Hybrid Cloud Governance at TAL Education: Challenges, Methods, and Future Plans

GoodFuture (TAL Education) initially built a fragmented hybrid‑cloud network without standards, resulting in tangled private‑cloud and public‑cloud resources; a first‑phase governance project achieved its goals and set the stage for a second‑phase that aims to create a more complete, cost‑effective, and scalable hybrid‑cloud architecture.

What is Hybrid Cloud

Public cloud resources are provided by IDC service providers and accessed over the Internet, while private cloud resources are dedicated to a single organization, offering higher security and control. Hybrid cloud combines the convenience of public cloud with the security of private cloud, providing high flexibility.

Industry Adoption

According to the 2019 Hybrid Cloud White Paper, hybrid cloud has become the dominant cloud model worldwide; the RightScale 2019 Cloud Status Report shows 84% of surveyed enterprises adopt multi‑cloud strategies, with hybrid‑cloud usage rising from 51% in 2018 to 58% in 2019.

Case Study: Shanghai Stock Exchange

The Shanghai Stock Exchange uses China Telecom’s Tianyi Cloud to provide low‑latency, high‑bandwidth, secure networking and a customized hybrid‑cloud management platform, delivering a seamless multi‑cloud experience for end users.

TAL Education Hybrid Cloud Background

Rapid business growth and the lack of unified standards led to chaotic expansion of both public‑cloud and private‑cloud resources, creating overlapping IP addresses, numerous VPCs, and scattered network permissions, which hindered inter‑department communication.

Governance Challenges

1. Large business base : Data‑center, user platform, teaching system, and other middle‑platform services cause network segmentation and access conflicts.

2. Numerous public‑cloud accounts : Multiple accounts increase maintenance cost and inter‑account connectivity complexity.

3. Historical baggage : Existing services must be migrated gradually, requiring unified planning and resource reuse.

Governance Methods

Standardize IP addressing : Issue a unified IP‑addressing policy across the group, assigning addresses by cloud provider, region, and environment.

Rectify business networks : Consolidate public‑cloud VPCs, migrate conflicting VPCs to new address spaces, and adopt a transition plan for VPC governance.

Converge hybrid‑cloud permissions : Encourage each business unit to use a single cloud account, centralize IP allocation, and tag resources for cost tracking.

First‑Phase Governance Goals

Build an integrated multi‑data‑center, multi‑cloud network that eliminates network silos, provides secure low‑latency connectivity, and supports multi‑active and fault‑tolerant services.

Key achievements after one year include:

Production VPCs fully joined cloud enterprise networks.

Data‑center rooms de‑commissioned.

Network resource governance completed 88%.

Network latency reduced by 54% in the same region.

VPC count reduced to under 50.

Public‑to‑private traffic shifted, saving ~40% bandwidth cost.

Second‑Phase Governance Objectives

Based on the three hybrid‑cloud characteristics—more complete, more cost‑effective, more scalable—the second phase focuses on:

More complete : Increase internal‑network traffic to 30% of total, reduce external bandwidth cost by 40%.

More scalable : Deploy a dual‑center IDC architecture, bring 25% of North‑Beijing rack resources online.

More cost‑effective : Consolidate VPCs to fewer than 50 instances.

Planned methods include optimizing Alibaba Cloud’s underlying network architecture, trimming VPC numbers, migrating external traffic to private lines, and providing comprehensive security solutions.

Future Outlook

Hybrid cloud will deepen integration with telecom operators, offering unified cloud‑network services, dynamic resource allocation, and consistent multi‑cloud management, while ensuring security, reliability, and rapid fault localization.