The COVID-19 pandemic has had a profound impact on corporate IT. One of the biggest changes has been a much more accelerated shift to the cloud. Of course, when it comes to the cloud, there usually isn’t just a single cloud provider selected. My research shows that well over 80% of businesses plan to take a multi-cloud approach in which they connect to a private cloud as well as multiple cloud providers.
There are many reasons for this, including geographic performance, pricing flexibility and data-governance issues. One of the most challenging aspects of a multi-cloud environment is setting up the network itself.
How Volterra simplifies building, securing a multi-cloud network
Volterra is a cloud services provider that has simplified the process of building and securing a multi-cloud environment. The company has the following two products to enable this:
- VoltMesh connects, secures, controls and provides visibility into applications that are deployed in a single cloud location or across multiple clouds and/or edge sites. The product uses a proxy-based and zero-trust architecture to improve security and provides application-to-application access without providing any network access across clusters and sites. VoltMesh is supported by Volterra’s own global network backbone, which provides high reliability and predictable connectivity across the multi-cloud environment.
- VoltStack is an application platform solution that enables companies to deploy, security and operate a fleet of applications across a distributed cloud environment that spans public, private and edge locations. It scales easily to meet the demands of a large number of clusters and locations with centralized orchestration, observability and operations to simplify the complexity of managing multiple distributed clusters.
- VoltConsole provides end-to-end visibility, policy management, provisioning and operation of VoltMesh and VoltStack.
Volterra claims its system is easy to use and has a fast learning curve. The company provides a comprehensive Quick Start set of modules that educates the user on how and when to use the majority of features.
Here is a review of the Volterra Quick Start program:
To accomplish this, I had to create a Volterra account. Volterra offers four levels of accounts:
- a free one that offers a global application delivery network, application security, a Kubernetes ingress/egress gateway, cloud and edge management and limited support. This was sufficient for the review.
- Volterra offers three other levels--an individual tier starting at $25/month that adds app security, load balancing, cloud and edge security and upgraded support. There is also a team tier starting at $200/month that includes edge hardware, single sign-on, an uptime SLA and advanced support.
- The highest tier is the Organization tier that includes advanced features, such as support for Volterra edge hardware, key management services among others and premium support with response service-level agreement (SLA) of 1 hour.
The Volterra interface is graphical in nature, well laid out and easy to use. Navigating through the various sections is simple and finding things is trivial. I’ve used many cloud service providers before and often they have interfaces that have a steep learning curve. But true to its claim, Volterra seems to have made usability a bit part of its design.
Once I signed up, I used the tool to create a multi-cloud network and wanted to review that process. This provides the ability to quickly and easily connect and secure applications between multiple clouds using VoltMesh services and the Volterra management tool, VoltConsole.
Setting up Volterra sites as gateways
The use case I worked on was to set up Volterra sites as gateways for the ingress and egress traffic for both the cloud networks. The data center gateway site is on physical hardware in an on-premises data center. The data center also has a top of rack switch behind it which has virtual machine-based hosts sitting on two subnets.
The steps to doing this are as follows:
Step 1: Deploy public cloud site in AWS
- Log into VoltConsole UI, navigate to the system section as an administrator and go to the “Add VPC site” in the AWS site wizard.
- Creating the site was simple. It was a multi-step process that involved a few entries to be filled out, such as choosing the site region, selecting or creating a VPC site and assigning IP addresses.
- Next step was to configure the site as an ingress-egress site type and then choose the right availability zone. Again, this was simple as the GUI walks the administrator though the process with tooltips to explain each field.
- New AWS credentials may need to be created, which is done outside of Volterra. If one exists, it will show up in the console.
- Once the instance has been created, it’s time to deploy the site. The terraform parameters will be validated, and the site will deploy after a few minutes.
- Validating the existence of the site can be done by navigating back to the site map. The site is clearly visible as are the two interfaces just created.
Step 2: Deploy private cloud using VMware vSphere to create a Volterra node.
- Step one requires downloading the VMware OVA image from the Volterra site and import into VMware vSphere.
- Once logged into vSphere, the template should be visible from the OVA imported.
- Create a new site (VM name) in vSphere and select a data store and power on the virtual machine.
- In this case the hardware needed to be customized and a second NIC added for ingress / egress purposes.
- Next step was to create Volterra specific parameters such as hostname, token, cluster name, outside network interface and others
- As the site comes up, the registration request will show up on the Volterra website. The parameters can be viewed easily and then accepted with two clicks. The site came online in about four minutes and became available in the site map for further configuration.
Step 3: Connect the inside network to the outside network to enable hosts on the VMware site to access hosts on other sites or public sites on the Internet using SNAT. This was done in the console by creating a fleet object, virtual network, network interfaces, network connectors and other parameters on the Volterra site through the VMware console. The steps were as follows:
- In VoltConsole it was easy to find the site previously provisioned.
- A fleet is created and applied to the site.
- Create the virtual networks – an outside virtual network and inside virtual network can be created in VoltConsole.
- Once the virtual networks have been created, it’s time to set up the network interfaces and those can be configured with parameters such as DHCP networks, pools and gateways. A range of IP addresses can be created in the console for the DHCP server to hand out.
- Connecting the networks was a simple process – one in SNAT mode and the other directly to the global network. The SNAT is used for the data center private cloud to establish connectivity from the inside subnets to the outside through the Volterra site.
- The VMware site can then be added to the fleet and a connection established between AWS and the VMware instances by following the wizard and filling in a few parameters.
Step 4: Secure the networks by applying network policies to restrict access to chosen networks. This is done with a network firewall and applying to the fleet. The process required the following steps:
- In VoltConsole, the fleet configuration has the option to add a network firewall.
- Once the firewall has been created, the menu has an option to create and activate policies.
- Once policies are created, the network firewall object is ready to add to the fleet configuration and this is done upon saving.
- Verification of the policies can be done by trying to ping objects. If configured correctly, the policy should stop it.
- Last step is to create and enable forward proxy settings for the network connector of the private DC.
The entire process of creating a two-node, multi-cloud network was simple because of the intuitive interface in VoltConsole. Much of the configuration is wizard-driven, making it so easy even a junior administrator could do it. The console is complemented with a rich network map that provides end-to-end visibility. The use of a graphical console also minimizes the chance of configuration mistakes as VoltConsole takes basic parameters and turns them into the correct settings.
Overall, based on my review, I give Volterra a letter grade of an A, because it makes something that could be a challenge relatively easy. Overall, the process took about 45 minutes from start to finish.
Zeus Kerravala is an eWEEK regular contributor and the founder and principal analyst with ZK Research. He spent 10 years at Yankee Group and prior to that held a number of corporate IT positions.