Get to AWS, Azure and GCP in Record Time
Derrick Monahan and David Klebanov
Jul 23 2020 | 60 mins
Business capabilities, like applications, data and services are moving from on-premise data centers to one or multiple public clouds. While public clouds offer the convenience of as-a-service consumption, on-demand functionality, elastic scale and pay-as-you-go pricing, the network on the other hand does not. Those who have tried the do-it-yourself approach to building a network for the cloud can attest to the challenges of cloud knowledge gaps, slow manual configurations, restrictive cloud limits, and costly hardware investments. Enterprises quickly realize that in order to succeed in the cloud, a new networking paradigm is needed.
Join WWT and Alkira for this interactive webinar to see how your network can take you to one or many clouds in record time. You will learn:
- Why enterprises are rapidly embracing multi-cloud
- What are the methodology and key elements of a modern multi-cloud network
- How to build a global multi-cloud network with enterprise-grade security and day-2 operations in minutes
Speakers:
Derrick Monahan, Technical Solutions Architect, WWT
David Klebanov, Head of Product Marketing, Alkira
Webinar Transcript
Hello, everybody. Welcome to this webinar. We’re going to give it one more minute because we’re seeing more and more people are joining, so we’re going to give it one more minute before we start. So hang in there for one more minute.
All right. I think we can begin. We have quite a few folks who have already joined. So my name is David Klebenov. I’m head of product marketing for Akira. And wanted to welcome you for this joint WWT & Alkira webinar talking about getting to the public clouds, AWS, Azure, and GCP in record time. And today, with me, we have a co-presenter. I’m very excited to have you co-present with me. So Derrick, do you want to introduce yourself?
All right. That’s awesome. So before we begin, a couple of very simple housekeeping items. This webinar is being recorded, and we’re going to post the recording after the webinar. It’s going to post it on our website. It’s also going to be available through the [Brite] platform. You can just search the webinar the same way that you have joined it live today. You can watch the replay later on.
You are free to ask questions. We are going to be taking some questions at the end of the webinar, so you can navigate to the question menu and just ask them. If we run out of time, and we don’t have enough time to answer all of your questions, we will make sure that we follow up with each one of you.
So having said that, let’s look at the – whoops, jumped too much – let’s look at the agenda. So we’re going to cover a couple of topics today, and Derrick is going to kick us off talking about several elements here. We’re going to talk about the drivers behind the accelerated cloud and multi-cloud adoption, why is it important and specifically in these challenging times. And then we’re going to talk about the challenges that the cloud networking brings, and how organizations are coping with the challenges. And then talk about the – really the approach and methodology behind designing, architecting, deploying these cloud and multi-cloud networks.
Then I’m going to walk you through a specific customer design, kind of give you a little bit of food for thought in regard to what the customer – what the starting point of the customer was, what is it that – what are the design goals that they want you to achieve, how did Alkira solution meet the design goals, and walk us through some of those elements. And like I said, we’re going to take some questions at the end and wrap it up with some next steps for the future. So it’s going to be fun.
So Derrick, take it away and kick it off.
All right, Dave. So what I’m going to start with is kind of the why question. We really think that when you start a journey into the cloud, whether it’s from a – you know, you’re looking at a workload, if you’re looking at your networking security, whatever that are that’s important to the business is you need to start with the why. And what we see, and we’ve noticed this lately, is we’ve identified some trends and use cases, and that’s where I’m going to start here. The acceleration of cloud and into multi-cloud is accelerating. We see that happening recently with some very specific examples.
Now, the use cases that I’m showing you here, let me be clear, we look at that from a business perspective. And I’ll explain because you’re probably sitting there maybe as a network architect going, “Why do I care about this level of detail from a business standpoint?” We’ll get into some more weeds in terms of the architectures and more around Alkira’s specific solution. But one of the key use cases that we’re seeing with this – especially the situation the last few months is rapid expansion. Now, when we say that, that’s a use case that see that’s happening because we see a diverse – you know, a lot of users are working from home now. We see software as a service, SaaS, exploding. We see more and more of the customers leveraging and trying to take advantage of that.
So PaaS and SaaS have been very important use cases, especially recently. But when we look at some of these use cases like rapid global expansion, that’s tied to the digital business. That trend is important because if we look at digital transformation, this can’t happen in legacy architecture. And that’s a very important point. If we look at the traditional classic hub and spoke architecture, there was a – it was very [first] time. I’ve been doing that networking for 20 plus years. I’m pretty passionate about it. And we have to look at things differently now in the modern cloud.
And some of these things, the way we approach things, we look at the use cases. And these are more business focused kind of use cases. But we also look at the functional use cases. A lot of you might be familiar with site to cloud or cloud to cloud, maybe user to cloud, and how do we connect those scenarios. And that’s probably relevant to what you’re hearing and seeing in your environment. But as we look at this, we have to identify examples of rapid expansion, or even like end user compute. What are those specific flows, traffic flows that are happening? That could impact your architecture.
