11 min read
Doron Grinstein

Enterprise Hybrid Cloud Models Explained

Hybrid clouds are a good solution to many business problems, but come with a few tradeoffs.

The public cloud is the total of clouds and cloud services available to any company for the cost of a subscription. It consists of products and services from giants like AWS, Google Cloud, Azure, and hundreds of smaller players like Digital Ocean, Heroku, Linode, and others. 

A “private cloud” is slightly harder to define because it refers to the private computing infrastructure that has been built to mimic many of the attributes of its larger public cousin.What makes private infrastructure function as a cloud is that developers and users can interact with the infrastructure programmatically, through an API or other interface, rather than dealing with the hardware, networking, and physical componentry behind the scenes.

A “hybrid cloud” is a combination of private and public cloud infrastructure built to work together to deliver a unified experience. In theory, you should be able to leverage the capabilities of a hybrid cloud without knowing whether the application you’re provisioning is served by private or public computing resources and services.


4 Reasons that Businesses Should Invest in an Enterprise Hybrid Cloud

On the one hand, most enterprises of any scale are operating a hybrid cloud already, whether or not they do so intentionally. That’s because as businesses grow, they accumulate infrastructure like barnacles through side projects, failed or successful application launches, corporate acquisitions, and other edge cases. Over time, this adds to the total of an enterprise’s cloud infrastructure. Perhaps the best argument for hybrid cloud infrastructure is that it’s the infrastructure you already have, and you might as well manage it.

On the other hand, if you’re part of a new company, you should also consider building a hybrid cloud, but for different reasons. You should consider a hybrid cloud for your new enterprise because it gives you the greatest selection of cloud resources and infrastructure capabilities to address the greatest cross-section of business requirements.

Here are a few other reasons companies of various shapes and sizes use an enterprise hybrid cloud:

  1. Security and Compliance

The Department of Defense runs many applications entirely within a private network, the SIPRNet, which is disconnected from the public internet. The DoD also leverages public cloud services for less sensitive applications. In industries like healthcare, finance, and even hospitality, stringent regulatory frameworks may draw strict parameters around user data storage, log retention, remote access policies and the like. These frameworks don’t usually prevent the use of the public cloud outright. Still, many companies find it easier to maintain compliance by keeping certain data and data processing in-house within a private cloud while leveraging the public cloud for most of their infrastructure. As an example, a large hotel chain might find it less demanding to comply with the Payment Card Industry (PCI) Data Security Standard (DSS) if they keep customer credit card data within strict parameters inside a private cloud platform to reduce the scope of their compliance efforts. Similarly, suppose user data from a certain jurisdiction must never be stored in a jurisdiction incompatible with the first region’s privacy laws. In that case, handling those requests within a private cloud where you have greater control may make sense.

  1. No Internet Connection

Fast, reliable internet is not yet available everywhere, and if your application is going to be serving users on a cruise ship, or a remote location, you may have to build infrastructure that can stand alone.

  1. Performance

If your application depends on lightning-fast response times when processing mountains of data that can only be delivered through close physical proximity – as with some high-frequency trading platforms – then you must build your own cloud next to your users. Physics is physics, and so far we haven’t found a way to outrun the speed of light. These ultra-low-latency applications are usually just one part of the puzzle, even for a firm that specializes in such solutions, so the public cloud may still comprise the majority of a company’s infrastructure.

  1. Rent vs Buy

For some companies, investing in hardware infrastructure at scale may make more financial sense rather than renting it from a cloud provider. Suppose you’re Netflix and your applications already account for 34% of all internet traffic. In that case, you might save a substantial amount of money by purchasing infrastructure that you know you are going to run at near-full capacity. Even if you’re not Netflix, if your application has consistent resource requirements that you can adequately provision without over-provisioning, then you may want to buy part of your hardware infrastructure. This might seem counterintuitive, but remember, the big clouds make their money by charging more to rent computing resources than it costs them to buy, build, and manage their data centers. They have economies of scale, but if you do too, or if you can run your own hardware efficiently, the hybrid model might save you money.

What Part of the Cloud Goes Hybrid?

A lot of the information you’re likely to find on hybrid or private clouds makes it sound like building private cloud infrastructure is just like building public cloud infrastructure plus some hardware configuration. This might be true at a very high level, but infrastructure is never built at a high level. You have to get down into the details if you’re going to make intelligent decisions about what infrastructure to hybridize, what to privatize, and what to keep public.

The challenge with building any private cloud infrastructure is that you don’t have all the same layers, services, and features that you have in the public cloud:


Your application will need CPU and RAM, but how these basic computing resources are delivered varies drastically. In the public cloud, you have the option of starting with “bare metal” – essentially a server sitting somewhere in the cloud that you administer, a virtual machine – a virtualized server or “node,” a container, or some abstraction between or above these layers like Function as a Service. You may also use Kubernetes to orchestrate your container-based infrastructure or take one step up to a managed Kubernetes service like AWS Elastic Kubernetes Service (EKS) or Google Kubernetes Engine (GKE). You can even use an application platform like Heroku, Digital Ocean, Google App Engine, or AWS Elastic Beanstalk to do even more of the heavy lifting for you.

