Preface

Enterprises move environments to the cloud. Applications and systems are not migrated to just one cloud platform: enterprises will use a mix of Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS), hosted on different platforms such as AWS, Azure, Google Cloud, and on-premises private clouds. Enterprises are adopting a multi-cloud strategy, leaving the architects and lead engineers with the challenge of how to integrate architectures and manage the enterprise cloud. Architects and engineers will learn how to design, implement, and integrate cloud solutions and set up controls for governance.

After the introduction of the concept of multi-cloud, this book covers all of the topics that architects should consider when designing systems for multi-cloud platforms. That starts with designing connectivity to and between the various platforms and creating the landing zones in Azure, AWS, and GCP.

The book is divided into four main sections, covering the following:

• Operations, including setting up and managing the landing zones that provide the infrastructure for cloud environments
• Financial operations including cost control and license management
• Security operations, covering identity and access management, securing data, security information, and event management
• Continuous delivery and deployment using DevOps, CI/CD pipelines, and new concepts such as AIOps and Site Reliability Engineering

The book contains best practices for the major providers, discusses common pitfalls and how to avoid them, and gives recommendations for methodologies and tools. Of course, a book about multi-cloud could never be complete, but this book will provide you with good guidelines to get started with architecting for multi-cloud.

Who this book is for

This book targets architects and lead engineers who are involved in architecting multi-cloud environments. A basic understanding of cloud platforms such as AWS, Azure, and Google Cloud Platform and overall Cloud Adoption Frameworks is required.

What this book covers

Chapter 1, Introduction to Multi-Cloud, provides the definition of multi-cloud and why companies have a multi-cloud strategy.

Chapter 2, Business Acceleration Using a Multi-Cloud Strategy, discusses how enterprises could accelerate business results by implementing a multi-cloud strategy.

Chapter 3, Getting Connected - Designing Connectivity, explains how to design connectivity to the platforms. All major public cloud platforms have their own connectivity technology such as Azure ExpressRoute, AWS Direct Connect, Google Dedicated Interconnect, VMware NSX, and more. The chapter provides an overview of the connectivity options.

Chapter 4, Service Design for Multi-Cloud, discusses governance in multi-cloud, using the Cloud Adoption Frameworks of cloud providers.

Chapter 5, Managing the Enterprise Cloud Architecture, covers the architecture principles of various domains, such as security, data, and applications. You will learn how to create an enterprise architecture for multi-cloud using The Open Group Architecture Framework (TOGAF).

Chapter 6, Designing, Implementing, and Managing the Landing Zone, describes how to design the landing zones for Azure, AWS, and Google Cloud Platform. You will learn how to define policies to manage the landing zone and get a deeper understanding of handling accounts in landing zones.

Chapter 7, Designing Resilience and Performance, covers solutions for backup, business continuity, and disaster recovery. How do companies increase availability and ensure that data is not lost when an outage occurs and how do they arrange disaster recovery?

Chapter 8, Defining Automation Tools and Processes, covers the principles of automation. You will learn how to design an automation process, starting with storing our source code in a single repository and applying version control to that code.

Chapter 9, Defining and Using Monitoring and Management Tools, discusses monitoring processes and tools, including the native tools that providers offer. The single pane of glass view is introduced.

Chapter 10, Managing Licenses, provides an introduction to financial operations in the cloud by looking at managing licenses, agreements, and the various contract options that cloud providers offer.

Chapter 11, Defining Principles for Resource Provisioning and Consumption, describes how enterprises can plan and deploy resources in Azure, AWS, and Google Cloud. Cost control by setting alerts and thresholds is also discussed.

Chapter 12, Defining Naming Conventions and Tagging, demonstrates how to create consistent naming and tagging conventions. Cost control starts with enabling the clear identification of resources and accountability for those resources.

Chapter 13, Validating and Managing Bills, covers methods to view and analyze costs in the consoles of Azure, AWS, and Google Cloud.

Chapter 14, Defining Security Policies, introduces the security frameworks of cloud providers and overall frameworks such as the Center for Internet Security (CIS) controls. You will learn how to define policies using these frameworks.

Chapter 15, Implementing Identity and Access Management, covers authenticating and authorizing identities. It also provides a good understanding of how to deal with least privileged accounts and the use of eligible accounts. Lastly, federation with Active Directory is discussed.

Chapter 16, Defining Security Policies for Data, describes how to protect data in rest and in transit. All cloud platforms have technologies to encrypt data but differ in the ways they apply encryption and store and handle keys. The chapter covers various technologies.

Chapter 17, Implementing and Integrating Security Monitoring, discusses the function and the need for integrated security monitoring, using SIEM (Security Information and Event Management) and SOAR (Security Orchestration, Automation, and Response).

Chapter 18, Designing and Implementing CI/CD Pipelines, demonstrates how CI/CD pipelines work with push and pull mechanisms and how architects can design pipelines for multi-cloud. Many enterprises have adopted DevOps as a way of working and speeding up the development of applications. In this chapter, we study the principles of DevOps with Continuous Integration and Continuous Deployment.

Chapter 19, Introducing AIOps in Multi-Cloud, introduces the concept of Artificial Intelligence Operations (AIOps) and how enterprises can optimize their cloud environments using AIOps.

Chapter 20, Introducing Site Reliability Engineering in Multi-Cloud, covers the principles of Site Reliability Engineering (SRE), Google's way of doing DevOps. SRE is about the stability of systems and keeping them available to users, even when developers apply changes at high velocity.

To get the most out of this book

It's recommended to have a basic understanding of IT architecture and more specific cloud architecture. Architects are advised to study the foundation of enterprise architecture, using TOGAF - The Open Group Architecture Framework.

Since this book also covers aspects of service management as part of governance, it's also recommended to have knowledge about IT service management (ITSM). Common basic knowledge about cloud patterns in public and private clouds is assumed.

All chapters contain a Further reading section that provides information on more in-depth literature about topics discussed in the chapters.

Download the color images

We also provide a PDF file that has color images of the screenshots/diagrams used in this book. You can download it here: http://www.packtpub.com/sites/default/files/downloads/9781800203198_ColorImages.pdf.

Conventions used

There are a number of text conventions used throughout this book.

Code in text: Indicates code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles. Here is an example: "We can simply start a project with the command gcloud config set project followed by the name or ID of the project itself: gcloud config set project [Project ID]."

A block of code is set as follows:

{ "labels": {    "environment": "development",  .  } }

Any command-line input or output is written as follows:

gcloud organizations get-iam-policy ORGANIZATION_ID

gcloud resource-manager folders get-iam-policy FOLDER_ID

gcloud projects get-iam-policy PROJECT_ID

Bold: Indicates a new term, an important word, or words that you see onscreen. For...