And the use case really in our view dictates kind of where the architecture is headed. Without defining those use cases, you really are going to be in a position where you might develop basically an inaccurate or a not a very agile architecture. And so we keep this in mind. One of the other areas we see on the right is the business ecosystems, and this is really exploding because we see companies that are essentially – if you look, let’s say, at an insurance company, for example, a lot of innovation is happening in the insurance business. But insurance companies shouldn’t have all that burden to do everything by themselves to handle every element of that solution, whether it’s the technology or connecting to data. The partners, the customers, suppliers, all those applications it meets in a single digital business platform. And that ecosystem now is something that we have to consider when we look at architectures that now have to be flexible and agile.
So I’ll get into more of the rapid expansion here in a second, but I wanted to point out that as we drill into this, you know, expansion doesn’t mean necessarily it has to be global. It could be a customer that – of ours that is expanding fast within the United States. They might be starting in one part of the country and expanding further out East. Or they might actually be in Europe at this point, and might expand. And what’s happening is we’re seeing our customers taking a very long time to build a network, and the business needs it immediately. So one of the use cases and drivers behind that expansion is we’re seeing on-demand environments for new markets and applications that have to be automation driven.
OK. So if you think about if I have an application that’s driven by automation, why isn’t the network automation driven too. And so when we’re looking at helping our customers, and they need to move quickly and fast in those new markets, and it should be an on-demand, the network should go with it. And the network should be keeping up with the application and everything else. So that is the driver behind us. And we’re seeing expansion. Things like legal, the regulatory compliance we have to think about, these are some of the drivers. Obviously, we have a distributed global, sometimes geographically customer base that’s latency is extremely important. How do we reduce that for customers that are maybe overseas, and they’re still going back to the United States? And how do we quickly and on-demand and very flexible way to build and bridge that network, and bring it up in a new market?
So the point here is it brings up – we’re seeing complex infrastructures. We’re seeing suboptimal routing. And at the end of the day, what we care about is the user experience. We want that experience to be very good. So the goal is to really design a cohesive multi-cloud, maybe a multi-region network that’s quickly to adapt to the demands imposed by the digital business. And so these are important things that when we drill in the use case, then what happens is we define the architecture as a result of that.
So if we look at this from a network perspective, we think network has never been so linked to the business outcome. And so we used to kind of kid around that the network is an afterthought, and I think that’s an important point because if we don’t think about the network as a foundation element to get to the cloud, it will impact how that cloud experience is and how the applications are delivered. And we want that to be flexible and dynamic.
So looking at the current state, we know clouds – I think most of the folks on the call have seen this, even if you’re in single cloud today. Understanding that clouds are not equal. There’s very different approaches and different ways network constructs are in a cloud. And if I’m in Azure, do I have 100 ways – can I appear to 100 different VNets or 500 VNets? And is that going to change tomorrow? The thing about the cloud is it’s always changing. New features or capabilities are added constantly, and this gets complicated very quickly. A lot of significant planning upfront. This requires working with your network service providers. We’re looking at a very highly available and resilient network. They must scale up and down, and that includes the network services that go with it.
So when we look at the tools that have to manage the network, most of the customers I’ve seen aren’t ready and don’t have the proper tools to manage the cloud network. It’s designed to take away most of the tools, they do a fine job, but we have to think differently. Where is the visibility across the regions and clouds? And most importantly, not just visibility but observability. There’s a whole new trend around that. And what that actually means is it’s much different than the way we used to monitor the network in the past. Day 2 operations is very important.
And then what about the length of time it takes to implement? Sometimes it takes months and months to implement this. In recent examples where connecting two clouds together, let’s say two different clouds, and maybe a single VPC or VNet, different clouds, months to implement. That does not meet the business requirements that I mentioned earlier and talked about rapid mobile expansion, as an example.
So as we look at this, we see – to summarize the challenges, we see four key challenges – the complexity, there’s a huge skills gap today, the explosion of connectivity options, and then troubleshoot and observability. So the complexity doesn’t mean in a multi-cloud only. The complexity could be same cloud. We see that all the time. What is the [price] of cloud connectivity? Is the cloud – is a single cloud, does it have 20 or 200 VNets or VPCs in it, and how are they connected? Are we doing shared VPCs? Are we doing transit gateways and all of these things that we have to think about with our architecture that all of the changes. And then what about the partners that we’re trying to connect to in that digital ecosystem. The skills gap applies to that.
A colleague of mine, we do these briefings and trainings all the time. We’ll do a full day of a cloud networking workshop where we talk to our customer. We basically give them a training on how – you know, ins and outs about everything you need to know about Azure and AWS. Well, that’s great, and it works well. It’s a lot of information. You can see there’s a lot of information overload in that one day. And when we walk away, it gives them a good foundation. But keep in mind, that is only good for that static moment in time. And if we don’t come back in three months or a year and continue to work at a customer, we have to constantly understand and learn these complex cloud native networks.
So what we’re saying here is that because of the skills gap, there has to be a way that’s easier for network teams, operation teams, and architectures and organizations to easily manage and operate the network without having to be experts in every level that changes all the time. And lack of automation is another thing we see. And so when we look at explosion of connectivity, we do workshops all the time where we look at the infinite amount of ways to connect, not just from the branch to the cloud, but cloud to cloud. And think about the connectivity within those clouds can get challenging. So that means some customers have – I need to encrypt every single traffic from end to end. How do we do that? Well, there’s many ways to approach that.
