Nauman Mustafa is VP of the solutions engineering and architecture group at Aviatrix. Before joining the company, he was the director and global technology adoption leader at VMware focusing on NSX, SD-WAN, and Kubernetes initiatives.
He also worked at Cisco for 12 years, doing everything from data center networking to security to voice, video, and network management. Here are his thoughts on the pitfalls of cloud implementation, the responsibilities of enterprises over their public cloud, and how traditional networking architects can become relevant in the new world of public cloud.
Why does cloud transformation require enterprises to change their networking strategy and mindset?
The move to cloud for most enterprises has significantly accelerated over the past 12 months. What began as a DevOps-driven sandbox development environment is now serious business, driven top down from the CEO and board of directors. The status quo is viewed as an existential threat to the businesses and change is driven from the leadership. The center of gravity for enterprise IT has moved out of the data center and into the cloud.
This enterprise move to public cloud is resulting in fundamental infrastructural changes as well as enterprise IT mindset. With on-prem or private cloud, IT had control of most of the infrastructure they were managing. They had full access and architectural power in terms of how things are designed, deployed, and managed on a day-to-day basis. Moving to the public cloud requires them to give up that control of the underlying compute, storage and networking to their IaaS [infrastructure-as-a-service] providers.
This is a huge change in terms of how enterprise IT is operating today. What’s important to understand, though, is even if you are moving to public clouds, the security and networking posture, and SLAs that your business demands are something that enterprises need to dictate themselves. It is considered a shared responsibility between the enterprise and the cloud service provider [CSP] to ensure they have a resilient, secure, scalable and extendable multi-cloud network architecture.
Networking and security are still fundamental to how the business operates in the public cloud, but they’re very different than in the on-prem world. There is a definite lack of skills and abundance of misinformation that may cause enterprises to make short-sighted decisions. This is where enterprise IT needs to get well informed and increase their understanding of public clouds in terms of native offerings, common pitfalls, gaps that exist between different CSP offerings, and advanced features required through third-party solutions. Remember that enterprise IT needs to own this.
We are still in the very early stage of cloud adoption and one of the key dynamics to understand is that CSPs’ prime business focus is massive scale and simplicity. Whatever infrastructure they provide needs to scale to millions of customers across the globe.
This focus will continue to grow with rapid cloud adoption, and in many cases when more advanced and enterprise grade features are required, CSPs will rely on their technology partners like Aviatrix, Palo Alto Networks, DataDog, Splunk, and so on to augment their native offerings and provide customers the enterprise grade experience and control they expect.
So how is this cloud transformation a career opportunity for networking cloud architects?
The decades-old on-prem network architecture is no longer valid for cloud networking. As enterprise IT takes control, it becomes clear that the networking, security, visibility, and control they have depended on in the physical world is radically different in the cloud. Visibility and control of the underlying public cloud infrastructure is completely opaque, if not impossible.
The majority of network and cloud architects have been working with on-prem architectures for decades now and are pretty comfortable with best practices to deploy and manage a resilient and well-architected network in the realm of physical data centers and their connectivity to users, branches, and other businesses.
There is also an abundance of reference papers and prescriptive playbooks that exist for customers to follow. These architectural concepts, however, don’t fit with opaque infrastructure, software networking, geographic independence and logical networking designs of public clouds.
Having said that, much of the core knowledge that network engineers and architects acquired — often through certification programs such as CCIE — for the physical world remains the same. IP routing, segmentation policies, traffic monitoring, flow analysis, operational structure, access control, VPNs, encryption requirements are all the same, but need to be applied now to serve business applications sitting in one or more public clouds. Moreover, enterprise IT is well-aware of the needs of their own business applications and are well experienced to manage and operate mission critical applications.
This core knowledge will separate existing network engineers and architects from the crowd and make it much easier for them to achieve cloud networking and multi-cloud networking certifications that will be the foundation for valuable career opportunities as multi-cloud network engineers, architects and IT leaders of the cloud era.
Do you see more enterprises looking outside their own organizations for cloud architects, or do you see them turning more to upskilling their current workforce?
It’s a mix of both. In some cases, networking and enterprise security architects that have been operating in the private cloud or data center world for a number of years have been able to slowly ramp up their skills in public cloud, and are already helping their businesses with their transformational journey.
This is the ideal situation, but unfortunately hasn’t been the case with the majority of enterprise IT so far. This is expected, as what started as DevOps initiative is becoming serious businesses, and is now requiring enterprise IT to shift their focus.
