The Future of Hybrid WAN AWS and Azure
The Future of Hybrid WAN AWS and Azure – A Client Story #Cloudscape 2017 Ken Holmes – CIO, Madison Industries Bobby Mazzotti – Network Consultant, Green. Pages Randy Becker – CTO, Green. Pages
Agenda • Madison Industries Overview • Customer Decisions & Architecture • What Is a Hybrid WAN? • Engineering & Design Requirements • Limitations • Demo • Why the Change & Use Cases • Lessons Learned & Best Practices • Architectural Overview of Hybrid • Recommendations WAN Connectivity • Hybrid WAN Requirements #Cloudscape 2017 • Next Steps 2
Madison Industries Overview • Madison Industries is one of the largest and most successful privately held companies in the world • We are a diversified manufacturer serving a broad range of markets including: • • Filtration • Medical • Industrial Solutions • Energy • Safety and Flow Revenues exceed $2 billion with 10, 000 employees in over 25 countries We are making the world safer, healthier and more productive by creating innovative solutions that deliver outstanding customer value.
Madison Industries Overview Transforming operating rooms to make them safer for doctors, nurses and patients. Revenue Growth 622% Revenue in Millions
Madison Industries Overview • Madison is focused on organic growth and is also high acquisitive • IT Strategy directly supports Madison’s acquisition focus • IT Operating model is a hybrid: • Decentralized business applications and services (e. g. ERP) to ensure we align IT initiatives with local business needs • Centralized infrastructure (e. g. Active Directory and Edge Security) to enforce uniform security policies, support rapid integration of acquired companies, and to minimize redundancy and take advantage of economies of scale. #Cloudscape 2017 5
Madison Industries Overview 6 Strong Focus on Cloud Services • Promote rapid integration of acquired companies • Maximize efficiency and flexibility (i. e. elastic computing) • Minimize incremental headcount (esp. IT infrastructure) • Minimize capital expenditures Key Technologies • Identity management • Active Directory in Azure simplify distribution of Domain Controllers • Iaa. S & Saa. S • Examples: ERP in Azure & Email via Office 365 • Robust Internet Connectivity • Network (esp. Internet connectivity) becomes the heart #Cloudscape 2017 of the IT infrastructure
Madison Industries Overview Future • Focus on enhanced security • Continually improve processes that promote rapid integration of acquisitions • Enhanced monitoring and management of Cloud services to ensure high availability #Cloudscape 2017 7
8 Hybrid WAN Architecture Overview Randy Becker #Cloudscape 2017
What Is a Hybrid WAN? 9 Typically defined by more than one method of connecting a branch to a central site • Mix of MPLS and Internet VPN for cost savings and redundancy vs. two MPLS or P 2 P connections Randy’s Definition – could include any of the following and not limited to the above • SD-WAN capabilities (dynamic routing, Qo. S, WAN Acceleration) don’t confuse SD-WAN with H-WAN • Monitoring, performance routing, and Analytics • Mix of connectivity methods (VPN, MPLS, L 2, P 2 P, and maybe 5 G [10 -100 Mbps, 1/10 Gbps? ]) • Cloud services (Saa. S, O 365), Cloud Regional connectivity, and cloud data centers • As data center services move to the cloud you will require connectivity direct connect or VPNs • Virtual routers and NGF in the cloud • Dynamic VPN capabilities (DMVPN & ADVPN (Dynamic Multipoint and Auto Discovery)) • Azure Express. Route and Amazon Direct Connect (private dedicated connections) o Equinix (performance hub), Core. Site, Comcast, Level 3, Megaport. Tata etc. #Cloudscape 2017 o Private connect to cloud Equinix has “Cloud Exchange”
Limitations To Think About • Firewalls are NOT routers, or are they? • Routers are not firewalls, or are they? • We’ve extended our WAN to the cloud! • Internet provides inconsistent performance with no SLAs • You can’t change the physics: distance = latency • More bandwidth doesn’t solve latency, unless you have high utilization, even then it still doesn’t solve • Unfriendly WAN protocols: CIFS/SMB, client server apps, and VDI hosted in the cloud • Inefficiencies in routing with ISPs • Security and how will you protect your business #Cloudscape 2017 10
Why the Change & Use Cases 11 What We Are Hearing from Customers • Location of applications and data is moving • The Cloud changes everything • I want future capabilities and don’t want to be locked in to a technology • I want cost savings, but I don’t mind investing • Leverage both connections and not have costly MPLS circuits idle Use Cases • O 365, Azure, AWS, Dev. Ops, Vo. IP, DRaa. S, Daa. S, and as a Service applications • Improve performance and access to applications and data • Maintain coexistence while your business acquires or divests businesses or business partners • Reduce circuit costs, reduce equipment required and maintenance, maintain diversity • Eliminate vendor lock-in (ATT, Verizon, Comcast) • Improve availability and add redundancy #Cloudscape 2017
