book

Multi-Cloud Strategy for Cloud Architects - Second Edition

Name: Multi-Cloud Strategy for Cloud Architects - Second Edition
Author: Jeroen Mulder
ISBN: 9781804616734

by Jeroen Mulder

April 2023

Intermediate to advanced

470 pages

12h 51m

English

Packt Publishing

Read now

Unlock full access

Preface
Who this book is forWhat this book coversTo get the most out of this bookGet in touch
Introduction to Multi-Cloud
Understanding multi-cloud conceptsMulti-cloud—more than just public and privateIntroducing the main players in the fieldPublic cloudsPrivate cloudsVMwareOpenStackAWS OutpostsGoogle AnthosAzure StackAzure ArcEmerging playersEvaluating cloud service modelsIaaSPaaSSaaSFaaSCaaSXaaSSetting out a real strategy for multi-cloudGathering requirements for multi-cloudUsing TOGAF for requirements managementListening to the Voice of the CustomerDefining architecture using QFD and the HOQUnderstanding the business challenges of multi-cloudSetting the scene for cloud transformationAddressing organizational challengesOrganizing the skills of the architectSummaryQuestionsFurther reading
Collecting Business Requirements
Analyzing the enterprise strategy for the cloudShifting to a subscription-based economyConsidering cloud adoption from enterprise architectureLong-term planningFinancial structureFitting cloud technology to business requirementsBusiness planningFinancial planningUnderstanding the cost of delayMoving to the benefit of opportunityTechnical planningApplying the value streams of IT4ITKeeping track of cloud developments—focusing on the business strategyCreating a comprehensive business roadmapMapping the business roadmap to a cloud-fit strategySummaryQuestionsFurther reading
Starting the Multi-Cloud Journey
Understanding cloud vocabularyPlanning assessmentsExecuting technology mapping and governanceKeeping track of innovationAdopting innovationsDefining roadmaps and business alignmentPlanning transition and transformationStarting the buildSetting up simple connectivitySetting up landing zonesExploring options for transformationFrom monolith to microservicesFrom machines to serverlessContainers and multi-cloud container orchestrationKeeping the infrastructure consistentSummaryQuestions
Service Designs for Multi-Cloud
Introducing the scaffold for multi-cloud environmentsWorking with Well-Architected FrameworksIdentity and Access Management (IAM)SecurityCost managementMonitoringAutomationUnderstanding cloud adoption Stage 1—Defining a business strategy and business caseStage 2—Creating your teamStage 3—AssessmentStage 4—Defining the architectureStage 5—Engaging with cloud providers; getting financial controls in placeStage 6—Building and configuring the landing zoneStage 7—Migrating and transformingTranslating business KPIs into cloud SLAsDefining availabilityComparing service levels between providersUsing cloud adoption frameworks to align between cloud providersUnderstanding identities and roles in the cloudCreating the service design and governance modelRequirementsRAIDService decompositionRoles and responsibilitiesGovernance modelSupport modelProcessesSummaryQuestionsFurther reading
Managing the Enterprise Cloud Architecture
Defining architecture principles for multi-cloudUsing quality attributes in architecture Defining principles from use casesBusiness principlesPrinciples for security and complianceData principlesApplication principlesInfrastructure and technology principlesPrinciples for processesCreating the architecture artifactsCreating a business visionEnterprise architecturePrinciples catalogRequirements catalogHigh-level designLow-level designPlanning transition and transformationChange management and validation as the cornerstoneValidating the architectureSummaryQuestionsFurther reading
Controlling the Foundation Using Well-Architected Frameworks
Understanding BaseOps and the foundational conceptsDefining and implementing the base infrastructure—the landing zoneDefining standards and guardrails for the base infrastructureBuilding the landing zone with Well-Architected and Cloud Adoption principlesEnterprise-scale in AzureBaseOps architecture patternsManaging the base infrastructureImplementing and managing connectivityImplementing Azure ExpressRouteImplementing AWS Direct ConnectImplementing Google Dedicated InterconnectImplementing Alibaba Express ConnectImplementing direct connectivity in OCIAccessing environments in public cloudsDefining and managing infrastructure automation tools and processes Defining and implementing monitoring and management toolsSupporting operationsManaging the landing zones using policiesManaging basic operations in AzureManaging basic operations in AWSManaging basic operations in GCPManaging basic operations in Alibaba CloudManaging basic operations in OCIUnderstanding the need for demarcationSummaryQuestionsFurther reading
Designing Applications for Multi-Cloud
Architecting for resilience and performanceStarting with business requirementsUnderstanding data risksUnderstanding application risksUnderstanding technological risksUsing the principles of the 12-factor app Accelerating application design with PaaSDesigning SaaS solutionsPerformance KPIs in a public cloud—what’s in it for you?Optimizing your multi-cloud environmentOptimizing environments using Azure AdvisorUsing Trusted Advisor for optimization in AWSOptimizing GCP with Cloud Trace and Cloud DebuggerOptimizing in OCIUse case: creating solutions for business continuity and disaster recoveryCreating backups in the Azure cloud with Azure Backup and Site RecoveryBacking up non-Azure systemsUnderstanding Azure Site RecoveryWorking with AWS backup and disaster recoveryCreating policy-based backup plansCreating tag-based backup plansHybrid backup in AWSAWS disaster recovery and cross-region backupCreating backup plans in GCPDisaster recovery planningCreating backups in OCISummaryQuestionsFurther reading
Creating a Foundation for Data Platforms
Choosing the right platform for dataAzure Data Lake and Data FactoryAWS Data Lake and RedshiftGoogle’s data lake and BigLakeAlibaba Cloud LakehouseOracle Big Data ServiceBuilding and sizing a data platformDesigning for interoperability and portabilityOvercoming the challenges of data gravityIntroducing the principles of data meshManaging the foundation for data lakesSummaryQuestionsFurther reading
Creating a Foundation for IoT
Choosing the right platform for IoTAzure IoT HubAWS IoT Core, Edge Manager, and IoT GreengrassGoogle Cloud IoT CoreAlibaba IoT PlatformMonitoring IoT ecosystemsDesigning for connectivity to the cloudConnecting IoT with IPv6, LoRa, and 5GSummaryQuestionsFurther reading

