IBM is developing a SaaS package to help enterprises securely network heterogenous environments, including edge, on-prem and multicloud resources.
The IBM Hybrid Cloud Mesh is a SaaS service that implements a virtualised Layer 3-7 environment to rapidly enable secure connectivity between users, applications, and data distributed across multiple locations and environments, according to Andrew Coward, general manager of IBM’s software defined networking group.
In a nutshell, Hybrid Cloud Mesh deploys gateways within the clouds – including on-premises, AWS or other providers’ clouds, and transit points, if needed – to support the infrastructure, and then it builds a secure Layer 3-7 mesh overlay to deliver applications, Coward said. At the application level, the exposure to developers occurs at Layer 7, and the networking teams see Layer 3 and 4 activities, Coward said.
“Managing how applications behave across a vast virtualised infrastructure is what we've challenged ourselves to go after, and we really wanted to make it a simple, kind of drag-and-drop experience for how businesses connect applications together. So that’s the primary goal,” Coward said.
When the service is available later this year, IBM Hybrid Cloud Mesh will also employ the DNS traffic-steering capabilities IBM gained when it acquired NS1 earlier this year. The NS1 technology will help the service to find and set up the best connection between clouds and end users and deliver applications that are optimised for performance, cost and availability, Coward said.
NS1 brings some important capabilities to IBM’s networking plans, including its global network of high-performance points-of-presence and zero trust, intent-driven traffic steering, which can support a number of features including network segmentation.
“We recognise that DNS is a really important control point in the network, and it really doesn't get used enough to dictate the flows and aggregate traffic, but we will be making that a key part of our mesh strategy over time,” Coward said.
As for potential use cases, Coward identified core applications in global banking systems that need to offer cloud sovereignty for the data they access. The Hybrid Cloud Mesh service can be segmented to individual business needs, he said, and it can connect workloads running in multiple clusters in clouds and on premises.
“The first use cases we're seeing [are] around Kubernetes-to-Kubernetes, cluster connectivity, applications like that, which [require] a lot of fairly manual work today that we can easily automate and manage with the new service,” Coward said. “A lot of infrastructure pain points come with new applications and application migration, where businesses want a new way of handling applications that’s easier and less painful, which is what we can do with this service.”
Five or 10 years ago, setting up a large enterprise network, including MPLS connectivity and security, took a lot of time and effort, Coward said. “Now, designing and building a global network in this virtual world takes literally an afternoon or morning. It's a very different construction environment that we're working on.”
IBM Hybrid Cloud Mesh service is currently being tested with early customers and should be generally available in the second half of 2023, Coward said.