Top Global Consulting Firm
See how Prosimo AXI Consolidates Cloud Infrastructure to Lower Costs and Improve User Experiences
“I started to rethink whether the traditional four-layer model with network underlays, tunneling using overlays, network- focused security, and hub-and-spoke architectures was how I wanted to build for the cloud. I wanted to modernize my infrastructure to focus on user identity and workload endpoints—not IP addresses, VPCs, and subnets.”Enterprise Cloud Architect
As the firm started adopting multi-cloud (Azure and AWS) at scale for business-critical applications for customers and partners, productivity tools for their employees, and CI/CD tools for DevOps using both monolithic and modern cloud-native containerized apps/functions distributed across multiple regions, the existing stack started unmasking the operational challenges. In order to make it all work, the cloud infrastructure team started with the existing cloud blueprint and stitched together a range of disjointed services. Virtual appliances and mid-mile services sprawl quickly resulted in lack of visibility and control, complexity in managing multi-layer stacks, fragmented security control, increased cloud infrastructure costs, and poor user experience.
With a global presence, hundreds of offices, and thousands of users accessing business-critical applications, this accounting firm helps organizations create value by delivering quality in their consulting services. In recent years, the company’s network infrastructure team has been tasked with cloud adoption initiatives, particularly focusing on multi-cloud (AWS and Azure) to take full advantage of differentiated features from cloud service providers with varying cloud costs and to address the requirements of specific applications and tools. The infrastructure team developed a cloud blueprint based on their previous Azure deployment and wanted to replicate it for AWS, which divides their infra stack in three different layers—access, transit, and application layers.
Existing cloud blueprint for single AWS region
As depicted in the high-level architecture, the three-layer cloud infrastructure blueprint requires stitching various services together and spans across eight different IT initiatives:
|VPN for remote||WAF + CDN for external apps|
|SDWAN for branches||AppGW for ALB|
|Multi-cloud Networking||SSO proxy|
|FW for segmentation||NPM|
Where it all started to fail
As per the recommended vendor best practices, most of these appliances required for connectivity and security were deployed in HA pairs, including MCN gateways and hubs in different availability zones, firewalls, and load balancers to provide active/standby functionality. Soon enough, the team realized that they couldn’t scale by simply applying the same hub-and-spoke architectures and HA principles used traditionally in data centers 20 years ago. As the global workforce started experiencing performance issues and the time needed to identify and mitigate issues increased, the ops team found it difficult to cobble together insights gathered from multiple monitoring and vendor dashboards in an effort to gauge the health of the infrastructure. Network and TCP port-level insights made it even more difficult to quickly fix application layer experience issues. All these operational challenges made it highly difficult and time-consuming to bring new business apps to the marketplace for clients, resulting in delayed project timelines, lost revenue, and user experience issues that were hard to diagnose and fix. The team also lost visibility into infrastructure cost and accidental overspending with overprovisioned resources.
Prosimo’s cloud-first approach is different
To take full advantage of the scale, elasticity, and economy of the cloud for distributed workloads in AWS, the accounting firm engaged with Prosimo to jointly develop a new cloud-native blueprint that is equally applicable and consistent across multi-cloud and their data center environments. This new cloud-native blueprint needed to provide the required application experience using cloud-native constructs, without reinventing the wheel, and it needed a modern architecture to better deliver application performance to the firm’s globally distributed workforce and customers.
With Prosimo AXI, we were able to transform and consolidate the infrastructure stacks all the wayEnterprise Cloud Architect, Consulting Firm
from application to cloud network and transport layers. This change gave us a lot of flexibility to
add applications to our preferred cloud service provider without spending cycles in building
hub-spoke architectures with traditional SD-WAN and multi-cloud networking vendors. Our
users got optimal application experience along with Zero Trust Access through Prosimo AXI.
Prosimo cloud-native blueprint for AWS regions (Equally applicable to any cloud)
During the controlled pilot for a set of users across three different locations, the cloud infrastructure team deployed Prosimo AXI (Application eXperience Infrastructure) edges in AWS US East and EU Central regions, as well as in the data center to front-end a diverse set of applications. AXI edges, which are packaged as modern cloud-native Kubernetes clusters, run various microservices to deliver Zero Trust Access for users, Layer 4-7 optimization with private CDN, cloud networking orchestration, application security, and deep visibility powered by machine learning to make data-driven decisions in improving user experience. Configuring and publishing applications to users is a straightforward task driven by a wizard-based model to configure these settings and policies—all from the same management pane:
- Required application settings
- Connectivity/peering orchestration in multi-cloud suited for different applications
- Traffic lanes for optimal experience optimized for cost and performance
- Zero Trust and WAF policies
After initial deployment for a few apps, the team used Terraform scripts to automate the infrastructure and application provisioning at scale.
Faster performance, lower costs, greater visibility, and improved security
Prosimo AXI was able to simplify the firm’s cloud infrastructure stack significantly—taking it from seven to eight disparate IT initiatives solved with traditional hub-and-spoke and virtual appliances to a more vertically integrated modern stack delivered as a service, with full administrative control and compliance over the datapath to the cloud team. The team was able to slim up the stack without stitching multiple services, and they used a single consistent platform to get complete visibility and insights all the way up to actual packet and byte bucket level. This level of visibility helped the team quickly identify and fix application experience issues for any given set of users at specific time stamps.
Prosimo AXI using the cloud backbone and CSP edge infrastructure was able to deliver a high-performance application experience to all the firm’s users accessing applications from different locations—without any VPN agent software on users’ devices—through a highly scalable and elastic fabric. The cloud-native stack, Zero Trust Access, application security (WAF), traffic optimization, multi-cloud networking, and deep visibility made it possible to use machine learning and data usage patterns to reduce cloud consumption and costs, which was a huge advantage to the firm’s cloud infra and ops teams. Prosimo AXI enabled them to repurpose the same cloud blueprint for any cloud service provider and data center for user-to-app and application-to-application access with a cloudfirst approach.
|Consolidated VPN/ZTNA, MCN, CDN, SD-WAN & NPM stacks into one common infr||70% reduction in page-load times|
|Common platform for AWS, Azure, GCP||~60% cloud savings for infrastructure|
|Complete App support - HTTP/HTTPs, PaaS, modern & VM based apps||Deployed in a day - remotely|