Hybrid IT Infrastructure

Introduction to Hybrid IT Infrastructure


When people think of infrastructure, they generally think about the basic facilities that serve the country such as roads bridges water systems electrical grids, etc. Without a well developed and managed infrastructure a modern society cannot operate. Even the Roman Empire understood the criticality of building a robust well-managed infrastructure. There is evidence of their roads and water systems still in operation in Europe today.

IT infrastructure has now moved into the role of being a critical facility for any modern society. Without a well-managed IT infrastructure, a modern society cannot operate. Commerce cannot happen, communication cannot be facilitated, and services cannot be delivered.

There are significant challenges to delivering a Hybrid IT infrastructure. The first and foremost is security. One global Corporation stated that they need to deal with 23 billion security events monthly and employ 5000 security professionals[i].  It is estimated that cybercrime will generate a profit of $1.5 trillion in 2018[ii]

To further complicate the challenge, IT infrastructure is no longer delivered from individual data centers but is now a combination of services offered from cloud providers and traditional data centers. Furthermore, IT infrastructure is no longer controlled by operations personnel who follow strict ITIL disciplines, it can now be provisioned directly by software developers using infrastructure as code.

Traditionally, IT/Engineering has always been responsible for the deployment of services to meet the needs (both in functionality and in scalability) of the business. In most cases, requests for infrastructure came from groups within IT/Engineering who acted as a representative of the business units who needed the services. These sanitized requests would feed into long-term planning strategies, allowing IT/Engineering to make strategic investments in a handful of technologies.

Today, designing a solution’s infrastructure is more involved. From a feature perspective, toolsets from cloud providers offer similar outcomes with subtle differences. Many of the public cloud provider offerings are built on top of existing open source software, further increasing the delivery options. This toolbox approach allows citizen integrators to solve the same problem in many different ways, balancing the tradeoffs as they see fit. The challenge for IT/Engineering is how to enable similar services from different providers while providing a unified/familiar management and control plane. All this, of course, needs to be handled at cloud speed.

From a scalability perspective, cloud providers allow IT to now better match provisioned resources to business demand curves. Choice in the marketplace allows for distributed computing deployments that enable IT to take advantage of unique platform benefits and/or cost benefits as required. Managing how and where resources are deployed is paramount to ensuring appropriate business services are implemented at the best price possible.

As the Hybrid DevOps section discussed, delivering Hybrid Infrastructure solutions has also changed. With a change in focus from stability to agility, new tools and techniques have emerged that increase coordination within IT/Engineering teams and increased the speed at which deployments can be made. The end goal from a delivery perspective is to provide a unified toolkit/platform that citizen integrators can use to create desired cloud services that are controlled/secured/scaled appropriately.

These changes have demanded a significant difference in the way that a Hybrid IT infrastructure is managed and provisioned.  The following graphic outlines the roles, functions, and OACA domains that describe Hybrid IT Infrastructure.


Fig. 1 Hybrid Infrastructure Roles and Responsibilities

IT/Engineering team’s new roles include

  • Integrated Supply: To integrate multiple IaaS supply into one integrated supply.  IT teams need to integrate services from multiple cloud vendors so that citizen integrators have access to the best tools to solve any given problem.
  • Unified Management: To manage multiple clouds using a unified view across all management functions/portals.
  • Infrastructure As Code: To provision infrastructure using API control from private cloud public cloud and bare metal from a development platform using development-like tools and processes allow for various benefits to infrastructure deployments including activities like policy review and testing.
  • Optimized for value/cost: To meet business demand curves, making use of bursting and cloud cost controls to optimize workload deployments.

Hybrid IT Infrastructure delivers the following functions

  • Single service portal access to all infrastructure services
  • Deploy hybrid infrastructure
  • Centralize Infrastructure template management
  • Deliver burst on capacity overflow capability
  • Optimize infrastructure source to reduce cost
  • Enable container-based infrastructure
  • Enable Storage services including: Elastic Object, storage, Block storage, File storage
  • Enable Private/public cloud drop box services
  • Enable one location for all data across the enterprise using a global file system
  • Enable the ability to sync files across any device, PC, server
  • Enable Data Encryption at rest and in transit

The Hybrid IT Infrastructure maturity is defined in the following OACA domains

  • IaaS (infrastructure as a Service)
  • STaaS (Storage as a service)
  • Network
  • IoT (Internet of Things
  • Mobility

 Hybrid IT Infrastructure challenges

There are many unique challenges in implementing hybrid IT infrastructure in each of the OACA domains listed above.  There are also common challenges such as User Demand, User Delivery, and IT Budget management.

