Enterprise IT Perspectives Panel One
John Furrier of the Cube talks with AEGON, Factset and National Instruments
>> Welcome back to ALTITUDE 2020. For the folks in the live stream, I’m John Furrier, Steve Mullaney, CEO of Aviatrix. For our first of two customer panels with cloud network architects, we’ve got Bobby Willoughby, AEGON Luis Castillo from National Instruments and David Shinnick with FactSet. Guys, welcome to the stage for this digital event. Come on up.
(audience clapping) (upbeat music)
Hey good to see you, thank you.
Customer panel, this is my favorite part. We get to hear the real scoop, we get the Gardener giving us the industry overview. Certainly, multi-cloud is very relevant, and cloud-native networking is a hot trend with the live stream out there in the digital events. So guys, let’s get into it. The journey is, you guys are pioneering this journey of multi-cloud and cloud-native networking and are soon going to be a lot more coming. So I want to get into the journey. What’s it been like? Is it real? You’ve got a lot of scar tissue? What are some of the learnings?
>>Absolutely. Multi-cloud is whether or not we accept it, as network engineers is a reality. Like Steve said, about two years ago, companies really decided to just bite the bullet and move there. Whether or not we accept that fact, we need to not create a consistent architecture across multiple clouds. And that is challenging without orchestration layers as you start managing different tool sets and different languages across different clouds. So it’s really important to start thinking about that.
>> Guys on the other panelists here, there’s different phases of this journey. Some come at it from a networking perspective, some come in from a problem troubleshooting, what’s your experiences?
>> From a networking perspective, it’s been incredibly exciting, it’s kind of once in a generational opportunity to look at how you’re building out your network. You can start to embrace things like infrastructure as code that maybe your peers on the systems teams have been doing for years, but it just never really worked on-prem. So it’s really exciting to look at all the opportunities that we have and all of the interesting challenges that come up that you get to tackle.
>> And effects that you guys are mostly AWS, right?
>> Yeah. Right now though, we are looking at multiple clouds. We have production workloads running in multiple clouds today but a lot of the initial work has been with Amazon.
>> And you’ve seen it from a networking perspective, that’s where you guys are coming at it from?
>> Awesome. How about you?
>> We evolve more from a customer requirement perspective. Started out primarily as AWS, but as the customer needed more resources from Azure like HPC, Azure AD, things like that, even recently, Google analytics, our journey has evolved into more of a multi-cloud environment.
>> Steve, weigh in on the architecture because this is going to be a big conversation, and I wanted you to lead this section.
>> I think you guys agree the journey, it seems like the journey started a couple of years ago. Got real serious, the need for multi-cloud, whether you’re there today. Of course, it’s going to be there in the future. So that’s really important. I think the next thing is just architecture. I’d love to hear what you, had some comments about architecture matters, it all starts, every enterprise I talked to. Maybe talk about architecture and the importance of architects, maybe Bobby.
>> From architecture perspective, we started our journey five years ago.
>> Wow, okay.
>> And we’re just now starting our fourth evolution over network architect. And we call it networking security net sec, versus just as network. And that fourth-generation architecture should be based primarily upon the Palo Alto Networks and Aviatrix. Aviatrix to new orchestration piece of it. But that journey came because of the need for simplicity, the need for a multi-cloud orchestration without us having to go and do reprogramming efforts across every cloud as it comes along.
>> I guess the other question I also had around architecture is also… Luis maybe just talk about it. I know we’ve talked a little bit about scripting, and some of your thoughts on that.
>> Absolutely. So for us, we started creating the network constructs with cloud formation, and we’ve stuck with that for the most part. What’s interesting about that is today, on-premise, we have a lot of automation around how we provision networks, but cloud formation has become a little bit like the new manual for us. We’re now having issues with having to automate that component and making it consistent with our on-premise architecture and making it consistent with Azure architecture and Google cloud. So, it’s really interesting to see companies now bring that layer of abstraction that SD-WAN brought to the wound side, now it’s going up into the cloud networking architecture.