What about the enterprise? The enterprise has a much different way of connecting, and their requirements are usually a little more complicated. So that presents a lot more options. And then finally, looking at troubleshooting and observability, lack of tools, the governance blind spots, and obviously visibility across all clouds and hybrid environments is something that really is almost a must now in today’s world.
So as we move forward, I want to just spend a minute here talking to how we approach things in our methodologies and what we think are successful. And if we look at one thing that I really think is important, that we start with a – it’s always important to start with the vision – if we look at our problems here in methodology, we always start with the vision and planning phase. What I see and I think a lot of times customers do make the mistake is they’re defining their strategy as the implementation plan. So right in the middle where you see deployment, enablement, and migration, and integration, those are things that we do all the time with our customers. But the strategy is well before that, and the strategy is not your implementation plan. It’s not the migration plan.
Your strategy, you know, it’s got to be that midterm, that strategy, and that could be the strategy of the cloud, what’s your cloud strategy. But it has to align with the firs thing, which is a long-term business strategy. And so what we’ve also noticed too, the second point I want to make, is we don’t see a lot of customers having a cloud connectivity strategy. So if we ask the customer about the cloud strategy – we do this all the time, we help them with the consulting perspective and help build that. But the cloud connectivity strategy usually is either missing or not fully baked before they make their way into the cloud.
So we need to make sure that when you’re planning and you’re looking at your strategy, define that strategy, and make sure it aligns with those business goals. Make sure it aligns with those – some of those use cases I brought up earlier. And so whether, you know, you’re looking at it from a perspective of to the cloud, within the cloud, or connecting multiple clouds together, you know, you have to think about this holistically. One thing that we spent a lot of time and that’s very important that we include things like SD-WAN. We include – that is very important to the strategy in the cloud, in the network strategy.
The architecture, we – basically, as a result of building out the vision and planning, it’s always important to build at least a reference architecture, an HLD, that provides that framework, so that when you’re talking to the applications and security, everybody’s on the same page. And that architecture upfront is critical. We see some customers that start building VNets and VPCs, and there’s no strategy there. Let’s just go start building things in the cloud and hope it works. And when you build an architecture, it can shift. It’s not a permanent thing, but at least it provides that foundation. And as you get into the third pillar, the operations side, then you’re writing your implementation plan and aligns well with that.
So that’s kind of like the high-level methodology we approach and how we help our customers. And in that same note, you know, we want to look at all areas. We want to look at SD-WAN. We want to look at the CNF, their carrier network facility strategy, what if there is one. If there is, let’s address that. Let’s understand how they’re using it.
What about automation, orchestration, and things like that, that are all part of that. Do they have it, or do they not need it? You know, I’m sure most customers we have, have a DevOps team or an automation strategy. And that ties into how you’re going to manage the network. And you may not want to take that approach. You may want a much easier way to do things. And so if we look at Alkira’s example, I think about that rapid global expansion and being able to bring up – and this is what Dave will talk here in a second – bring up a virtual network stack anywhere in the world for your environment on-demand is very powerful.
And one of the things that we do that is really important is we build labs. We build this in our environment, so a customer can walk through and test it out, and say, “Here’s my requirements.” Let’s re-create that so that the customer can validate their criteria before they go live. And so that’s a huge step I think in this process in the early on stages.
So that’s the methodology in short, and I’m going to go ahead and stop here and pass it back to David, if you’re ready to go.
Yeah, of course, Derrick. Well, thank you very much. And I just wanted to echo all the points that you just made in the last couple of minutes, that I think that that sort of approach, the methodology that you talked about, how to address the needs of the cloud, whether that is single cloud, the multi-cloud, that is something that you guys have definitely been excelling in for the last – for many years now that the cloud has been around us. So it’s definitely something that we are seeing a need for as customers are sort of moving into the cloud, and different customers have different – a different pace of moving into the cloud. Some kind of go and jump head first, some take a more cautious approach. But whatever the situation is with an individual customer, it’s definitely a good idea to take in sort of a methodology approach to doing that, rather than just doing this ad-hoc and piecemealing this, which I bet you guys have seen as well.
All right. So let me do this. I will take you through sort of a customer journey that gives you an example of a customer that has a starting point and are looking to expand into the multiple clouds, adding security, adding partners, adding remote access. Kind of a couple of things that they’re striving to get to, right. So I’ll start with the starting point.
And when we work with customers, and I’m pretty sure, Derrick, that you would share this sentiment, many times we’re seeing an outline of a network that starts off being like that. We have a collection of remote sites. We have a collection of datacenters. We have a collection of a potential of colocation utilities. And all of that is cohesively connected through a network medium, right, through some sort of communication mechanism. And many times we are seeing SD-WAN as obviously it is increasing its popularity dramatically, especially in the last couple of years. But we’re also seeing customers that have more traditional approach, more traditional networks, where they’re using potentially MPLS and service provider driven solutions.
