The Best of Both Worlds: Ensuring a Secure Hybrid Cloud via Direct Network Connectivity

Twitter: @datacenterworld
#DCWLA17
1
The Best of Both Worlds:
Ensuring a Secure Hybrid Cloud
via Direct Network Connectivity
(Session IT5)
Sagi Brody
CTO -Webair
Download the App
and rate this
session.

2
Data Center World – Certified Vendor Neutral
Each presenter is required to certify that their
presentation will be vendor-neutral.
As an attendee you have a right to enforce this
policy of having no sales pitch within a session
by alerting the speaker if you feel the session is
not being presented in a vendor neutral fashion.
If the issue continues to be a problem, please
alert Data Center World staff after the session
is complete.
#DCWLA17

Context & Opportunity
• Methods for interconnection of existing enterprise networks with
cloud services
• Leverage local data centers, CSPs, and NSPs to achieve low-
latency local cloud & global scale
• Achieve contract & SLA backed managed cloud services
consumable as if they were on-premises (best of both worlds)
• What to do with old & expensive internet connectivity (DIA)
Twitter: @datacenterworld #DCWLA17

#DCWLA17
Assumptions
Cloud vs On-Premises infrastructure
• Both Serve a purpose
• Match platform based on:
• Use-case/Applications
• Latency
• Legacy requirements & Integrations
• Security/Compliance
• Costs

Interconnection of existing networks with cloud

#DCWLA17
Why Care?
CISO Approved

Why Care?

Easy..VPN Tunnel

VPN Tunnel
• Easy to configure - VPN based
• Pros:
• Simple to setup
• Proven config
• Achieve level of hybrid fast
• “Encrypt all things”
• Cons:
• Internet based
• Inconsistent speeds
• Duplication of security & management tools
• Bound by provider’s network configuration
• No cost savings vs Internet based traffic for expensive data transfer fees

At Scale
#DCWLA17

At Scale

Direct connectivity
#DCWLA17
• Traditional network connectivity : MetroEthernet / MPLS / VPLS / Point to Point
• Connects to what:
• Direct to CSP
• Direct to Hyperscale (if possible)
• To intermediary provider (fabric) who then connect to CSP / Hyperscale
• Ok, why?
• Speed: Lower Latency, consistent performance (up to ~30%)
• Reduced Cost - Possibly 10s of thousands of dollars
• Traffic doesn’t route over public internet
• Network stretch: Workload portability
• Merge Cloud to local environment (pre-existing network models, IP schemes, etc)
• Capture Internet facing traffic via local connectivity

Direct Connectivity
#DCWLA17
Cloud enablement from traditional network providers

Direct Connectivity
• Some NSPs now offering this as a service, consider yourself lucky
• Typically need to pick this up at a data center or MMR
• What about multiple regions?
• Cloud have other providers in the mix..
• “Traditional” circuit with traditional
• Turn up time
• Contracts
• Possibly local loop providers
• Lack of transparency

Multiple Clouds & Multiple Regions
#DCWLA17

Provider VLAN Tagged connectivity
#DCWLA17
Slightly better than traditional

Easier in a data center?
• 4 Physical ports on devices
• 4 Paid cross connects
• 4 Organized connections with 3rd parties
• 4 Ports to monitor and manage at fixed speeds
• 4 MetroEthernet fees to get to other PoPs

Enter Virtual Interconnection..
“ Elastic, SDN based, ubiquitous Ethernet fabric”
“Interconnection Platform”
“software enabled interconnection platform”
Open Cloud Exchange
“ one-to-many Ethernet connection to the cloud”
Cloud Exchange
“advanced interconnection solution” “outsourced connectivity solutions”

Virtual Interconnection

Virtual Interconnection
• One physical connection from your network to the fabric
• Ability to segment multiple “Virtual Cross Connects” to other
networks/participants
• Ability to provision VXCs instantly via portals or APIs
• Connectivity to large big name clouds and other networks
• Metro and Longhaul
• No Long term commitments
• QoS & SLA
• “It’s not what the fabric can do for you,
its what you can do for the fabric!”