>> Great. So on the fourth generation, you mentioned you’re on the fourth-gen architecture. What have you learned? Is there any lessons, scratch issue, what to avoid, what worked? What was the path that you touched?
>> It’s probably the biggest lesson there is that when you think you finally figured it out, you haven’t. Amazon will change something, Azure change something. Transit Gateway is a game-changer. And listening to the business requirements is probably the biggest thing we need to do upfront. But I think from a simplicity perspective, like I said, we don’t want to do things four times. We want to do things one time, we want be able to write to an API which Aviatrix has and have them do the orchestration for us. So that we don’t have to do it four times.
>> How important is architecture in the progression? Is it do you guys get thrown in the deep end, to solve these problems, are you guys zooming out and looking at it? How are you guys looking at the architecture?
>> You can’t get off the ground if you don’t have the network there. So all of those, we’ve gone through similar evolutions, we’re on our fourth or fifth evolution. I think about what we started off with Amazon without Direct Connect Gateway, without Transit Gateway, without a lot of the things that are available today, kind of the 80, 20 that Steve was talking about. Just because it wasn’t there doesn’t mean we didn’t need it. So we needed to figure out a way to do it, we couldn’t say, “Oh, you need to come back to the network team in a year, and maybe Amazon will have a solution for it.” We need to do it now and evolve later and maybe optimize or change the way you’re doing things in the future. But don’t sit around and wait, you can’t.
>> I’d love to have you guys each individually answer this question for the live streams that comes up a lot. A lot of cloud architects out in the community, what should they be thinking about the folks that are coming into this proactively and, or realizing the business benefits are there? What advice would you guys give them on architecture? What should be they’d be thinking about, and what are some guiding principles you could share?
>> So I would start with looking at an architecture model that can spread and give consistency to the different cloud vendors that you will absolutely have to support. Cloud vendors tend to want to pull you into using their native tool set, and that’s good if only it was realistic to talk about only one cloud. But because it doesn’t, it’s super important to talk about, and have a conversation with the business and with your technology teams about a consistent model.
>> And how do I do my day one work so that I’m not spending 80% of my time troubleshooting or managing my network? Because if I’m doing that, then I’m missing out on ways that I can make improvements or embrace new technologies. So it’s really important early on to figure out, how do I make this as low maintenance as possible so that I can focus on the things that the team really should be focusing on?
>> Bobby, your advice there, architecture.
>> I don’t know what else I can add to that. Simplicity of operations is key.
>> So the holistic view of day two operations you mentioned, let’s can jump in day one as you’re getting stuff set up, day two is your life after. This is kind of of what you’re getting at, David. So what does that look like? What are you envisioning as you look at that 20-mile stair, out post multi-cloud world? What are some of the things that you want in the day two operations?
>> Infrastructure as code is really important to us. So how do we design it so that we can start fit start making network changes and fitting them into a release pipeline and start looking at it like that, rather than somebody logging into a router CLI and troubleshooting things in an ad hoc nature? So, moving more towards a dev-ops model.
>> You guys, anything to add on that day two?
>> Yeah, I would love to add something. In terms of day two operations you can either sort of ignore the day two operations for a little while, where you get your feet wet, or you can start approaching it from the beginning. The fact is that the cloud-native tools don’t have a lot of maturity in that space and when you run into an issue, you’re going to end up having a bad day, going through millions and millions of logs just to try to understand what’s going on. That’s something that the industry just now is beginning to realize it’s such a big gap.
>> I think that’s key because for us, we’re moving to more of an event-driven or operations. In the past, monitoring got the job done. It’s impossible to monitor something that is not there when the event happens. So the event-driven application and then detection is important.
>> Gardner is all about the cloud-native wave coming into networking. That’s going to be a serious thing. I want to get your guys’ perspective, I know you have each different views of how you come into the journey and how you’re executing. And I always say the beauty’s in the eye of the beholder and that applies to how the network’s laid out. So, Bobby, you guys do a lot of high-performance encryption, both on AWS and Azure. That’s a unique thing for you. How are you seeing that impact with multi-cloud?
