IBM cloud service aims to deliver secure, multicloud connectivity

IBM has delivered a SaaS package it has been developing to help enterprises connect and secure multicloud resources.

The service, IBM Hybrid Cloud Mesh, implements a virtualized networking environment to rapidly enable secure connectivity between users, applications, and data distributed across multiple edge, hybrid, and multicloud environments. One of the drivers behind the cloud service is to join operational silos, giving granular network control and easy-to-consume interfaces to IT teams, IBM said.

Cloud mesh is designed to let organizations establish simple, scalable, secure application-centric connectivity, wrote Murali Gandluru, vice president of IBM’s software networking and edge, in a blog about Hybrid Cloud Mesh. “The product is also designed to be predictable with respect to latency, bandwidth and cost. It is engineered for both CloudOps and DevOps teams to seamlessly manage and scale network applications, including cloud-native ones running on Red Hat OpenShift,” Gandluru stated.

Hybrid Cloud Mesh works by deploying gateways within the clouds – including on-premises, AWS or other providers’ clouds, and transit points, if needed – to support the infrastructure, and then it builds a secure Layer 3-7 mesh overlay to deliver applications, IBM stated.

The service implements two types of gateways: an edge gateway, deployed near workloads for forwarding, security enforcement, load balancing, and telemetry data collection; and/or a waypoint gateway, deployed at points of presence close to internet exchanges and colocation sites for path, cost and topology optimization, according to Gandluru.

At the application level, the exposure to developers occurs at Layer 7, and the networking teams see Layer 3 and 4 activities, IBM said.

The service’s Mesh Manager provides centralized management, policy and observability capabilities. It also utilizes zero trust features for security in that mesh allows communication based on user intent only, Gandluru wrote. All gateways are signed, and threat surface is addressed since they can be configured only through Mesh Manager, Gandluru stated.

“Mesh Manager continuously discovers and updates multicloud deployment infrastructure, making the discovery of deployed applications and services an automated experience. Continuous discovery allows Mesh Manager to maintain awareness of changes in the cloud assets,” according to Gandluru.

Also part of the package are the DNS traffic-steering capabilities IBM acquired from NS1. That technology brings advanced traffic-steering support that intelligently distributes DNS traffic across the network. The DNS services can also make dynamic decisions about where to send an internet request, based on availability, performance and time-of-day.

IBM Hybrid Cloud Mesh appears to offer numerous advantages for enterprises, according to Steven Dickens, vice president and practice leader with Futurum Research. In a report written earlier this year, Dickens stated: “It enhances visibility and control by providing a unified platform to manage and secure applications across multiple clouds. This enables enterprises to quickly identify and address issues within their multi-cloud infrastructure.”

“[Mesh] promotes agility by simplifying the movement of applications between clouds, allowing enterprises to choose the most suitable cloud option and optimize costs accordingly,” Dickens stated.

“Additionally, it bolsters security by offering a centralized mechanism to enforce security policies across various clouds, safeguarding data and applications from unauthorized access,” Dickens stated.