Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

The Best of Both Worlds: Ensuring a Secure Hybrid Cloud via Direct Network Connectivity

443 views

Published on

As presented at Data Center World 2017, 4/3/217. This presentation focuses on how to effectively utilize Interconnection Fabrics, Edge Data centers, and Regional Cloud Enablers (RCEs) to achieve contract and SLA backed cloud services consumable as if they were on-premises. We discuss methods to consume cloud which is fully compliant, "CISCO approved", and "air gapped" from internet and other tenants.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

The Best of Both Worlds: Ensuring a Secure Hybrid Cloud via Direct Network Connectivity

  1. 1. Twitter: @datacenterworld #DCWLA17 1 The Best of Both Worlds: Ensuring a Secure Hybrid Cloud via Direct Network Connectivity (Session IT5) Sagi Brody CTO -Webair Download the App and rate this session.
  2. 2. 2 Data Center World – Certified Vendor Neutral Each presenter is required to certify that their presentation will be vendor-neutral. As an attendee you have a right to enforce this policy of having no sales pitch within a session by alerting the speaker if you feel the session is not being presented in a vendor neutral fashion. If the issue continues to be a problem, please alert Data Center World staff after the session is complete. Twitter: @datacenterworld #DCWLA17
  3. 3. Context & Opportunity • Methods for interconnection of existing enterprise networks with cloud services • Leverage local data centers, CSPs, and NSPs to achieve low- latency local cloud & global scale • Achieve contract & SLA backed managed cloud services consumable as if they were on-premises (best of both worlds) • What to do with old & expensive internet connectivity (DIA) Twitter: @datacenterworld #DCWLA17
  4. 4. Twitter: @datacenterworld #DCWLA17 Assumptions Cloud vs On-Premises infrastructure • Both Serve a purpose • Match platform based on: • Use-case/Applications • Latency • Legacy requirements & Integrations • Security/Compliance • Costs
  5. 5. Interconnection of existing networks with cloud
  6. 6. Twitter: @datacenterworld #DCWLA17 Why Care? CISO Approved
  7. 7. Twitter: @datacenterworld #DCWLA17 Why Care?
  8. 8. Easy..VPN Tunnel Twitter: @datacenterworld #DCWLA17
  9. 9. VPN Tunnel Twitter: @datacenterworld #DCWLA17 • Easy to configure - VPN based • Pros: • Simple to setup • Proven config • Achieve level of hybrid fast • “Encrypt all things” • Cons: • Internet based • Inconsistent speeds • Duplication of security & management tools • Bound by provider’s network configuration • No cost savings vs Internet based traffic for expensive data transfer fees
  10. 10. At Scale Twitter: @datacenterworld #DCWLA17
  11. 11. At Scale Twitter: @datacenterworld #DCWLA17
  12. 12. Direct connectivity Twitter: @datacenterworld #DCWLA17 • Traditional network connectivity : MetroEthernet / MPLS / VPLS / Point to Point • Connects to what: • Direct to CSP • Direct to Hyperscale (if possible) • To intermediary provider (fabric) who then connect to CSP / Hyperscale • Ok, why? • Speed: Lower Latency, consistent performance (up to ~30%) • Reduced Cost - Possibly 10s of thousands of dollars • Traffic doesn’t route over public internet • Network stretch: Workload portability • Merge Cloud to local environment (pre-existing network models, IP schemes, etc) • Capture Internet facing traffic via local connectivity
  13. 13. Direct Connectivity Twitter: @datacenterworld #DCWLA17 Cloud enablement from traditional network providers
  14. 14. Direct Connectivity Twitter: @datacenterworld #DCWLA17 • Some NSPs now offering this as a service, consider yourself lucky • Typically need to pick this up at a data center or MMR • What about multiple regions? • Cloud have other providers in the mix.. • “Traditional” circuit with traditional • Turn up time • Contracts • Possibly local loop providers • Lack of transparency
  15. 15. Multiple Clouds & Multiple Regions Twitter: @datacenterworld #DCWLA17
  16. 16. Provider VLAN Tagged connectivity Twitter: @datacenterworld #DCWLA17 Slightly better than traditional
  17. 17. Easier in a data center? Twitter: @datacenterworld #DCWLA17 • 4 Physical ports on devices • 4 Paid cross connects • 4 Organized connections with 3rd parties • 4 Ports to monitor and manage at fixed speeds • 4 MetroEthernet fees to get to other PoPs
  18. 18. Enter Virtual Interconnection.. Twitter: @datacenterworld #DCWLA17 “ Elastic, SDN based, ubiquitous Ethernet fabric” “Interconnection Platform” “software enabled interconnection platform” Open Cloud Exchange “ one-to-many Ethernet connection to the cloud” Cloud Exchange “advanced interconnection solution” “outsourced connectivity solutions”
  19. 19. Virtual Interconnection Twitter: @datacenterworld #DCWLA17
  20. 20. Virtual Interconnection Twitter: @datacenterworld #DCWLA17 • One physical connection from your network to the fabric • Ability to segment multiple “Virtual Cross Connects” to other networks/participants • Ability to provision VXCs instantly via portals or APIs • Connectivity to large big name clouds and other networks • Metro and Longhaul • No Long term commitments • QoS & SLA • “It’s not what the fabric can do for you, its what you can do for the fabric!”