>> That’s a new requirement for us too, where we have an increment to encrypt. And then if you ever get the question, should I encrypt, should I not encrypt? The answer is always yes. You should encrypt when you can encrypt. For our perspective, we need to migrate a bunch of data from our data centers. We have some huge data centers, and getting that data to the cloud is a timely expense in some cases. So we have been mandated, we have to encrypt everything, leave in the data center. So we’re looking at using the Aviatrix insane mode appliances to be able to encrypt 10, 20 gigabits of data as it moves to the cloud itself.
>> David, you’re using Terraform, you’ve got FireNet, you’ve got a lot of complexity in your network. What do you guys look at the future for your environment?
>> So many exciting that we’re working on now as FireNet. So for our security team that obviously have a lot of knowledge base around Palo Alto, and with our commitments to our clients, it’s not very easy to shift your security model to a specific cloud vendor. So there’s a lot of SOC 2 compliance and things like that were being able to take some of what you’ve worked on for years on-prem and put it in the cloud and have the same type of assurance that things are going to work and be secure in the same way that they are on-prem, helps make that journey into the cloud a lot easier.
>> And Louis, you guys got scripting, you got a lot of things going on. What’s your unique angle on this?
>> Absolutely. So for disclosure, I’m not an Aviatrix customer yet. (laughs)
>> It’s okay, we want to hear the truth, so that’s good. Tell us, what are you thinking about? What’s on your mind?
>> When you talk about implementing a tool like this, it’s really just really important to talk about automation focus on value. When you talk about things like encryption and things like so you’re encrypting tunnels and encrypting the path, and those things should be second nature really. When you look at building those back-ends and managing them with your team, it becomes really painful. So tools like Aviatrix that add a lot automation it’s out of sight, out of mind. You can focus on the value, and you don’t have to focus on this.
>> So I got to ask you guys. I see Aviatrix was here, they’re supplier to this sector, but you guys are customers. Everyone’s pitching your stuff, people knock on you, “Buy my stuff.” How do you guys have that conversation with the suppliers, like the cloud vendors and other folks? What’s it like? We’re API all the way? You’ve got to support this? What are some of your requirements? How do you talk to and evaluate people that walk in and want to knock on your door and pitch you something? What’s the conversation like?
>> It’s definitely API driven. We definitely look at the API structure that the vendors provide before we select anything. That is always first of mine and also, what problem are we really trying to solve? Usually, people try to sell or try to give us something that isn’t really valuable, like implementing a Cisco solution on the cloud doesn’t really add a lot of value, that’s where we go.
>> David, what’s your conversation like with suppliers? Do you have a certain new way to do things? As it becomes more agile, essentially networking, and getting more dynamic, what are some of the conversations with either in commits or new vendors that you’re having? What do you require?
>> Ease of use is definitely high up there. We’ve had some vendors come in and say, “Hey, when you go to set this up, “we’re going to want to send somebody on-site.” And they’re going to sit with you for a day to configure it. And that’s a red flag. Well, wait a minute, do we really, if one of my really talented engineers can’t figure it out on his own, what’s going on there and why is that? Having some ease of use and the team being comfortable with it and understanding it is really important.
>> Bobby, how about you? Old days was, do a bake-off and the winner takes all. Is it like that anymore? What’s evolving? Bake-off last year for but still win. But that’s different now because now when you get the product, you can install the product in AWS and Azure, have it up running in a matter of minutes. So the key is that can you be operational within hours or days instead of weeks? But do we also have the flexibility to customize it, to meet your needs? Because you don’t want to be put into a box with the other customers when you have needs that are past their needs.
>> I can almost see the challenge that you guys are living, where you’ve got the cloud immediate value, depending how you can roll up any solutions, but then you might have other needs. So you’ve got to be careful not to buy into stuff that’s not shipping. So you’re trying to be proactive and at the same time, deal with what you got. How do you guys see that evolving? Because multi-cloud to me is definitely relevant, but it’s not yet clear how to implement across. How do you guys look at this baked versus future solutions coming? How do you balance that?
