Prosimo MCN Foundation: the Why, the What, and the How

The Premise

Today, we are super excited to launch the Prosimo Multi-Cloud Networking ( MCN ) Foundation, a free offering from Prosimo to help enterprises solve connectivity challenges inside and across clouds.

Let us start with the overarching problem statement driving the need for MCN solutions in the market. Both the network and cloud platform teams inside enterprises need a way to keep up with the requirements of their application teams that are looking for agile ways to connect, secure and observe their application services. This needs to happen irrespective of where and how the apps are hosted: any cloud ( AWS, Azure, GCP, OCI, Alicloud, data center ), any hosting model ( IaaS, PaaS, SaaS, VM based, K8s, etc..) and any access method based on the use case ( public, private, partner apps, IP ranges). They must cater to these requirements while taming cloud costs and operational complexity.

What is holding the Market back?

Now that the problem is established let’s get to what is available today in the multi-cloud networking market. Some legacy networking vendors want to bring the data center model to the cloud – bringing virtual routers, tunnels, and other routing protocols. Other vendors claim to be modern but essentially try to sell the same virtual routers with different names – Spoke Gateways, Distributed Firewall, etc.. ( read more on this here ).


Fig 1: MCN IP only overlays that require appliances in every VPC

Legacy Architecture = Tax

This class of solutions is truly a “legacy” – an architecture that imposes several taxes on the customer.

  • A spoke tax merely for connectivity.
  • An operational tax for managing the lifecycle of these “connectivity” appliances.
  • A connectivity tax for needless egress or public connectivity.
  • A Scaling and security tax.

Then there is the NaaS model that sells “routing as a service” and charges per GB, with a black box middle mile model. In this model, to interconnect enterprise’s VPCs, they must route their traffic to the middle-mile cloud and back—a control and visibility tax.

You are probably wondering- “When cloud providers already have tons of these options for connectivity – AWS Transit Gateway, CloudWAN, Azure Virtual WAN, and software-defined interconnects like Equinix and Megaport, why would I ever need another routing cloud in the middle ? ”, you are not alone!

The architecture matters! Why should an enterprise have to hairpin through another cloud or administrative domain to get connectivity or a security outcome? Unnecessary egress costs, needless NAT, or security appliances just to facilitate this architecture.

Not only are these redundant and expensive services that just add a layer of complexity, they only scratch the surface of the overall MCN problem by staying only at the IP layer connectivity.

When you do run into the reality of having to interconnect PaaS services, microservices, or serverless business partner applications, SaaS apps like Confluent or Snowflake from your VPC, any operational benefits that are promised simply vaporize because you still need the same operational wherewithal to run your multi-cloud infrastructure, you have merely added another, costly budget line item for connectivity.

Fig 2: Middle mile routing overlay model of MCN

The Impact on the Enterprise and the MCN Market

When we sit down with enterprises grappling with the above-defined problem, it is becoming clear that they are getting tired of the options in the MCN market to the extent they are moving to a “DIY” approach. They combine solutions with the cloud providers’ numerous tools, throwing in additional proxies on top of homegrown automation scripts for deployment and monitoring. This DIY layer may look to help on the surface, but it slows down innovation for enterprises at the macro level if you look closer. The time they spend on this layer could be spent elsewhere – new service rollout, policy governance, cost management, application redundancy planning, etc.. all of which directly help with the enterprise’s top and bottom line. When these enterprise outcomes are compromised, the result is that it holds the entire MCN market back – all because the existing vendors are not keen on evolving it to where the puck is going.

Fig 3: DIY complexities for enterprises to solve cloud networking challenge 

The Birth of Prosimo MCN Foundation

As we thought long and hard about the problem, we decided the only way we could move forward as an industry was to democratize the foundational MCN by making it accessible. This tier is built to create a meaningful impact for enterprises, whether adding greenfield cloud regions or modifying brownfield regions built with native services. The entirety of features in the foundation tier can be leveraged with a NetDevOps approach with our unified terraform model, which will work across any cloud. Moving to any of the advanced offerings to take advantage of the service networking features or security controls can be done with a click of a button.