User Demand involves the forecasting of the resources that will be required from the hybrid IT infrastructure model. User Demand needs to be estimated on all infrastructure resources regardless of their source.

User Delivery involves the provisioning of the infrastructure to meet the user’s requests. Often users will not request the infrastructure directly but will request an application stack which in and turn requests infrastructure.

IT Budget Management involves capturing the actual cost of Hybrid Infrastructure.  This had become very difficult because many Business Units are now just buying Infrastructure services from a cloud provider directly and paying for it out of their own budget.

 Historically, IT was focused on the raw components that would make up a solution. This included elements such as networking, storage, and compute. While some infrastructure related to applications were managed by IT (for example, Exchange) the majority of those components were managed/provisioned by development teams.

With cloud providers providing a toolbox of services (and abstracting away the traditional core components such as compute, storage, etc.), IT teams need to push “up the stack” to understand more about the application’s infrastructure demands. This includes services such as

  • Managed web applications
  • Managed service bus
  • Managed data services (SQL, NoSQL, etc.)

Depending on the target cloud platform (IaaS/PaaS/FaaS), the amount that an IT/Engineering team may need to push up the stack will vary. For example, it would not be uncommon in a FaaS deployment for the team to know not only about networking but also about the deployment and security concerns of API keys.

One of the main advantages of using cloud provider-based services is the reduction of the time it takes to provision and de-provision resources. This agility in service delivery allows for the following:

  • More people in the organization can deploy resources
  • Proof-of-concept type approaches are faster to execute

Because cloud users want to move at cloud speed, IT needs to move from a roadblock approach (IT must approve all requests) to a guardrail approach (IT must allow all reasonable demands). A guardrail is automated enforcement of pre-determined rules/policies (auto-configured in all deployments).  Examples of guardrails could include:

  • Security (configuration and usage)
  • Cost
  • Region deployment

Utilizing built-in cloud tools and/or custom management solutions, IT teams must aim to use governance mechanisms to set the boundaries for what citizen integrators can and can’t do. Governance mechanisms should favor those with automated controls and/or automated reporting capabilities.

IT must become an enabler of citizen integration.

 IT/Engineering teams already spend a great deal of time monitoring their production environments. Current goals include:

  • Analyzing long-term trends
  • Comparisons over time
  • Alerting and Dashboards
  • Conducting ad-hoc analysis

The artifacts of these demand management activities are utilized in long-term planning processes. Resources deployed in cloud environments typically have better built-in telemetry options, along with faster resource scaling. This added capability allows of IT/Engineering teams to create complete, granular demand usage models, using them to make real-time scaling decisions.

Cloud provisioning models are API-driven by nature. Because of this, there are a variety of ways IT/Engineering teams can interact with cloud providers to provide the required resources. Infrastructure can now be deployed that is fit-for-purpose and conforms to the exact specifications of a given solution. Furthermore, there is no downside to provisioning infrastructure to support a single application.

However budgets still need to be prepared and IT/Engineering must now predict the aggregate demand of all Hybrid IT infrastructure services, so that an accurate understanding of future IT operating costs can be predicted.

  • Blue/Green Testing

With new deployment methods, IT/Engineering teams need to incorporate more development type processes into how infrastructure is provisioned. For example:

Cloud resources can be deployed, and traffic can be shifted to test new infrastructure deployments with a subset of production traffic.

  • Source code management

Cloud resources can be defined in templating/scripting languages which can be versioned and controlled similarly to application code. In many cases, the infrastructure definitions for a given solution can live alongside the application code and evolve at the same rate.

  • Infrastructure validation / linting

Cloud resources can be defined in templating/scripting languages which allow for the execution of tests and linters against the resulting definitions. (Linting is the process of performing best practice validations)[iii]. Security issues, best practice deviations, and corporate policy violations can be caught before any resources being deployed.

  • Multiple Environments

Templating and scripting can ensure that all environments that host an application (for example development and test environments) are provisioned precisely the same. This allows for appropriate testing at a proper scale.


Fig 2. Hybrid Infrastructure Portal Technical Architecture

Deploying resources in the cloud can be quite involved. The multitude of options leaves the potential for resources to be incorrectly configured leading to issues such as security lapses and cost overruns. While trained cloud professionals can work with the complexities at hand, IT/Engineering teams need to enable citizen integrators to deploy required resources at cloud speed.

