Optimizing Cloud Costs

A Joint Technical Webinar with AWS

case study

E-Commerce

A global e-commerce company discovered how a cloud interconnect across AWS and Azure simplified application connectivity between dozens of business units

CHALLENGE

Utilizing public cloud provided a global e-commerce company with the opportunity to scale its infrastructure and meet the individual needs of its business units faster than it could do through on-prem deployments. While this addressed scale, interconnecting applications and data across 45+ business units remained a challenge: normalizing IP networks and security across multiple hybrid cloud deployments was placing substantial strain on network infrastructure operations. Implementing a conventional network solution would provide many-to-many connectivity needed across business units and clouds, but this would only break the micro-segmentation of each business unit and cloud.

Connecting all networks using virtual routing appliances meant incurring a substantial operational bill as multiple firewalls and secure edge services would also need to be deployed to re-restrict connectivity. The company needed to connect applications to other applications and users to those same applications without implementing multiple layers of redundant security processing. While the network would once again be segmented and secure, productivity would then be impacted by the bottlenecks of monolithic appliances and mid-mile services that hairpin traffic in and out of clouds. The company needed an unconventional solution that would lower time-to-market for its business initiatives without compromising on security or performance.

SOLUTION

The company’s principal cloud architect approached Prosimo for a solution that would span multiple public clouds – AWS, Azure, GCP – with selective connectivity across its numerous business units. This meant that while the potential to connect existed, the transport for an application or network layer would not be established until policy explicitly enabled it. It also required simplicity: the company looked to provide a unified cloud interconnect for hundreds of application endpoints without adding the operational complexity of managing multiple stacks and dashboards. This would enable the company’s business units to quickly connect and share complementary resources at the speed of the business, not the speed of compartmentalized IT.

Operating within multiple clouds increases the risk of technical debt for every organization, not just a lean operational team dealing with a multitude of ever-changing, cloud-native services. The company needed a solution that would reduce its operational burden for both network and security without substantial disruption to business operations. Deploying virtual network appliances in the cloud demanded substantial, operational overhead while their inelastic architecture meant almost certain downtime for resizing and reboots from patching and upgrades. Prosimo responded by proposing a cloud-native solution to a cloud-native problem.

BIG WINS

  1. Substantially reduced exposure to technical debt through the orchestration of cloud-native network services and elimination of routing policy configuration
  2. Simplified operations by flattening the network model – transit, security, and content delivery deployed simultaneously
  3. Reduced meantime to resolution through visiblilty of network segment quality and application response
  4. Bridged private and public cloud networks without layer 3 policies and IPsec tunnels
  5. Simplified network and security policy regardless of cloud infrastructure logo or type
  6. Improved time to value for cloud iniatives – reduced cloud network rollout by 80%
  7. Overall application performance improved by 40%

RESULTS

Prosimo’s full-stack cloud transit delivers networking, security, and content delivery as a singular, operational deployment. This stack is enabled through a series of Prosimo “Edges” that are deployed within the administrative control of an organization’s cloud infrastructure. The Edge itself is a Kubernetes-based, services stack orchestrated upon a CSP infrastructure (such as AKS or EKS) giving it flexibility and scale beyond what fixed virtual appliances and service chains may deliver. Once deployed, Edges create a fabric that enables cloud transit where network, security, and content delivery policy is deployed consistently across clouds in minutes. It does this while orchestrating and integrating with the cloud-native network functions found in each cloud. Prosimo gets you as close to the CSP’s network infrastructure as possible while helping you avoid technical debt.

The e-commerce company needed selective connectivity to ensure business units provided least privilege access to their applications regardless of where they were located. Prosimo’s cloud transit establishes connective potential across public and private clouds – actual connectivity is only established and allowed through network or application layer policy. That policy more resembles the simplicity of object-oriented building blocks than the complexity of BGP route distribution and a myriad of IPsec tunnels with multiple copies of policy across what could be an expansive, virtual firewall install base. This approach is a fundamental part of “Zero Trust” architecture which helps eliminate the blind spots and shadow rules often found in conventional IP policy. It is also a native part of cloud transit.