Architectural Overview of Hybrid WAN Connectivity 12 Technology Considerations • Traditional approach is to use routers and firewalls • NG SD-WAN is made up of connectivity, security, acceleration, advanced routing, detection, analytics, & Qo. S • Complexity arises when you add in Azure and AWS • Routing limitations with firewalls Everyone has a solution - many vendors in this space and technologies in use • Physical and virtual with cloud options • Cisco (physical) IWAN Wide Area Application Service, Performance Routing, Qo. S, and Analytics o Anyone guess the default routing protocol? • Silver Peak – Unity Edge Connect • Talari/Fat. Pipe/Citrix – Net. Scaler SD-WAN • Viptela – Cloud-first SD-WAN now Cisco as of 8/1 Cloud and Viptela Fabric – Cloud management #Cloudscape 2017
Madison Industries Hybrid WAN Requirements 13 • Full Support for Azure & AWS with Dynamic routing support for VPN connectivity • Support for traditional centralized WAN deployments using MPLS, Layer 2 Ethernet, with a centralized Internet connection • Local Internet access requirements for each business, outbound Internet should egress locally • Must have NGF capabilities (IPS, URL, Content and Anti Malware) • Centralized management tools w/ economical range of hardware models to support small to large offices • Green. Pages Managed Services support requirements for hardware and software platform • Onsite replacement for hardware & Superior Vendor Technical Support • Integration with Active Directory for Remote VPN authentication & URL filtering • Support of high availability (redundancy) within Azure • Support for failover to local alternate ISP at remote sites • *Future capabilities and requirements will be required #Cloudscape 2017
Customer Decisions & Architecture 14 • Cloud First for applications, data, and services • Don’t buy on premises hardware unless it’s required, when required see #1 - Cloud First!! • Locate servers and services in Azure because AD and services reside there • Migrate or select ISPs at migration time/build redundancy for network connections • Requires maintaining coexistence with legacy WAN; maintain Hybrid WAN going forward • Choose platforms that work today; adopt new architecture/features when they become available • Require NGF capabilities and client mobility with access to apps and data • Rapid deployment capabilities • Allow local admins to choose Managed Services for critical service devices • Selection was Cisco ASAs with Fire. POWER and Fortinet Forti. Gate NGF #Cloudscape 2017
15 Technology Deep Dive Bobby Mazzotti #Cloudscape 2017
Engineering & Design Requirements • Azure AD connectivity from all branch offices, Azure Region to Region VPN connectivity • SSL VPN support for remote users with single sign on (SSO) • NGF features with IPS/IDS Intrusion solution o Application Visibility & Control o Anti Malware protection and Sandboxing o URL Filtering • Inter-office IPSec connectivity with BGP routing capable • Route to divesting parent company multi-national data centers • Connectivity to current SAP data center with transition to newly established SAP instance • Wireless LAN re-architecture and recommendations • Cisco ASA Policy Based Routing (VIT) #Cloudscape 2017 16
Traditional WAN Architecture
Cisco Design
Fortinet Design
Lessons Learned & Best Practices (1) • On-premise hardware plays a large role in designing a hybrid solution o Route-based VPN VS o Policy-based VPN o Partner networks with Azure: Express Route and Direct connect • Rebuilding the communication spine of an established network • Data sprawl across multiple offices o Capacity load o ISP capabilities (Bandwidth no SLA options) • SSL VPN connectivity • Wireless re-architecture and security measures #Cloudscape 2017 20
Lessons Learned & Best Practices (2) • Azure and AWS architecture with rd 3 21 party vendors is a sandbox o Azure SDN fabric provides complexity for 3 rd party vendors to integrate their operating systems o AWS vast flexibility can overcomplicate a deployment, providing operation support post migration confusing and time consuming. • Product software releases and roadmaps come at lightning speed o One day it’s not there…. Next day it is…. o Reliance on Azure and AWS for feature releases becomes an inherit dependency • Traditional networking you can throw out the window when it comes to SDN and cloud – Keep in mind it is a Cloud Fabric Service o Multicast, Layer 2, Load Balancing #Cloudscape 2017
Recommendations • Site assessments and requirements are key to a successful implementation • Pick a platform that fits cloud and on-premises traditional networking • Single pane of glass for POST operational maintenance o What are the tools you need? o Keep in mind you don’t control the Internet, if you need predictability consider vendors like Equinix • Threat analysis and protection are standards o IPS/IDS UTM, Talos, Open. DNS etc. … • Know where your compute and storage will live ahead of time • Define impact and outage o How will this affect business productivity o How will this affect user moral
23 Demo Time #Cloudscape 2017
Next Steps: Discounted Half-day Hybrid/SD-WAN Workshop! Let Green. Pages Jumpstart Your Hybrid WAN Strategy ü Discovery & Requirements Gathering ü Technology Deep Dive ü Design Strategy 24
25 #Cloudscape 2017 Thank You Q&A Randy Becker rbecker@greenpages. com Bobby Mazzotti bobby. mazzotti@logicsone. com #Cloudscape 2017
- Slides: 25