  21. 21. Datacenter before Twitter: @datacenterworld #DCWLA17
  22. 22. Datacenter after Twitter: @datacenterworld #DCWLA17
  23. 23. Metro Fabric Twitter: @datacenterworld #DCWLA17
  24. 24. Longhaul before Twitter: @datacenterworld #DCWLA17
  25. 25. Longhaul after Twitter: @datacenterworld #DCWLA17
  26. 26. Cloud Connectivity Twitter: @datacenterworld #DCWLA17 Cool. How does this help with hybrid connectivity • Consume multiple cloud providers easily • Reduced data-transfer costs • Traffic does not traverse the public Internet • Reduces vendor lock-in and fears of cloud commitment • Public cloud can now be seen as tenant to existing network • Build temporary connectivity for sensitive data • CISCO Happy :) Any Cons? • Middle man between you and 3rd party • Security? • Multi-tenant platform • Multiple providers/networks on same platform • Lack of transparency • Compliance
  27. 27. Going deeper: leveraging regional & edge providers for cloud enablement
  28. 28. When public cloud isn’t enough Twitter: @datacenterworld #DCWLA17 • Latency: post-production uploads, real time bidding, file share “stretch” • Unmanaged IaaS or hyperscale: management, monitoring, security, and scaling is still owned and accountable by end user (or additional 3rd party) • Native BAAs of IaaS and hyperscale are nonexistent or weak • Data sovereignty is an issue and only growing in importance with political climate (ie Safe Harbor 10/16) • Tough for VARs, MSPs, and those seeking white-glove/value add
  29. 29. Cloud at the Edge Twitter: @datacenterworld #DCWLA17
  30. 30. Cloud at the Edge Twitter: @datacenterworld #DCWLA17
  31. 31. Cloud at the Edge Twitter: @datacenterworld #DCWLA17 Opportunity for regional colocation facilities and edge data centers • Multi-Cloud connectors • Local cloud services for use-cases where hyperscale may not be a fit • The “Cloud next door” • The high touch provider to bring services to end users via customized deployments • “Regional Cloud Enabler” (RCE)
  32. 32. Cloud at the Edge Twitter: @datacenterworld #DCWLA17 • Low Latency • No cost for data transfer • “Air Gap” Infrastructure by providing physical segmentation • CSP Ownership/Accountability of network + services
  33. 33. Cloud at the Edge Twitter: @datacenterworld #DCWLA17 • Go deeper.. • “Bridge” to an eco-system of managed services • Support future business decisions quickly & privately
  34. 34. Cloud at the Edge Twitter: @datacenterworld #DCWLA17
  35. 35. Cloud at the Edge Twitter: @datacenterworld #DCWLA17 • Maintain standard & secure consumption model for all services: • Single network ingestion point • No/discounted data transfer fees • Not over the Internet • Consume these services: • “Air Gapped” private cloud infrastructure • Connectivity to public hyperscale • Voice / SIP trunks • SEIM / Security services • 3rd party SaaS, Email, other services • Backups / DRaaS
  36. 36. Cloud at the Edge Twitter: @datacenterworld #DCWLA17 • Provides a flexible network deployment model • Ability to stay compliant with any regulations • Many cybersecurity questions go away • Customized BAAs based on services • Future Proofing the business with flexibility CISO Approved
  37. 37. Barrier to entry? Twitter: @datacenterworld #DCWLA17
  38. 38. Value of existing connectivity? Twitter: @datacenterworld #DCWLA17
  39. 39. Value of existing connectivity? Twitter: @datacenterworld #DCWLA17
  40. 40. “Regional Cloud Enabler” Twitter: @datacenterworld #DCWLA17 Already being done..
  41. 41. “Regional Cloud Enabler” Twitter: @datacenterworld #DCWLA17 How we did it…. • Started with traditional web-hosting • “Full Stack Ownership”
  42. 42. “Regional Cloud Enabler” Twitter: @datacenterworld #DCWLA17 • Started at the top of the stack, Pure colo starts at bottom • Existing layers of managed infrastructure support 400K sites • Existing fabric within data centers • Interesting 3rd party serves on-prem: • VOIP • MSSP SOC • DDoS • Backups, LBaaS, DRaaS, Cloud, etc.. • Cloud Easy to win colo when everything is a physical cross connect within the 4 walls, low latency, secure How we did it..
  43. 43. “Regional Cloud Enabler” Twitter: @datacenterworld #DCWLA17 Ecosystem of managed services within facility • Started within the facility • Promise of cloud services behind the FW • Easy to extend model to customer network
  44. 44. “Regional Cloud Enabler” Twitter: @datacenterworld #DCWLA17 • Not as black and white as On-Prem vs Hyperscale • Big opportunity in the gray areas • Achieve the “Best of Both worlds”: Contract and SLA backed cloud services consumable as if they were on-premises
  45. 45. “Regional Cloud Enabler” Twitter: @datacenterworld #DCWLA17 Real world Example: Regional Hospital
  46. 46. 46 Thank you Sagi Brody CTO - Webair sagi@webair.com @webairsagi Twitter: @datacenterworld #DCWLA17

×