Managing Costs with FinOps
Understanding the principles of FinOpsDefine guidelines for the provisioning of cloud resourcesDeploying resources in Azure using ARMDeploying resources in AWS using CloudFormation and OpsWorksDeploying resources in GCP using Deployment ManagerDeploying to Alibaba using TerraformDeploying resources to Oracle CloudDefine cost policies for provisioning Using the Azure pricing calculatorUsing the AWS calculatorUsing the GCP instance pricing calculatorUnderstanding pricing in Alibaba CloudUsing the cost estimator in Oracle Cloud InfrastructureUnderstanding account hierarchyEnterprise enrolment in AzureOrganizations in AWSOrganizations in GCPAccount hierarchy in other cloudsUnderstanding license agreementsDefine tagging standardsValidate and manage billingUsing cost management and billing in AzureUsing AWS Cost Management for billingUsing billing options in GCPValidating invoicesSummaryQuestionsFurther reading
Maturing FinOps
Setting up a FinOps teamUsing maturity models for FinOpsIntroducing cost-aware design Transformation to managed FinOps in multi-cloudAvoiding pitfalls in FinOps transformationSummaryQuestionsFurther reading
Cost Modeling in the Cloud
Evaluating the types of cloud costsCost coverageCloud ratesAmortized and fully loaded costsBuilding a cost model Working principles of showback and chargebackSummaryQuestionsFurther reading
Implementing DevSecOps
Understanding the need for DevSecOpsStarting with implementing a DevSecOps cultureSetting up CI/CDWorking with CI/CD in multi-cloudExploring tools for CI/CD Azure DevOpsAWS CodePipelineGoogle Cloud BuildCI/CD in Alibaba CloudCI/CD in OCITools for multi-cloud container orchestration and application developmentFollowing the principles of Security by DesignSecuring development and operations using automationSummaryQuestionsFurther Reading
Defining Security Policies
Understanding security policiesUnderstanding security frameworksUnderstanding the dynamics of security and complianceDefining the baseline for security policiesImplementing security policiesImplementing security policies in Microsoft Defender for CloudImplementing security policies in AWS Security HubImplementing security policies in GCP Security Command CenterImplementing security policies in Alibaba CloudImplementing security policies in OCIManaging security policiesManage risks with Cloud Security Posture ManagementSummaryQuestionsFurther reading
Implementing Identity and Access Management
Understanding identity and access managementUsing a central identity store with Active DirectoryDesigning access management across multi-cloudWorking with least-privilege accessExploring Privileged Access Management (PAM)PAM on cloud platformsEnabling account federation in multi-cloudSummaryQuestionsFurther reading
Defining Security Policies for Data
Storing data in multi-cloud conceptsExploring storage technologiesUnderstanding data protection in the cloudUnderstanding data encryptionSecuring access, encryption, and storage keysUsing encryption and keys in AzureUsing encryption and keys in AWSUsing encryption and keys in GCPImplementing encryption in OCI and Alibaba CloudSecuring raw data for big data modeling SummaryQuestionsFurther reading
Implementing and Integrating Security Monitoring
Understanding SIEM and SOARDifferentiating SIEM and SOARInitiating a Security Operations CenterSetting up the requirements for integrated securityImplementing the security modelExploring multi-cloud monitoring suitesSummaryQuestionsFurther reading
Developing for Multi-Cloud with DevOps and DevSecOps
Introducing DevOps and CI/CDGetting started with CI/CDWorking under version controlUsing push and pull principles in CIPushing the code directly to the main branchPushing code to forks of the mainBest practices for working with CI/CDUsing the DevSecOps Maturity ModelManage traceability and auditability Automating security best practices using frameworksSummaryQuestionsFurther reading
Introducing AIOps and GreenOps in Multi-Cloud
Understanding the concept of AIOpsOptimizing cloud environments using AIOpsExploring AIOps tools for multi-cloudIntroducing GreenOpsSummaryQuestionsFurther reading
Conclusion: The Future of Multi-Cloud
The growth and adoption of multi-cloud Understanding the concept of SREWorking with risk analysis in SREApplying monitoring principles in SREApplying principles of SRE to multi-cloud—building and operating distributed systemsSummaryQuestionsFurther reading
Other Books You May Enjoy
Index

Content preview from Multi-Cloud Strategy for Cloud Architects - Second Edition

14 Defining Security Policies

Whatever we do in the cloud needs to be secure. Cloud providers only provide tools. You need to define how to use these tools. In order to determine what these tools should do, you need to think about what type of assets you want to protect and how you need to protect them. There are quite a number of security baselines—for example, the baseline as defined by the Center for Internet Security (CIS), which provides guidelines.

In this chapter, we will learn what a security framework is and why it’s important as a starting point for security policies. We will discover what we need to protect in our cloud environments. Next, we will look at the globally adopted CIS benchmark for Azure, AWS, GCP, Alibaba Cloud, and OCI ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 9781804616734

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

Multi-Cloud Strategy for Cloud Architects - Second Edition

by Jeroen Mulder

14

Defining Security Policies

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.