Is that something that you guys are also seeing in WWT, Derrick?
Yeah, I would definitely concur, David, yeah. And I think that’s a very important point. That’s why I mentioned earlier why I think it’s important. When we do our workshop, we want to bring in SD-WAN into the conversation, and not just let’s review your architecture. Let’s understand how you envision SD-WAN being a part of it. What’s the fabric, and what are those flows? Where are the users and branches located? And what type of traffic are you pushing through? I mean, I completely agree because what you start to see, that point back earlier to the explosion of connectivity options, there’s so many ways that our customers are now benefiting from SD-WAN. And now what we’re starting to see is a huge, huge tight integration between the SD-WAN provider, such as Alkira, and the cloud providers.
And so what is the best approach? And they want to automate that as part of that journey, and make it simple in being able to control that. So absolutely because most of our customers are either in progress, in transit and moving towards SD-WAN rollout, or they’re actively looking at options at this point. But directed access going directly to the cloud, very important about SD-WAN, where that data sits in so many places. SD-WAN is really helping achieve a better outcome in user experience.
Right. That’s right, yes. So yes, I agree with you. That’s what we’re seeing across the board is that SD-WAN is becoming a very predominant choice for enterprise connectivity, right. So that’s a starting point for many of the customers. And from that, the customer keeps on evolving their designs, right. And remote access VPN is something that is obviously very popular especially with these days, these crazy days that we’re all going through. So teleworking, remote access into the corporate environment, and that many times is accommodated through the connectivity into the enterprise datacenters, where the VPN termination occurs. So that’s another very popular trend that we are seeing.
Now, when we’re talking about cloud, and we’re talking about how the customer adopts the cloud, we identify kind of two types of clouds. Of course, we have the software-as-a-service clouds, such as the [unintelligible 00:23:18] by far the most popular one, but we obviously see other SaaS providers. And just generic internet applications that are accessible from the remote offices. And of course security becomes a very important point, and nobody wants to have unsecured access. So what we’re seeing many times is that customers are opting for secure web gateways or secure internet gateways in order to provide that security inspection for the traffic that goes from the remote offices into those SaaS destinations or just plain internet, right.
Now, when we’re talking about the public cloud adoption, again, we’re seeing customers doing anything to wait. The first one is this particular customer would have had the colocations, and that potentially could have been something that they’ve adopted to when they were migrating to their datacenters, and they were not quite ready to make the jump into the public clouds. So many customers we are seeing are making this investment in colocations where they establish a compute footprint, and that’s basically how they keep on running their infrastructure. Now, when the public cloud eventually hit, such as AWS, Azure, and GCP, and that customer already has a presence in the colocations, and the colocation providers offer a very effective high bandwidth, high throughput connectivity options into this public cloud, sort of like a backdoor into your public cloud connectivity.
Of course, security is an element to that because connecting to the cloud, even though it’s through the private connectivity, it many times entails that security teams are pressing to have firewalls that are safeguarding that connectivity from the colocations into the public clouds.
Now, what we’re also seeing is that customers are leveraging the front doors for connectivity into those public clouds, and that is many times accommodated through the cloud transits. And the same transit architecture can be deployed for AWS, for Azure, and for GCP, which is like a landfall of a customer’s network inside the cloud from where it branches out into the host VPCs and VNet where the actual cloud’s workloads are residing.
And again, these transits provide connectivity, but also provide connectivity that has to be protected through the firewall because many times, the connectivity between the clouds or between different regions of the same cloud, it’s better accommodated through those cloud transit VPCs and VNets, rather than backhauling this into the colocations, right. So we have kind of variations of different designs, how people are approaching adopting this public cloud connectivity through either dedicated private backend through colocations, or more of an internet facing front and through the cloud transit VPCs and VNets.
In addition, of course, we have the internet connectivity into the cloud compute – sorry, into the compute resources that are in the datacenter, right. We’re going to talk about what happens when those compute resources go into the cloud. But many of the traditional customers, they have datacenter DMZs, which are in the datacenter, and of course protected by the firewall to the allow this internet inbound access into those DMZ resources.
And finally, the business partners that have connectivity into that – into the customers, and again, this is many times traditionally accommodated through the connectivity into the datacenters because in that sort of customer case that I’m describing, that customer hasn’t really taken the plunge into the public cloud. So many of the resources are still residing in the traditional datacenter, or maybe in a hybrid fashion. And the business partner connectivity that has to be safeguarded with a firewall is also entered on the datacenters.
And ultimately, there a collection of monitoring and management tools that are in the portfolio of that customer in order to provide all the Day 2 operations that you also, Derrick, mentioned. And many times we are seeing this as a proliferation of those tools in order to provide either management monitoring capabilities.
So that’s kind of like the landscape of maybe typical customer deployments that we’re seeing these days. So let’s take a second to kind of go through that motion again and just see what are the challenges that that customer is facing when they are deploying this architecture, right. So the first one is the disparate security domains. So I talked to a couple of minutes ago about the need to secure all kinds of types of connectivity, and that could be the direct internet access from the branches, through the secure web gateways, or that’s in access into the public clouds through colocations, or through the cloud transits, or a datacenter DMZ environment or a business partner connectivity. All of these have to be anchored on the security.