A resource provisioning portal would allow citizen integrators to deploy approved/vetted resources to approved cloud providers. This portal would allow for:

  • Rapid deployment of required resources
  • Ensuring resources adhere to security/governance policies
  • Ensuring deployed resources are cost efficient

A virtual IT Budget is the control process for how much infrastructure can be purchased.

Hybrid IT infrastructure has introduced significant budgetary problems for many companies because cloud services can be purchased by anyone on their own budgets. Often cloud services are purchased by individual managers and processed through the expense report system. This leads to the IT budget being very poorly managed and in many cases companies have no idea now how much they’re actually spending on IT.

A significant change is eliminating the ability for individual business units to purchase their own IT services and to require all IT services to be managed by one budget or at least be visible in one budget. Although this would solve the problem, it is doubtful it would be adopted.

An alternative is to manage a virtual budget that consolidates the overall IT spend across a Business but allow Business units to allocate that budget to individual projects as they see fit.  This would at least help the CFO to have visibility of the total IT cost. By providing this centralized view, it is possible to identify waste and where infrastructure is being bought and not used.

The last recommendation is to create infrastructure teams that are responsible for significant infrastructure components such as server team, storage team, networking team, mobile, and desktop team. Most companies have had towers within their infrastructure group which have had responsibility for similar functionalities, we’re suggesting that this not be abandoned but expanded so that the server group is now responsible for all server infrastructure regardless if it’s within the data center or delivered by a cloud provider, the same for storage, and networking

These teams will be first responsible for forecasting the demands on the infrastructure within their area and determine the most cost-effective method to deliver that infrastructure. For example, the server group may estimate the number of servers that need to be purchased for the following year and the additional service on demand that they may buy from cloud suppliers to meet seasonal or event-driven requirements.

By leveraging a central multi-cloud ordering/orchestration portal, they will be able to track and forecast actual demand/use of resources and identify trends.  Based on these trends, they can pre-negotiate better agreements with external providers, leveraging volume based commitments.

The more in-depth analysis enabled by a centralized control system may also help compare the performance of public and private cloud costs, yielding surprising results.


The transformation to a Hybrid IT Infrastructure model requires new skills, new methods, further process steps, and artifacts to be produced by an IT organization.  If done well an organization can rapidly exploit new technologies and bring new capability to the market much faster than their competitors.

For additional information on the OACA cloud Maturity model go to https://www.oaca-project.org/cmm40/

About the Authors:

William  Dupley

 Bill is the Digital Strategist for Liam Associates Inc. Formerly the Cloud Chief Technologist for Hewlett-Packard Enterprise Canada, Bill has provided Hybrid IT and IoT Strategic Planning advisory and planning services to over fifty Private and Public sector clients to help them migrate to a Hybrid IT Cloud Operating model. These transformation plans have helped both government and industry reduce the cost of IT, re-engineer their IT governance models, and reduce the overall complexity of IT. Bill is also a member of the Open Alliance for Cloud Adoption Team and has co-authored several documents on Cloud Maturity and Hybrid IT implementation.

Tom Scott

Tom Scott is currently a Principal Technology Architect at The Walt Disney Company. He is a future-focused technologist with over 30 years of technology innovation and experience. From being awarded a US patent for his work in mobile device news delivery to building innovative workflow solutions for broadcast television to architecting cloud solutions. He is also a member of the OACA Business Transformation Workgroup and has authored and co-authored numerous whitepapers and documents ranging from the published Cloud Maturity Model through Integration and Business Strategy for Cloud Adoption. As a pragmatic technologist Tom consistently implements technology that drives business.

Shamir Charania

Shamir is a co-founder at Keep Secure, a consulting company focused on security, cloud, automation, and devops. Shamir has a varied background spanning application development, infrastructure, cloud, and security. A Microsoft Most Valuable Professional for Azure and an AWS Certified Solutions Architect, Shamir is committed to taking a security-first approach in helping customers use the cloud to achieve their business goals. Shamir is also a member of the Open Alliance for Cloud Adoption and has contributed to various white papers and the CMM.

[i] https://business.financialpost.com/technology/cio/hewlett-packard-co-opens-canadian-security-operations-centre

[ii] https://www.thesslstore.com/blog/2018-cybercrime-statistics/

[iii] . https://jslint.com/ https://www.pylint.org/

Leave a Reply