>> Again, so right now, we’re taking the ad hoc approach and experimenting what the different concepts of cloud are and really leveraging the native constructs of each cloud. But there’s a breaking point for sure. You don’t get to scale this like someone said, and you have to focus on being able to deliver, developers their sandbox or their play area for the things that they’re trying to build quickly. And the only way to do that is with some consistent orchestration layer that allows you to–
>> So you expect a lot more stuff to becoming pretty quickly in that area.
>> I do expect things to start maturing quite quickly this year.
>> And you guys see similar trend, new stuff coming fast?
>> Yeah. Probably the biggest challenge we’ve got now is being able to segment within the network, being able to provide segmentation between production, non-production workloads, even businesses, because we support many businesses worldwide and isolation between those is a key criteria there. So the ability to identify and quickly isolate those workloads is key. So the CIOs that are watching are saying, “Hey, take that hill, do multi-cloud.” And then you have the bottoms up organization, “Pause, you’re like off a little bit, it’s not how it works.” What is the reality in terms of implementing as fast as possible? Because the business benefits are clear, but it’s not always clear on the technology how to move that fast. What are some of the barriers, what are the blockers, what are the enablers?
>> I think the reality is that you may not think you’re multi-cloud, but your business is. So I think the biggest barrier there is understanding what the requirements are and how best to meet those requirements in a secure manner. Because you need to make sure that things are working from a latency perspective that things work the way they did and get out of the mind shift that it was a tier-three application and the data center, it doesn’t have to be a tier-three application in the cloud. So, lift and shift is not the way to go.
>> Scale is a big part of what I see is the competitive advantage by these clouds and used to be proprietary network stacks in the old days, and then open systems came, that was a good thing. But as cloud has become bigger, there’s an inherent lock-in there with the scale. How do you guys keep the choice open? How are you guys thinking about interoperability? What are some of the conversations that you guys are having around those key concepts?
>> When we look at from a networking perspective, it’s really key for you to just enable all the class to be able to communicate between them. Developers will find a way to use the cloud that best suits their business needs. And like you said, it’s whether you’re in denial or not, of the multi-cloud fact that your company is in already that’s it becomes really important for you to move quickly.
>> Yeah. And a lot of it also hinges on how well is the provider embracing what that specific cloud is doing? So, are they swimming with Amazon or Azure and just helping facilitate things, and they’re doing the heavy lifting API work for you? Or are they swimming upstream and they’re trying to hack it all together in messy way? And so that helps you stay out of the lock-in because there, if they’re using Amazon native tools to help you get where you need to be, it’s not like Amazon is going to release something in the future that completely makes you have designed yourself into a corner. So the closer, more than cloud-native they are, the more, the easier it is to deploy.
>> Which also need to be aligned in such a way that you can take advantage of those cloud-native technologies. Will it make sense? TGW is a gamechanger in terms of cost and performance. So to completely ignore that, would be wrong. But if you needed to have encryption, TGW is not encrypted, so you need to have some type of Gateway to do the VPN encryption. So, the Aviatrix tool will give you the beauty of both worlds. You can use TGW or the Gateway. Real quick on the last minute we have, I want to just get a quick feedback from you guys. I hear a lot of people say to me, “Hey, pick the best cloud for the workload you got, then figure out multicloud behind the scenes.” Do you guys agree with that? Do I go more to one cloud across the whole company or this workload works great on AWS, that workload works great on this. From a cloud standpoint, do you agree with that premise, and then when is multi-cloud stitching altogether?
>> From an application perspective, it can be per workload, but it can also be an economical decision, certain enterprise contracts will pull you in one direction to add value, but the network problem is still the same.
>> It doesn’t go away.
>> You don’t want to be trying to fit a square into a round hall. If it works better on that cloud provider, then it’s our job to make sure that service is there and people can use it.
>> I agree, you just need to stay ahead of the game, make sure that the network infrastructure is there, security is available and is multi-cloud capable.
>> At the end of the day, you guys are just validating that it’s the networking game now. Cloud storage, compute check, networking is where the action is. Awesome. Thanks for your insights guys, appreciate you coming on the panel. Appreciate it, thanks.