And when you’re talking about a typical customer – a customer deployment, many times we are seeing that this secure web gateway really stands out from the rest of the security domains, which are mainly accommodated by the next generation firewall. So we’re seeing customers hitting these sort of challenges from having these disparate security domains.
I was going to add just real quick [unintelligible 00:29:22]. I just want to mention too, the cloud networking strategy, we believe it must include security, must include the security in the cloud security strategy. And I think the two go together. And so what you’re bringing up is a great point. A lot of customers are debating should they go native, next gen, put appliances in the cloud, what is the strategy, in either case, which we can’t solve on this call, but that the common thing that we see is how do we manage [unintelligible 00:29:52] these hybrid states and all of these disparate environments. And the management of those policies is a very big pain point that we need to address.
Exactly. This is exactly. This is golden. So Derrick, this is exactly the point that we’re seeing also across the customers is the disparate security domains through different security offerings, secure web gateways, next generation firewalls, these are different systems, and they have different management paradigms. They have different security policy enforcement paradigms. And so we’re definitely seeing the disparity being the challenge. But we’re also seeing the proliferation of those inspection points being a challenge because as you can see, the presence of the security inspection points in various parts of the [topology] basically drives this operational complexity for the customer in order to manage these diverse policy domains across whether this is a public cloud access or this is a datacenter DMZ access, or whether this is a business partner access. These are all separate security domains and the proliferation of those security inspection points we would drive – and it drives customers nuts.
The next one – yeah. The next one is the – what happens inside the clouds, right. So for the customer who is already deploying the public clouds, you mentioned that, and it’s a very significant point is the skill gap. I couldn’t agree more with you is that this deep cloud expertise that are required today in order to go into this public cloud and learn all of these individual tidbits from each one of the clouds, how they operate and how they deliver the service. This has become a monumental challenge for the customers and really inhibits the cloud adoption because you can’t really go to the cloud until you’ve understood what exactly is happening in the cloud. And even if you’re doing automation, you still need to understand what exactly is it that you’re automating, right. You can’t just blindly automate something that you don’t understand.
So whether this is a completely sort of do-it-yourself, go to the cloud service provider console, or whether that’s an automation tool, it still introduces a very significant knowledge gap. And right behind the knowledge gaps are the limitations of this cloud providers in regards to routing, scalability, visibility. And then when you go to multi-cloud, those things become even more acute, right. So definitely very [for point] that we’re seeing.
Again, suboptimal routing, in case the cloud workloads need to be exposed into the DMZ infrastructure and the DMZ is anchored in a datacenter, so then I need to backhaul things through my datacenter into the cloud. So definitely there’s some routing suboptimalities. The availability and the scalability of the remote user VPN service. So many of these things are sort of like the artifacts of doing things in an old-fashioned way, in a way that does not really align with the cloud methodology.
You had something you wanted to add, Derrick?
All right. I thought I heard you wanted to pitch in.
So now that we’ve talked about that, obviously the customer is on the journey to change, and really governed by several design priorities in order to execute on their sort of next-gen. How can we do things better than we’ve been doing things before, right? And there’s a couple of guiding principles in here. Is of course building this enterprise-grade, feature-rich cloud network that allows not only the connectivity between branches, but also the connectivity from branches and datacenters and colocations into the cloud, and also between different cloud environments.
Now, we mentioned SD-WAN as an foundational block for enterprise connectivity, so how do we provide this SD-WAN interoperability into this enterprise-grade cloud network. So that’s another very key design principle is that you don’t want these things to live in complete isolation. Optimal cloud access, scalable and global teleworking, high-speed private cloud access through the colocation, an ability to accommodate both cloud and datacenter resources because nobody goes to the cloud in a day, right, so their ability to do hybrid clouds. We talked about suboptimal routing in case the DMZ has moved into the cloud, yet the access to the ethernet remains in the data center. So how do we really do that ingress/egress cloud DMZ. And partner access that has to be filtered, restricted, firewall controlled, segmented.
So all of these are very key priorities for the customer that is really embarking on that new design journey. And of course security, visibility, operations, these things are absolutely paramount and cannot be overlooked, right. And at the end, what we are seeing is that specifically for the networking and security journey, we’re really seeing that the network and security teams are looking to match the speed and the agility of the clouds. And one of the ways that that is done is basically match the delivery mechanism that the clouds have been delivered for the last decades. And that is really as-a-service approach.
So the networking and security teams, when they’re embarking on this sort of redesign or new design initiative, and they’re looking at their design priorities, they really want to position themselves in a way that their application and cloud-computing, cloud-storage colleagues have been doing things for the last decade, which is really consuming things as a service, versus doing this on their own with do-it-yourself fashion. So really seeing this as a very significant trend. And it becomes a very key element of the design priority that the customers are driving is how to deliver all of these capabilities in a way that doesn’t require to spin the wheels and spend the next six months learning all of this stuff. But rather just go, request it, and have it delivered to you, just like you’re requesting and delivering the compute, the storage infrastructure and the cloud today. The networking and security can be done in the same fashion.