In other cases, it’s a common trend to hire networking and security architects who may be more mature in public cloud, with proven design experiences, and pair them with the existing workforce to fast-track the process of architecting and operationalizing their cloud deployments.
What key challenges can network engineers and architects help enterprise IT overcome in the multi-cloud transformation?
Everyone needs networking expertise, it’s fundamental to any enterprise cloud architecture. But the networking services offered by different cloud service providers are different, so enterprise multi-cloud network architects need to help their business understand the differences, similarities, limitations and pitfalls when developing a multi-cloud network architecture and design.
Enterprises want to build their multi-cloud networks on proven architectures and reference designs, as opposed to relying on marketectures and primitive-level guidance that are prone to vendor lock-in, inconsistent operational practices and scale challenges.
However, cloud is still new, and even though there is no shortcut to experience, you can fasttrack design and deploy maturity levels by working with advanced cloud vendors like Aviatrix, who have proven track records designing and operating large-scale multi-cloud networks across the globe.
Additionally, network architects can learn from other industry peers by joining user communities that focus on discussing and sharing real world lessons learned and experience. Altitude is one such user community managed by Aviatrix.
As well, one of the key focuses I have seen from aviatrix enterprises is maintaining corporate and regulatory compliance in the public cloud, while maintaining the simplicity and automation application development teams expect from cloud. Multi-cloud network engineers and architects will be able to help their IT teams deliver on this requirement by working very closely with DevOps teams. Remember that the focus here is not to build design just for Day Zero and Day 1. The key litmus test is knowing how to delegate this in a simple and scalable way to the Day Two operations team and Level 1/2 support.
Lastly, architects aviatrix help their enterprise understand the need for global cloud network visibility and control that is directly tied to business SLA’s. Multi-cloud network engineers can help enterprises understand the need for these capabilities and help them architect and identify the vendor solutions they need to work with, as it’s a key metric for enterprise IT teams.
How can network architects and engineers capitalize on the opportunity presented by cloud transformation?
These are exciting times for enterprise IT, as cloud prescribes a new way of running your enterprise network aviatrix. This does challenge the status quo and requires enterprises to come out of their comfort zone. However, it also opens doors for massive career advancements while accelerating the learning process exponentially.
From a networking security perspective, understanding how different clouds constructs are built is critical. One quick example would be knowing how transit routing gets handled in AWS versus Azure versus GCP, and the need to insert advanced services such as next-generation firewalls or enabling high performance encryption to ensure compliance.
This needs to be compared with the design requirements of your enterprise architecture. One challenge today that I see is that several advanced level certifications available from mainstream cloud providers don’t exclusively focus on the networking, security, and guidance needed to build a resilient and scalable multi-cloud network architecture.
This is where it’s tremendously beneficial to pursue certifications like the Aviatrix Certified Engineer [ACE] program, which is currently the only multi-cloud network certification program in the industry. This program has several levels that provide network engineers and architects a deep understanding of AWS, Azure, GCP and Oracle cloud networking, as well as the Aviatrix Multi-Cloud Networking Platform.
ACE has three levels. The Associate Level is a self-paced, online initial introduction to multi-cloud networking and overview of solving architectural and design challenges in public cloud.
The Professional Level is a face-to-face classroom style course, with a skills test that must be passed to receive certification. This is in-person boot camp-style training, where we not only do a lot of hands-on work in terms of implementing cloud constructs, but more importantly white board several design scenarios and how to implement a reference multi-cloud network architecture through Aviatrix platform.
Lastly, the Design Architect Level is the final and most comprehensive certification, based on an additional four days of classroom-style coursework, with live instructor panel design defense that must be passed to receive certifications. This track focuses on knowledge and experience to lead the architectural design process and produce enterprise-class multi-cloud network designs.
Any final thoughts?
The cloud transformation that is happening now is 10 times bigger than the mainframe to client-server transformation. In the last 12 months, big customers have begun to massively move into the public cloud. It’s critical for enterprise IT to understand the key role they have to play in supporting their business on this transformation journey.
Multi-cloud is a reality with enterprises looking to leverage best-of-breed services from different CSPs. Additionally, the siloed mentality of on-prem is gone, and the prime focus of enterprise IT is now more aligned than ever to helping the business be more competitive, rather than dealing with infrastructure-level issues. The more that infrastructure can be simplified and abstracted from underlying constructs, and be made repeatable across clouds, the better it is for enterprises to reap the benefits from their enterprise IT.