Fig 4: Building a Pathway to Service Networking through Prosimo MCN Foundation 

Step-by-Step Journey

As the first step, enterprises can now discover all of their VPCs and vNETs in one place across 1000s of their accounts, rationalize all of their brownfield connectivity ( Transit Gateway (TGW), VWAN, peering, etc..) and use the Prosimo visual transit to build foundational connectivity with a simple series of clicks.  If you were stuck with cloud-specific building blocks and wondering how to stitch them together to start building your multi-cloud network, you can now get up and running in a matter of minutes. 

Fig 5: Prosimo Visual Transit Builder

When connectivity problems arise, they can run a one-click trace to find the root cause in a few seconds. An actual single pane of glass to observe all the sessions and routes across regions and clouds in one place. These are examples of what could be done with the Prosimo foundation tier at multi-cloud scale. The foundation tier takes the tedium out of cloud networking operations and unlocks operational efficiencies like never before.

Fig 6 : Prosimo Cloud Tracer

Enterprises save the upfront cost (hundreds of thousands of dollars) of foundational connectivity from the other vendors and do so without any additional taxes or tradeoffs.  Architecture matters, and being cloud-fluent matters, which is why Prosimo can solve the foundational connectivity problem for free.  Vendors have been charging a hefty premium for these foundational connectivity features because MCN is held back to the only layer they operate in. 

How does Prosimo help enterprises beyond the foundation ?

From Day 1 of Prosimo launch, it was evident to us the foundational connectivity was different from where the innovation will happen.  When we designed the architecture, we focused on apps, services, and users, while the connectivity layer was the foundation on which everything was built.

Fig 7: Journey to Prosimo full stack cloud networking

Now let’s spend time on the layer where Prosimo uniquely adds value to solve the complexity, as that is what made us offer the foundation layer for free.

  • Advanced cloud networking: This is the bundle that provides advanced networking capabilities for enterprises to take full control of their cloud network. To name just a few of the capabilities in this tier: Prosimo networks – (flexible objects that allow subnet level grouping across and within VPCs/VNETS), Namespaces ( enterprises can run multiple segmented routing domains across clouds ), adaptive service insertion ( insert firewall and other services from any cloud region with advanced match conditions ), cost management dashboard for cloud networking ( ability to drill down egress cost, shared services, and chargeback models to application owners ) and advanced policy controls (group-based policies, geofencing, dynamic risk-based access control, etc..)
  • Service Networking to attach apps, PaaS, and other modern apps: This is the layer that makes Prosimo the Industry’s only “Full stack” cloud networking platform. In addition to layer 3 connectivity, enterprises can attach applications ( TCP, UDP, or HTTP ) as FQDNs, and PaaS services such as Amazon’s RDS, S3, Azure-managed SQL, or GCP’s big query to interconnect any of them from any region. None of these involve setting up routing or tunneling, as these are application layer endpoints, taking away a lot of the routing complexity. In addition, policies could be defined at the application layer so that controls could be upper-layer constructs (HTTP methods, URLs, resource ids in the cloud) instead of just IP addresses. Common enterprise connectivity use cases, such as business partner connectivity across clouds (for example supply chain app from a partner needing to access an ERP system ) -are easily solved by extending private link endpoint services or Prosimo’s service core without full network connectivity from the partner.
  • Security and Performance: Enterprise cloud infrastructure teams are always in a tough spot when juggling compliance requirements and agility that is expected by their application counterparts. Prosimo network stack comes with zero trust built-in, eliminating the complexity required to balance agility and security. Every access that goes through Prosimo fabric has to pass multiple gates of security – IDP / resource authentication, authorization rules, application layer firewall, and dynamic risk monitoring. Even with all these controls, it is built with an enhanced performance model – finding the right path across any underlay ( cloud backbone, private paths, or internet peering across clouds). TCP and HTTP layer optimization is always on via Prosimo to get the right performance level depending on the application type. The Prosimo full-stack allows you to apply a single policy semantic across your entire cloud infrastructure all the way from the network to the application.

What are you waiting for?

If your role involves cloud networking, take the MCN foundation offering and get a first-hand experience of how easy it is to discover and onboard your VPCs/ VNETs across any region. Check out the link below to sign up! Also read the blog from our solution architecture team here for more details.

Stop paying for multi-cloud networking



The onramp to Prosimo’s Full Stack Cloud Networking platform.