All right. So now we’ve done plenty of sort of opportunities, we had plenty of opportunities to talk about what Alkira is and what Alkira does. Before I jump into a little bit more details about that, I think I mentioned for the customer design, but just to recap, make sure that we’re on the same page, that we’re all aware of what Alkira is offering.
So what we’re offering is what we called a unified, multi-cloud network delivered as a service. And just to echo what I mentioned a minute ago, is that really that as-a-service delivery becomes a very important, very critical point for the network and security teams, when they’re really trying to match the speed and agility of the cloud. We call this offering Alkira Cloud Services Exchange. It’s a global, multi-cloud network delivered as a service built on a collection of cloud exchange points, which are multi-cloud points of presence, and the customer’s on-premise and cloud environments are connecting into those cloud exchange points. And by that, they are getting that as a service-as-a-delivery model.
With several interesting key attributes of having a design canvas where the entire intent is being drawn on the design and then just implemented with a single click of a button, which is something that really hasn’t been done in such a way ever before. The integration of the network services through the services marketplace and the intent-based policies in order to insert those services into the application flows, segmentation across the board, pervasive encryption, some encryption, Day 2 operations with full visibility, governance, and controls. And at the end, the ability to see what’s – how your bill looks like, and see and pay only for what you consume. And being able to chargeback to individual departments, in order for the IT teams to stop carrying the burden of paying for the solution in its entirety, but rather offload the cost into the individual departments, so everybody shares the responsibility for the solution, right.
So some of the really kind of key elements of the Alkira offering, but specifically, for that customer who is really – who really wants to [unintelligible 00:39:15] the design principles that I have outlined, what would they do. How would they go about fulfilling those design principles? So the first thing they do is they establish a network, right. They establish this high-speed, low-latency global network, which as I’ve mentioned a few times now, is delivered as a service, right. So a customer would go and just select the locations on the map, as easy as that, to see where their presence, where they want to have the presence of the network be. And that could be in any part of the world. And that’s where all of the on-premise resources really connect to.
And when we talk about the cloud resources, really identify as a primary sort of a resource, we identify the VPCs, the VNets, the internet exit points, the ingress and egress internet exit points through the internet. So these are kind of the cloud resources that get connected to their respective geographically close cloud exchange points. And of course, it is multi-region and multi-cloud, so for customers who are single cloud but want to operate in a multi-region capacity or customers who are already as a multi-cloud customers, they can equally be accommodated in this architecture. We are very often seeing that customers have multiple accounts because of the different departments within the customer. So different accounts, one for HR, one for finance, one for engineering, one for production. And all of these cloud accounts have their own access into these cloud compute resources.
And so operating in a multi-account fashion that all of these accounts can now be leveraged in order to connect into this global Alkira network, that’s something which is important. Once these cloud resources are connected, the global connectivity is automatically established, the scale is appropriate to the resource that is being connected. In fact, this customer would have been requesting the scale that they want. And it’s really T-shirt sizing. Do I want a small? Do I want a medium? Do I want a large? Do I want an extra-large? And that would govern the amount of resources allocated for that customer.
Now, going beyond connectivity, the things that touch segmentation and even micro-segmentation, which we’re going to touch in a minute or so, so that’s important from making sure that there’s different departments and different functions, even when they move to the cloud they’re still being segregated. I mentioned cloud DMZ, so that’s another element of providing ingress/egress access into those cloud resources and billing and chargebacks. So these are all very interesting sort of elements that this customer would be adopting when they want to fulfill those design principles for the cloud deployment.
By a similar token, when we’re talking about the on-premise environment, we are seeing a collection of different on-premise sort of entities that are connected into this cohesive Alkira network that has now been onboarded with all of the cloud workloads and cloud resources, but now also being added with the on-premise resources. And again, similarly to what you’ve seen before, in order to keep the uniformity of this entire solution, you can see that there is an automated cloud connectivity. And we help with the onboarding of those on-premise sites by generating the configuration or automatically enrolling the SD-WAN fabric, which was important for the customer, to make sure that their investment in SD-WAN continues forward, right.
And again, the principles of T-shirt sizing, the scalability elements of small, medium, large, extra-large, the ability to segment, and the ability to pass on the charges to individual departments, and seeing the charges. So these are all elements of how that customer would have been approaching the on-premise environments that is connected into the Alkira network.
Now, none of that would have been meaningful without security, right. And we mentioned security quite a few times before. So I’ve walked you through in the last couple of minutes how the cloud resources are connected, how the on-premise resources are connected. Now, how does it all come together from a security standpoint, right. And in this case, the customer has the choice to choose the service that is security related from the Alkira Services Marketplace. And in this case, we can talk about the Palo Alto Networks Firewall. These are completed automated the entire lifecycle, from provisioning, from configuration, from monitoring and operations standpoint. This entire thing is also delivered as a service by Alkira and resides within this cloud exchange point.
