The rise of hybrid clouds

It’s time to stop using VPN for cloud orchestration

JR Rivers
© Shutterstock / optimarc

As you move to the hybrid cloud, you and your team will require better cloud orchestration. In this article, co-founder and CTO of Cumulus Networks, JR Rivers discusses the benefits of structured API layers and secure API calls. See why this is more secure.

The era of hybrid cloud and application support has changed the way we think through cloud orchestration. In the past, organizations built applications as though they lived on premise and behind the firewall.  When they moved those applications to the cloud, they extended the perimeter of the internal network to include the cloud using VPN technologies. This methodology often continued in how companies peered with commercial partners. Consequently, sending secure data back and forth to the cloud has historically been a manual process.

Sophisticated, web-scale companies don’t have the same methodology. When building out applications and even services, they ensure that all interactions occur through an API layer that is structured and secured. This is true of applications that live on premise as well as applications that are distributed globally.

Unsurprisingly, modern companies are following suit. As business are seeing the implications of digital transformation, they are now architecting applications to rely on structured and secure APIs that are agnostic to the underlying networking layers allowing applications to be portable and retain the corporate security boundary — just like web-scalers have been doing for years.

SEE ALSO: Audit API security based on their OpenAPI contract

As we see the rise of hybrid cloud and the need for better, faster connection points, it seems obvious that automating this process will become the new normal for organizations of all sizes and levels of sophistication.

Building infrastructure with purpose using web-scale IT

With the movement of web-scale methodologies, we’ve seen at Cumulus a separation of two types of organizations: There are those that build infrastructure reactively and retroactively  — building out solutions as the business demands them. And then there are those that invest in infrastructure first. They look at infrastructure as a way to build and grow the business, rather than a necessary evil in supporting the business. They build infrastructure with purpose — infrastructure that is designed to be agile, flexible, efficient, and easy to scale. In the latter category, companies are looking at what web-scale companies are building and mimic those approaches. They don’t just build what is easy, but they build what is right for the business long term. We call this infrastructure with purpose.

If you are building infrastructure with purpose, you are doing a tremendous amount of calculation and compute and you have a massive field of application. You also undoubtedly have customers and partners that you need to peer with. When building an infrastructure with purpose, you need to find ways to work with peers securely and efficiently.

As business start to look at infrastructure this way, and as they adopt web-scale methodologies, like automation, disaggregation and hybrid cloud, you will start to see the common use of a secure API call for automated authentication between cloud orchestrations. The structured API layer already offers TLS encryption, and the the secure API call is a way to authenticate the program without having to manually enter a username and password.

The benefits of the structured API layer and secure API calls

With APIs you can build orchestration framework that can interact with various cloud entities or internal entities. You can move workloads on and off the cloud in an automated way — rather than having a person implement one at a time. This builds the framework for hybrid cloud efficiency by enabling the automation for moving things on premise to cloud and vice versa and even in real time.

SEE ALSO: Web scraping with Python – A beginner’s guide

In addition to the benefit of efficiency, users don’t need to rely heavily on documentation (as they would have in the past) because they can call a query in order to gather the appropriate methods. Unlike a legacy unencrypted application layer secured by  a VPN, with a structured and secure API layer, everything is logged, so every call and response is documented automatically. This becomes even more important when you consider the growth of agile network solutions like containers, serverless and cloud-based AI. In those cases, the value is less around starting a new VM, but more about issuing a function to the cloud and the cloud returns a function for you — doing Rest API calls between services.

Automation is nothing new

Although this isn’t yet considered standard practice, you will see a variety of organizations utilizing this methodology today. Large businesses dealing with a tremendous amount of data are the early adopters. A few examples:

  • We see a very simple, common example of this with a smartphone. The mail clients all work using structured APIs and, when we enable SSL, our transactions are secured regardless of the underlying network.
  • In compute services, there is a trend towards containers and serverless, so they are already looking at being more flexible with applications and data. The ability to automate data processing with a customer increases the utility of the service and cuts down on the complexity to the client.
  • Most SaaS companies today offer a multitude of integrations to better simplify their users workloads. To support these integrations, they need secure connectors between SaaS services and they need a single source of truth to support quality customer service.


As companies move to hybrid cloud and as they need to support a more agile and efficient delivery of applications and services, a need for better cloud orchestration becomes critical. Companies that are just starting their migration to cloud are looking at more traditional VPN-based solutions, but there’s really no need for a VPN tunnel if everything is TLS encrypted at the application layer.

It is easier to audit, it is more secure, and it is easier to stand up and breakdown as you see fit.


JR Rivers

JR is a co-founder and CTO of Cumulus Networks where he works on company, technology, and product direction. JR has been involved with networking since Ethernet only ran on coaxial cables. He’s worked on some of the most foundational networking products of their time, from early Network Interface Cards at 3Com through switching and routing products at Cisco. JR’s early involvement in home-grown networking at Google and as the VP of System Architecture for Cisco’s Unified Computing System both helped fine tune his perspective on networking for the modern datacenter. At Cumulus, JR works on product definition and development as well as helps build infrastructure and systems for customers, internal use, and industry-wide projects.

Inline Feedbacks
View all comments