implementing hybrid cloud and multi-cloud must understand packet flow from data centers to the cloud and back to the data center along with the packets flowing between services.

With hybrid and multi-cloud, that level of understanding and observability has become much more difficult. Enter Infoblox.

Infoblox Summary Breakdown

When implementing a tool like Infoblox, you have the ability to see end-to-end observability between on-prem and the cloud.

đź’ˇ
Infoblox isn't just for hybrid-cloud. The platform also allows you to get obsersability data if you're using just one cloud and see the observability data across virtual networks and virtual machines along with general network observability outside of the cloud.

The goal is to not only understand what's happening within your environment but to have actionable insights. Observability is all about "doing something" with the data you retrieve, which is the most important piece, whereas monitoring is all about seeing the data in real time. Infoblox allows you to do both.

A few key aspects of Infoblox are:

  1. Remove manual steps tied to DNS provisioning.
  2. Ensure complete visibility for VMs with a consolidated view into your cloud environment, virtualized/on-prem, and physical resources (like your servers running hybrid environments).
  3. Control and scale your networking for cloud and multi-cloud.

Cloud Observability Implementation

Now that you know a bit about why you should care about cloud observability for hybrid and multi-cloud environments along with some background on Infoblox, let's dive into what an implementation looks like.

đź’ˇ
A huge part of Infoblox (I believe it's where they originally got started) is DNS observability and security. Although DNS is "in the background" nowadays, it's arguably the most important piece of networking. You can't do much of anything without name resolution.

One big goal during the implementation process is to ensure that engineers from multiple teams can communicate properly. For example, DNS implementation on Azure will be different than DNS implementation on AWS (and as we all know, each cloud has a name for services that are all the same). With Infoblox, all of the DNS traffic is brought through one funnel vs having to go to different locations, which helps communication.

The way that this is done is via the Infoblox management portal, which is a fully SaaS-based environment.

đź’ˇ
There is an on-prem piece, but it's for the data plane to collect network traffic from servers in a data center. The management portal is always SaaS-based.

Within the management portal, you can manage everything from A records to CNAME's and the other common DNS entries. If you're in a hybrid and/or multi-cloud environment, this makes a lot of sense because engineers are constantly changing DNS records across clouds which can cause confusion and conflicts in large environments.

Moving on from DNS management is IP Address Management (IPAM). IPAM is all about monitoring, tracking, and planning out what IP addresses are available for systems/devices that need an IP address.

Within Infoblox, you can create the full configuration (programmatically with something like Terraform) to perform:

  1. DNS creation
  2. IPAM
  3. VPC and vNet configs within any cloud

All without having to guess what the end result configuration will look like and ensuring zero (or close to zero) conflicts.

Outside of the general DNS and IPAM management, there is universal asset insights. You can pull asset information that has some sort of network traffic traversing through them, whether it's an asset with a specific IP address or something like an S3 bucket. Within asset management, you can see what IP addresses are assigned to which asset (load balancer, VM, etc.). This allows you to properly manage network devices and traffic via ingress or egress to/from the devices.

Michael Levan

Michael Levan