The – it’s auto-scalable based on the amount of capacity demand that is needed by the applications that are steered into those Palo Alto Network Firewalls, and the actual logical [unintelligible 00:44:42] is down through the Alkira Internet-Based Policies, which are extremely easy to implement in a graphical user interface. And then all of these cloud and on-prem resources just map into those security zones of the Palo Alto Firewalls. So the Palo Alto Firewalls can continue providing their security inspection points within – for the customer environment.
And if you recall when I was first describing kind of the challenges that the customer was facing was the proliferation of those security inspection points that we’re going to spread around in different places. Now, with this solution, you’re seeing that these Palo Alto Network Firewalls are really – instead of being just spread around in semi-random fashion, are being really presented as a cohesive element within this Alkira Network. And the steering to those is really down through the use of policies. So you can really keep that cohesive security domain and policy enforcement points in the solution.
And finally is the – and Derrick, you mentioned that and I fully agree with you, is that visibility, observability, so all of these things are extremely important and for this customer as well, the single interface as opposed to the proliferation of different management, monitoring, and automation tools that I mentioned earlier that was one of the inhibitors, one of the challenges for the customer deployment. In this case, we’re talking about a network, which is obviously connectivity and security, but also a single interface for all of these Day 2 operations deep inside the health of the infrastructure, the application, availability, and use, utilization, autoscaling, anything that has to do with a Day 2 operations is inherently part of the solution. So now it becomes really a combination of all of those things, from networking, from security, visibility standpoint.
And again, as I mentioned a few times before, the delivery mechanism of as a service, which allows this entire solution to match the speed and the agility of the clouds, and really make the network and security teams work hand in hand with cloud compute, cloud storage, cloud application colleagues, in order to deliver the solutions to the business.
Thank you, Dave. I just want to add something to that slide because it’s real important as – not just as a – you know, being a part of World Wide and working – but someone who has deployed this firsthand, you know, management solutions comes down to – sometimes it comes down to the workflow, and not just what – what insights it has, what are the capabilities, how deep can it go. These are very, very important things. So I’ve seen management tools different drastically across platforms.
But what’s important here is, number one, you’re looking at multiple clouds from one perspective, so that’s very important. Not just multiple clouds, multiple points throughout the whole network from a hybrid perspective too. Second, the workflow is critical. And so when you’re trying to troubleshoot, and you’re trying to reduce that mean time to repair, you need a tool that’s going to be easy to follow the flow of understanding. And yet you don’t have to basically click 18 different windows and have 12 desktops opened to figure out where the root cause. It really should be very intuitive and simple. And I think that’s one thing that you do well is that your workflow and visibility at this point does provide those kind of insights.
Right, yeah. That’s absolutely true. Visibility is important because you can’t really – if you don’t see something, it’s hard for you to operationalize it how to – for you to troubleshoot it. And even in cases where this is delivered as a service, visibility is still a very key element.
So I wanted to transition to take some of the questions. There’s been quite a few questions coming in. As I was talking I was kind of glancing through those. Some of them is maybe for you, and some of them are maybe better suited for me. So let me read out maybe a couple of questions here. One question which is interesting is that – and we touched upon that when I started talking about an existing customer design. The question is, is SD-WAN a prerequisite or requirement for the enterprise multi-cloud networking strategy.
So it’s an interesting question. And I think, Derrick, you would agree we both agreed on the point is that it’s not a prerequisite and it’s not a requirement. It’s just that oftentimes we are seeing customers who are either – who have already made an investment in SD-WAN, or who are in the process of deploying it. And we really want to make sure that the solution, the solutions as we talked about, is really nicely and gracefully interoperating with the SD-WAN for customers who have deployed it. But if you’re a customer who has not deployed SD-WAN, and you are maybe traditional MPLS customer, obviously there are ways that you can continue leveraging your MPLS for your sort of interconnectivity, while still connecting to the Alkira service in order to provide all of these benefits for cloud adoption.
So I don’t know if you want to share anymore insight into that, Derrick.
Yeah, Dave, just real quick. I would agree. I don’t believe – I don’t feel – I mean, I don’t think we feel it’s an requirement. However, I used to really dislike when someone says to me, “It depends,” and I really hate to use that again, but I’m going to say it this time. And it does depend. And I think if you look at an organization or an enterprise or a customer who is looking at their – what’s their strategy, right? Where do the applications live? And if we start to send most of the traffic back to the datacenter and still going through that whole path, and branching and breaking out, the key now is we’re talking about latency is not a new down. Slow response times, the way applications are built today or will be built in the future, we can’t have the slow response.
In user experience, people are expecting a much better experience. So SD-WAN does help with that. It depends if we’re going to move to a SaaS strategy. They’re usually going to be mixed between IaaS and SaaS and PaaS. So the question is it depends, but in many cases, we just want to make sure that it’s part of the strategy. We think it’s critical, but it’s not a requirement.
Right. OK. That’s a good one, yeah. I think I have one more for you because I think you guys have been doing some great work in there. So the question does Alkira have APIs, and of course, I’ll answer yes, everything we do is fully exposed to [rest] APIs. But the second part of the question was about the DevOps teams, and can the DevOps teams leverage those APIs. And what are some of the prominent examples of DevOps teams leveraging these APIs. I think you guys have done a lot of work with us on that, so please share your experiences on that front.
