Introduction

Many companies depend on more than one cloud or “Software as a Service” platform to operate their business or deliver a service to their customers. Each cloud has strengths and weaknesses, and will be used to host specific capabilities.
The result is that connecting clouds becomes a central requirement to allow systems to share data across clouds, and to facilitate moving systems between clouds.

This ‘Connecting Clouds’ Blueprint will outline how Responsiv use the Responsiv Unity Platform to connect and secure systems across an Enterprise

A Responsiv Solution – Connecting Clouds

At Responsiv we use our Responsiv Unity platform to connect and secure systems across the enterprise regardless of their location. Our solution allows us to move systems between locations, add audit, consent management, and other features to data travelling between systems, and to monitor it all from a central console.

We use Microsoft Azure and IBM Cloud as well as self-hosting to host our own software and packages purchased for specific purposes. We also use SaaS solutions for CRM, Accounting, HR, and Office365.
This ‘connecting clouds’ blueprint allows applications located together to optimise their communications, as well to transparently communicate with remotely located and SaaS services. It avoids unnecessary dependencies to help maximise availability and reduce exposure to risks that are beyond our control.

Our solution facilitates communication between vendors, manages OAuth credentials, and prevents bridging networks between clouds; helping to control unauthorised access from one cloud to another. The bridge supports use of micro-services, SOA style services, REST, Files, and many other styles of interface.

As well as supporting direct connections between applications, the bridge can transform data and protocols (XML- JSON, CSV-ISO20022, …) to allow them to be communicated simply and to be consumed properly.

Responsiv can provide a half day workshop to help you get started as well as more detailed information on all aspects of this blueprint.

To implement this ‘connecting clouds’ blueprint, we install a Responsiv Unity integration module into each of the “hosting” clouds to create a “Bridgehead” and form a communication mesh across and between all of the cloud locations, including self-hosted.

The Responsiv Unity integration module can be installed as a container or a virtual image and includes an operating system and monitoring support to allow a central console (Responsiv Unity Console Module) to manage and monitor across the solution.

Next, we configure connections between locally installed systems and the local bridgehead. These “virtual adapters” allow us to then access and address that system from anywhere in the mesh.

Additional logic can be added to each adapter to perform transformations, cross referencing identifiers, and imposing security checks.
SaaS providers can be connected from each bridgehead or from a single one depending on reliability, capacity, and architectural needs. Finally, we add change-detector-agents in systems that will be the source of data, and configure pathways for the data to be distributed to the appropriate targets. Systems can be configured to prefer local source-target connectivity but to fail to remote, or to queue data when a remote target is not available. They can be setup to move data at particular times of the day, or to throttle data to avoid peaks in capacity uses.
Capacity can be added at any time by increasing the core counts for one or more of the modules, and the whole installation can be made highly available by simply doubling up each module in each location.
Security is provided by reducing the number of applications with permission to connect across clouds, and by reducing the number of servers and protocols allowed to traverse the networks. Security is further enhanced by encrypted communications and access control lists, as well as the possibility of adding audit and other features.
Reliability is provided by supporting store and forward protocols that help manage API retry and periodic outages to maintain service when clouds are under pressure or unavailable. This blueprint avoids creating a single location that must be available to coordinate communication. Reliability can be further enhanced by duplicating the components in each cloud.
To improve flexibility and security the location of applications inside a cloud and across different clouds is maintained by the bridge and not by the connected applications. The same mechanism can be used to horizontally scale and load balance applications.

Making it Happen

When we receive a purchase order, human accept it, post it to accounts, and add a note to the CRM
When a customer agrees an offer store the signed copy in an arrangements system and notify the CRM

Build

Procure the required components and begin with one cloud location. Deploy the bridgehead and connect the systems that are local to that cloud. Already you will begin seeing benefit. Add the other clouds one at a time and scale the solution for each cloud as needed. Locate the console in your primary location, or alongside other management software. Duplicate the instances to deliver improved reliability and availability.

When we move an application, it should be easy and not require significant re-configuration of other applications. Data should take a reasonable shortest route.

All applications regardless of location should be monitored and managed centrally.
State your requirements for cloud security, for example encrypted communications between clouds and audit records of all data movements off cloud but not between applications in the same cloud.

Operate

Manage the installation with a structure similar to database management or other middleware.
Alternatively use the Responsiv Assist support offerings to let us manage patching, monitoring, and incident handling.

Product Manifest

The manifest is constructed to show a minimal installation. Each instance can be efficiently scaled to around 7 vCPUs and can be horizontally scaled beyond 3 instances for capacity and resilience.
Other Responsiv Unity modules can be added to one or more locations to provide API management and Automation.

Minimal Configuration

Product	Capacity	Purpose
Responsiv Unity Console Module	One instance 1 vCPU	Manage, and oversee the installation
Responsiv Unity Integration Module	One instance per cloud 1vCPU	Create a bridgehead for the cloud
Responsiv Consulting Installation	One	Fixed price installation of the cloud connection mesh
Responsiv Consulting	Optional days	Configure virtual adapters, design and connection of the estate

References

Open Banking Gateway

This ‘connecting clouds’ blueprint is an integral part of the Responsiv Open Banking gateway, which is used by one of the world’s largest banks to provide Open Banking services to its European customers.

The Open Banking gateway is hosted by Responsiv and delivers UKOB standard APIs in a secure and fully managed solution.

The blueprint assures that those administering the gateway cannot access the banks internal systems, and the same in reverse. It also assures that all traffic is secured and accounted for as it passes between the domains.