Running workloads in the cloud requires that clients in some scenarios havefast and reliable internet connectivity. Given today's networks, thisrequirement rarely poses a challenge for cloud adoption. There are, however,scenarios when you can't rely on continuous connectivity, such as:

• Sea-going vessels and other vehicles might be connected onlyintermittently or have access only to high-latency satellite links.
• Factories or power plants might be connected to the internet. Thesefacilities might have reliability requirements that exceed the availabilityclaims of their internet provider.
• Retail stores and supermarkets might be connected only occasionally oruse links that don't provide the necessary reliability or throughput tohandle business-critical transactions.

Theedge hybrid architecture pattern addresses these challenges by runningtime- and business-critical workloads locally, at the edge of the network, whileusing the cloud for all other kinds of workloads. In an edge hybridarchitecture, the internet link is a noncritical component that is used formanagement purposes and to synchronize or upload data, often asynchronously, butisn't involved in time or business-critical transactions.

Advantages

Running certain workloads at the edge and other workloads in the cloud offersseveral advantages:

• Inbound traffic—moving data from the edge toGoogle Cloud—might be free of charge.
• Running workloads that are business- and time-critical at the edge helpsensure low latency and self-sufficiency. If internet connectivity fails oris temporarily unavailable, you can still run all important transactions.At the same time, you can benefit from using the cloud for a significantportion of your overall workload.
• You can reuse existing investments in computing and storage equipment.
• Over time, you can incrementally reduce the fraction of workloads thatare run at the edge and move them to the cloud, either by reworking certainapplications or by equipping some edge locations with internet links thatare more reliable.
• Internet of Things (IoT)-related projects can become more cost-efficientby performing data computations locally. This allows enterprises to run andprocess some services locally at the edge, closer to the data sources. Italso allows enterprises to selectively send data to the cloud, which canhelp to reduce the capacity, data transfer, processing, and overall costsof the IoT solution.
• Edge computing can act as anintermediate communication layer between legacy and modernized services. For example, services that might berunning a containerized API gateway such as Apigee hybrid). Thisenables legacy applications and systems to integrate with modernizedservices, like IoT solutions.

Best practices

Consider the following recommendations when implementing the edge hybridarchitecture pattern:

• If communication is unidirectional, use thegated ingress pattern.
• If communication is bidirectional, consider thegated egress and gated ingress pattern.
• If the solution consists of many edge remote sites connecting toGoogle Cloud over the public internet, you can use a software-definedWAN (SD-WAN) solution. You can also useNetwork Connectivity Center with a third-party SD-WAN router supported by aGoogle Cloud partner to simplify the provisioning and management of secure connectivity at scale.
• Minimize dependencies between systems that are running at the edge andsystems that are running in the cloud environment. Each dependency canundermine the reliability and latency advantages of an edge hybrid setup.
• To manage and operate multiple edge locations efficiently, you shouldhave a centralized management plane and monitoring solution in the cloud.
• Ensure that CI/CD pipelines along with tooling for deployment andmonitoring are consistent across cloud and edge environments.
• Consider using containers and Kubernetes when applicable and feasible,to abstract away differences among various edge locations and also amongedge locations and the cloud. Because Kubernetes provides a common runtimelayer, you can develop, run, and operate workloads consistently acrosscomputing environments. You can also move workloads between the edge andthe cloud.
  • To simplify the hybrid setup and operation, you can useGKE Enterprise for this architecture (if containers are used across the environments).Considerthe possible connectivity options that you have to connect a GKE Enterprise clusterrunning in your on-premises or edge environment to Google Cloud.
• As part of this pattern, although some GKE Enterprisecomponents might sustain during a temporary connectivity interruption toGoogle Cloud, don't use GKE Enterprises when it'sdisconnected from Google Cloud as a nominal working mode. For moreinformation, seeImpact of temporary disconnection from Google Cloud.
• To overcome inconsistencies in protocols, APIs, and authenticationmechanisms across diverse backend and edge services, we recommend, whereapplicable, to deploy an API gateway or proxy as a unifyingfacade.This gateway or proxy acts as a centralized control point and performs thefollowing measures:
  • Implements additional security measures.
  • Shields client apps and other services from backend code changes.
  • Facilitates audit trails for communication between allcross-environment applications and its decoupled components.
  • Acts as anintermediate communication layer between legacy and modernized services.
    • Apigee andApigee Hybrid let you host and manage enterprise-grade and hybrid gatewaysacross on-premises environments, edge, other clouds, andGoogle Cloud environments.
• Establish common identity between environments so that systems can authenticate securely acrossenvironment boundaries.
• Because the data that is exchanged between environments might besensitive, ensure that all communication is encrypted in transit by usingVPN tunnels,TLS,or both.