Once you’ve chosen the level of computing abstraction appropriate for your application, you may also need to use load balancers, NAT gateways, and other utilities to make your app accessible to your users and handle fluctuations in traffic.

For your private computing infrastructure, you’ll have access to all the fundamental building blocks and open source technologies like virtual machines, container runtimes, and Kubernetes. Still, you likely won’t be able to replicate many of the abstraction layers available in the public cloud like FaaS, managed Kubernetes, or application platforms. This means that you’ll almost certainly burn more time building and maintaining private computing infrastructure versus public. Neither is simple, but you’ll have to start with lower-level technology components to build private cloud computing.

Backing Services

Unless you want to reinvent the wheel, you’re likely to take advantage of two or three (or two or three dozen) public cloud backing services like Google Big Query, AWS RDS (Relational Database Service), or S3 (Simple Storage Service), or perhaps Azure AD (Active Directory).These services give your application superpowers, and the big clouds add new services constantly. 

Most of these services, however, are only available on the public cloud and can’t be replicated on completely private infrastructure. Losing access to these services might mean months of painstaking work for your team just to re-create a basic version of what you get in the public cloud. For this reason, you need to think long and hard about whether or not your application and security requirements prohibit you from using public backing services. You might, for instance, find that the commodity infrastructure of data storage and computing for a security-sensitive application must be kept private. However, it might not violate your compliance posture to run analysis on those applications’ datasets using a public backing service.

DevOps Tooling

The public cloud offers innumerable products and services from the hyperscalers and hundreds of smaller vendors to address the tasks of Day 1 (code repository, CICD, etc.) and Day 2 (Observability, Metrics, Secrets Management, etc.) DevOps. You can assemble and integrate your own suite of tools or go with a platform that includes many of these tools pre-configured.

Most of these tools are delivered via the public cloud, although a handful are also available as on-premises implementations.

In general, if you can use the public cloud, you should. It’s usually less costly, less work, and provides a far greater array of options than private infrastructure. However, there are a few late-breaking public cloud developments that offer advantages for hybrid infrastructures.

The Public Clouds – But Private

Recently, services from the three major cloud providers have helped level the playing field between what’s available to cloud architects building on the public cloud and those building private or hybrid infrastructure.

AWS Outposts enables developers to run many of AWS’s services on private infrastructure using the interfaces they are familiar with in AWS public cloud services. Azure Stacks makes a similar claim for the suite of Azure services. The potential advantage of these technologies is that you can maintain consistency across a hybrid cloud infrastructure – duplicating settings, configuration, and policies across both public and private instances. These offerings are relatively new, and there are likely to be some significant asterisks that developers will find along the way. Still, they are an important step toward making public and private infrastructure function in parallel.

Google Anthos is another example of a public cloud offering that aims to streamline the administration of hybrid or multi-cloud enterprise environments. With Anthos, you can administer Kubernetes clusters similarly, no matter where the cluster lives – whether in Google Cloud, a private cloud, or another public cloud

You may be able to use services like AWS Outposts, Azure Stacks, or Google Anthos to provide some consistency across your infrastructure, but none of these tools is likely to offer a panacea for hybrid cloud environments. It’s hard work to make disparate infrastructure function as one cloud.

An Easier Way to Build a Hybrid Cloud

I worked as the Chief Software Architect of VMWare’s Cloud Services Platform. Before that, I was Chief Software Architect at Dell, and at SAP. Before that, I was an engineer at Disney building the FastPass system. Every enterprise I have ever worked with maintained a hybrid cloud of one sort or another – with a mixture of public and private infrastructure.  

So when we built Control Plane – a platform for running microservices – I designed it to facilitate hybrid cloud infrastructure. It required a novel architecture, but I wanted software architects to be able to choose the infrastructure which made the most sense for their business – whether public, private or hybrid.

Control Plane enables you to choose any computing region of any of the major clouds – AWS, GCP, or Azure – but with our Bring Your Own Kubernetes technology, you can also incorporate any public or private Kubernetes-based cluster into Control Plane. Once your cluster is in Control Plane, it acts like any other Control Plane region, allowing your workloads to run agnostically across public cloud locations and private cloud infrastructure.

Additionally, Control Plane’s Universal Cloud IdentityTM and Cloud Wormhole enables your workloads to consume any public or private cloud backing service from the major public clouds or even from within a VPC or on a developer’s laptop – all without embedding credentials.

We’d love for you to try Control Plane for free and see how much easier it makes building an enterprise hybrid cloud.


Frequently Asked Questions

What is included in a hybrid cloud?

A hybrid cloud includes a mixture of public cloud and private cloud services and computing infrastructure. 

How does a hybrid cloud work?

Hybrid clouds work by abstracting the underlying hardware infrastructure (the servers, networking, OS, and applications) enabling developers to treat disparate infrastructure spread across public and private clouds as if it’s one cloud.

What are hybrid clouds used for?

Hybrid clouds are often used to store sensitive enterprise data and to help meet industry regulatory requirements