While often secondary to networking and security, content delivery is a key component of Prosimo’s full-stack cloud transit. Poor user experience has become a routine and expected problem for operations teams whether the application is on-prem or in the cloud. Prosimo maintains many “out of the box” application caching policies but allows an operator to configure custom policies for custom apps. Additionally, the operator is allowed to choose how the application is accessed over the network to help balance cloud costs against requisite performance. Once an operator determines how an app will be accessed over the network, the content policy and content are deployed across the cloud transit fabric via each Prosimo Edge. Incorporating security and content delivery into a cohesive fabric not only allowed the company to lower the operational burden on its cloud team, but it did so without sacrificing user experience.

Before After

 

While often secondary to networking and security, content delivery is a key component of Prosimo’s full-stack cloud transit. Poor user experience has become a routine and expected problem for operations teams whether the application is on-prem or in the cloud. Prosimo maintains many “out of the box” application caching policies but allows an operator to configure custom policies for custom apps. Additionally, the operator is allowed to choose how the application is accessed over the network to help balance cloud costs against requisite performance. Once an operator determines how an app will be accessed over the network, the content policy and content are deployed across the cloud transit fabric via each Prosimo Edge. Incorporating security and content delivery into a cohesive fabric not only allowed the company to lower the operational burden on its cloud team, but it did so without sacrificing user experience.

DISRUPTING THE OPERATIONAL MODEL…FOR THE BETTER

While the architecture fit the desired model, a chief concern for the company was the build and deploy phase. The existing infrastructure – while not efficient – was working as-is. A full “rip and replace” implementation would incur substantial risk to business operations. Prosimo’s cloud transit – using DNS – was able to deploy alongside the existing network infrastructure without requiring changes and with no impact on the network. Prosimo’s flexibility extended beyond its cloud-native architecture into operational deployment. This allowed the e-commerce giant to migrate gradually thereby minimizing risk to the business.

The simplification of cloud networking, security, and content delivery meant that the company could maintain granular control over application and network access without complex network security policies. Deploying Prosimo non-disruptively alongside their existing infrastructure helped minimize their exposure to operational risks. As a result, Prosimo’s full-stack cloud transit enabled the company to increase the speed of its cloud infrastructure rollout by 80%, yet Prosimo’s value did not stop there.

Similar to a modern highway system, the cloud interconnect Prosimo had enabled for the company had numerous sensors both externally and as part of the cloud transit. Prosimo’s inclusion of the application layer in its cloud transit means it delivers unique insights into network fidelity AND application responsiveness. This enabled the e-commerce company’s operations team to quickly distinguish between a problem with a network segment or a misbehaving application which substantially reduced its MTTR. Prosimo’s ability to define primary and backup application regions allowed the network to work in conjunction with the company’s highly available application infrastructure. When a cloud outage occurred, Prosimo would respond by rerouting application traffic to another region or cloud without intervention by a network operator.

Prosimo combines its knowledge of network fidelity and application requirements to help guide the cloud operator through daily recommendations. Prosimo’s proprietary AI-ML engine combines telemetry collected from the network and user-defined application requirements to determine how to further optimize the cloud transit through various options weighted by performance or cost. This is what makes Prosimo truly autonomous in multi-cloud networking: it autonomously creates cloud transit but, also, helps you navigate the ever-changing environment of cloud infrastructure. An operator simply chooses to accept a recommendation and it is deployed autonomously, in minutes.

CONCLUSION

Prosimo’s platform is the only solution that can scale cloud networks without compromising on security or application performance; instead, AXI incorporates zero trust and content delivery as native components within its network fabric. As AXI is not constrained to the fixed architecture of a hardware appliance repurposed for the cloud, it dynamically scales up or down to meet the seasonal needs of online shopping. This is how Prosimo enabled a global e-commerce company to create its own cloud network interconnect that allowed its business units to share access without substantial intervention from IT. The company’s cloud team now maintains better visibility into how both networks and applications are performing, delivers consistent security policy across clouds, and intelligently manages user experience and cloud costs.