Datacenter before

Datacenter after

Metro Fabric

Longhaul before

Longhaul after

Cloud Connectivity
Cool. How does this help with hybrid connectivity
• Consume multiple cloud providers easily
• Reduced data-transfer costs
• Traffic does not traverse the public Internet
• Reduces vendor lock-in and fears of cloud commitment
• Public cloud can now be seen as tenant to existing network
• Build temporary connectivity for sensitive data
• CISCO Happy :)
Any Cons?
• Middle man between you and 3rd party
• Security?
• Multi-tenant platform
• Multiple providers/networks on same platform
• Lack of transparency
• Compliance

Going deeper: leveraging regional & edge providers
for cloud enablement

When public cloud isn’t enough
• Latency: post-production uploads, real time bidding, file share “stretch”
• Unmanaged IaaS or hyperscale: management, monitoring, security, and
scaling is still owned and accountable by end user (or additional 3rd party)
• Native BAAs of IaaS and hyperscale are nonexistent or weak
• Data sovereignty is an issue and only growing in importance with political
climate (ie Safe Harbor 10/16)
• Tough for VARs, MSPs, and those seeking white-glove/value add

Cloud at the Edge
#DCWLA17

Cloud at the Edge

Cloud at the Edge
Opportunity for regional colocation facilities and edge data centers
• Multi-Cloud connectors
• Local cloud services for use-cases where hyperscale may not be a fit
• The “Cloud next door”
• The high touch provider to bring services to end users via customized
deployments
• “Regional Cloud Enabler” (RCE)

Cloud at the Edge
• Low Latency
• No cost for data transfer
• “Air Gap” Infrastructure by providing physical
segmentation
• CSP Ownership/Accountability of network +
services

Cloud at the Edge
• Go deeper..
• “Bridge” to an eco-system of
managed services
• Support future business
decisions quickly & privately

Cloud at the Edge
• Maintain standard & secure consumption model for all services:
• Single network ingestion point
• No/discounted data transfer fees
• Not over the Internet
• Consume these services:
• “Air Gapped” private cloud infrastructure
• Connectivity to public hyperscale
• Voice / SIP trunks
• SEIM / Security services
• 3rd party SaaS, Email, other services
• Backups / DRaaS

Cloud at the Edge
• Provides a flexible network deployment model
• Ability to stay compliant with any regulations
• Many cybersecurity questions go away
• Customized BAAs based on services
• Future Proofing the business with flexibility
CISO Approved

Barrier to entry?

Value of existing connectivity?

“Regional Cloud Enabler”
Already being done..

How we did
it….
• Started with traditional web-hosting
• “Full Stack Ownership”

• Started at the top of the stack, Pure colo starts at bottom
• Existing layers of managed infrastructure support 400K sites
• Existing fabric within data centers
• Interesting 3rd party serves on-prem:
• VOIP
• MSSP SOC
• DDoS
• Backups, LBaaS, DRaaS, Cloud, etc..
• Cloud
Easy to win colo when everything is a physical cross connect within
the 4 walls, low latency, secure
How we did it..

Ecosystem of managed services within facility
• Started within the facility
• Promise of cloud services
behind the FW
• Easy to extend model to
customer network

• Not as black and white as On-Prem vs Hyperscale
• Big opportunity in the gray areas
• Achieve the “Best of Both worlds”: Contract and SLA backed cloud
services consumable as if they were on-premises

Real world Example: Regional Hospital

46
Thank you
Sagi Brody
CTO - Webair
sagi@webair.com
@webairsagi
#DCWLA17

The Best of Both Worlds: Ensuring a Secure Hybrid Cloud via Direct Network Connectivity

Recommended

Recommended

More Related Content

Recently uploaded

Recently uploaded (20)

Featured

Featured (20)

The Best of Both Worlds: Ensuring a Secure Hybrid Cloud via Direct Network Connectivity