By Trevor Patch, Principal Architect for Cloud Adoption
The majority of OEMs need to improve on their high encryption throughput capacity of 1.25G on x86/x64 compute architectures. Organizations that operate greater than 90% of their infrastructure to host applications within the cloud, do not have access to ASICs. Organizations whose infrastructure gravity is over the public cloud will need more than 1.25G of throughput. It is possible for many traditional OEMs to get more than 1.25G of throughput. However, the most popular brands top out around 5G, and require the additional complexity of manually establishing concurrent parallel vNICs pinned with tunnels, where an additional BGP adjacency is formed for equal cost multi-pathing. The additional parallel links are not an aggregate bandwidth, but reliant on a 3 or 5 tuple hash. The pool of humans with the knowledge of operating essentially a mini-ISP is difficult to find. When you add on top the requirements of being familiar with 4 or 5 cloud solutions, and DevOps/IaC, then organizations find themselves in a unicorn market for architects/engineers. As a result, many traditional OEMs will push customers to native network hubs, like a TGW, and offer the COTS provisioning of that cloud native hub through their product. Today, there is an opportunity for traditional OEM’s to coordinate their COTs software with the spinning up and down of parallel tunnels and to provide an easy button through their public repositories.
For organizations with greater than 90% of their gravity over public cloud, it is recommended that the infrastructure teams of those organizations invest into the cultural change to adopt DevOps practices (CI/CD pipelines), Terraform IaC, and multi-cloud native network infrastructure from leading-edge OEM’s like Aviatrix. As of today, Aviatrix holds the patent on x86/x64 systems for high encryption throughputs. Their systems will automatically spin up and down concurrent parallel tunneling with the routing complexities. Dependent on the data flow path, the benchmark testing for Aviatrix’s high encryption throughput between gateways is between 90G to 110G. Additionally, organizations’ cloud hubs are not confined to the quotas the CSPs provide for their own cloud native hubs. An organization can dedicate an Aviatrix transit hub for every environment (like: sandbox, development, QA, and production) for every business unit or application in every cloud provider’s region. With Aviatrix, organizations do not need a unicorn to support the solution. Most traditional infrastructure engineers can support a multi-cloud network architecture with easy templatation through Aviatrix’s certified Terraform IaC repository, and the COTS features of Aviatrix Controller and CoPilot.
Aviatrix does support all the same macro-segmentation, and micro-segmentation capabilities of traditional OEMs’ solutions through the orchestration of each individual public cloud constructs. As well, Aviatrix supports the same capabilities with traditional OEMs for orchestrating the redirection of data flows for deep packet inspection by next-generation firewalls, such as Palo Alto. However, as of today, Aviatrix does not have any integration built into the controller or copilot for coordinating micro-segmentation policy with container environments. As a result, we highly recommend that non-Cisco environment invest into an additional layer of horizontally scalable security through the software company, Illumio. Illumio is a cyber-security organization focused on micro-segmentation and does not directly compete with companies like Zscaler at the macro perimeter layer.
For organizations beginning their digital transformation journey, please contact Presidio Federal to begin the discovery of your existing operations and baseline your applications and their inter-dependencies. After discovery, and gathering requirements, Presidio Federal will begin the envisioning process with Aviatrix, Illumio, and the selected CSPs. In parallel, we will begin the DevOps transformation of your infrastructure operations through the established repositories, such as GitHub and Ansible.
Read the other sections of this article:
Part 1: Background on the Need for Multi-Cloud
Part 2: Networking: A Brief History
Part 3: The Move to Zero Trust
Part 4: Public Cloud Network Topologies
Pure is redefining the storage experience and empowering innovators by simplifying how people consume and interact with data. Pure is delivering a modern data experience—empowering agencies to run their operations as a true, automated, storage as-a-service model seamlessly across all clouds