Yeah, definitely. So we – you know, personally and World Wide has a pretty large DevOps team. In fact, our – within my own group in network services and enterprise networking, cloud networking, DevOps, and not just infrastructure as code, doc as code, all of these different things, these are really part of the way of building and supporting your network. So the great thing is, yes, you support an API. I think everything you can do in a GUI can be available through your API, so that’s really a simple yes to that. But I think that, again, an example that I see too are a lot of customers have existing management tools, monitoring tools that they may want to integrate with.
So I think when you look at how your APIs are used, and let’s say you’re pulling data out of your platform, you’re pulling data out, and maybe you want to integrate with a third-party tool, that’s a great example where a DevOps team can leverage those APIs, and not just for configuration and making changes and editing new – or creating new configurations. But it’s really that what does the customer have, and do they have a high level of orchestration they want to integrate with. So you have that capability, which I think is excellent.
And also just a side note, I mean, your new integration with Palo, that API, the programmability between the exposed APIs, that’s a huge example that – I think the DevOps – the key is the DevOps team can leverage those, and those are just a couple of examples I see.
Right. That’s great. Yes. All right. Maybe we’ll take one more question, maybe last question as we’re getting close to the top of the hour, so we want to wrap up.
So the question is about brownfields and greenfields, right. So maybe you can share your thoughts from kind of the trenches as far as brownfields, greenfields are concerned. And what happens to the customers who are already – who had [unintelligible 00:54:10] just like the one that I was going through and giving an example on. So what happens to those customers? What are you guys seeing out there?
Yeah, we definitely see customers that have – quite a few have – are looking into let’s say a colo or a facilities strategy. But – or they’re still trying to investigate, or maybe they’re further along, and they’re actually in the middle of deploying it and leveraging it. Many cases, it comes down to the use case. Let’s just talk about that from when we started in the beginning. The use cases really depends. Some customers may be able to use it for a micro datacenter, so the colo strategy is going to stay. Maybe it makes sense, depends on the region and how they’re leveraging that. And maybe security controls today, at least from the current requirements, have to pass through that, and they only measure a colo for their multi-plat strategy.
The problem is that when they start going further down the line in their cloud strategy, really have to look at how – is that going to be too static for a customer? Is that going to provide enough flexibility, instead of intentionally locking a customer into a location? Because I can tell you from our experience, any network design requires lots of planning, and careful planning. And so when you make a design on location, let’s say, that’s kind of a big decision. And you’re not going to move that easily, so you want something that may be flexible.
So what we do is it comes down to the methodology, as I pointed out earlier. We really have to examine the use case, and then build the architecture that’s appropriate. It might not be a combination of those, and it might be where we see more flexibility basically in parts of the world, that they want to expand markets. It might be easier if you expand in Europe than Asia-Pac, and leverage this new powerful solution that you are implementing. And so I think that – with the [service exchange]. So I think yes. And just to answer the kind of follow-up point is that, yeah, everybody would love a greenfield example, but most customers are brownfield. We have no issue with that. I mean, as far as that is right up our alley. We see ways to approach that.
So a greenfield is ideal, but we also look at the cost of optimization on it, and say what is cost effective. And so we want all of these things to [unintelligible 00:56:29]. So that’s the short answer.
Right. No, it’s good. I agree with you is that specifically on colocations, we have customers who are coming to us with an existing colocation presence, in which case we are happy to accommodate that and just connect the colocation into our cloud services exchange as one of our connectivity options that I mentioned earlier. So we are able to accommodate those customers.
Customers who are looking for colo alternatives, of course, we can provide that. So there’s really, to your point, this planning and methodology is really important. And that’s just one of the examples where you kind of want to see – plan it out properly before making any hasty decision.
All right. So I think we want to wrap up with questions for now. I know there’s way more questions in here. We’re going to make sure that we answer each and every question here. So if you have a question, and we didn’t address your question live, we will absolutely get back to you.
So just leaving you off with a couple of key takeaways. I think that, Derrick, you have very nicely articulated sort of the skills and experience that you guys have as far as taking customers on this multi-cloud, multi-region, multi-cloud, or just adoption journey. And where we come in is really augment those skills and experience with our cloud-services exchange service, which has all of these really attributes that I mentioned earlier for networking and security and as a service delivery. And 1-Click provisioning and operations. So all of these are really complimenting your guys’ skills and experience and real-world experience with doing cloud and multi-cloud adoptions.
And as next steps, you are more than welcome and you are invited to go to wwt.com and read more on the multi-cloud architecture that WWT. And to go to alkira.com and request a demo. They will happily do a demo for you so you can see with your own eyes the interface and all of the things that you talked about today. And obviously, when you’re ready write to the Alkira Service through simple – and start building your own network in a way that we have described.
So I wanted to thank everybody for attending. I want to thank you, Derrick, for co-presenting with me. And we are really looking forward to this joint partnership and joint work with customers. So thank you very much, everybody, and have a good day.