Learnings from teaching multi-cloud networking and security to thousands

Last week was my 2-year anniversary at Aviatrix. I thought I would take a moment to reflect on my role and what it has meant to me.

I lead the technical enablement for the Aviatrix Certified Engineer (ACE) Training and Security program. When I joined the company, there were less than 500 certified individuals. I’m very proud to announce that Aviatrix has 18,000 ACEs just two years later.

  1. What’s the big deal about Aviatrix anyway?
  2. What’s the big deal about ACE anyway?
  3. What does ACE have in common with Peloton?
  4. ACE IaC – Bridging the gap between Developers and Network Engineers
  5. What are the desired outcomes of Customers in ACE trainings?
  6. What do our Customers think of ACE?

What’s the big deal about Aviatrix anyway?

Who are these 18,000 people and why did they invest their time in Aviatrix? For the most part, they represent Enterprise IT professionals who are facing a challenge of managing a multi-cloud infrastructure.

Earlier this year, I talked about it at length in a webinar titled ‘Getting Ahead in the Cloud: Use the Skills Gap to Your Advantage‘. In that talk, I identified some personas that I have typically encountered:

  1. On-prem networking professionals who need to adapt to the needs of the business in order to stay relevant. They know networking inside out, but since their company has recently moved to the cloud, network engineers find themselves having to play catch up.
  2. Cloud Infrastructure architects and engineers who need enterprise-grade networking with visibility, which is something the CSPs struggle to deliver because of their multi-tenancy model.

In general, they all come to Aviatrix to enable their business driver goals by adopting Public Cloud. These goals include:

  • Application turnaround and uptime – Just about every enterprise finds cloud a strategic enabler for their business. They move to the cloud to gain better agility and unearth new sources of revenue. This means that household names, such as Fortune 100 companies, are now technology companies. It doesn’t matter what industry or vertical they are in. But to get there, their applications need to be secure, highly performant, highly scalable, and highly available.
  • The massive skills gap in multi-cloud – Enterprises will adopt the best of each cloud to improve their business initiatives. And as soon as an enterprise goes multi-cloud, the IT team is put under immense pressure to re-tool with very little time.

Moreover, they want to adopt Aviatrix because they face operational challenges in the cloud such as:

  • CSPs disincentivized to support multi-cloud – That’s pretty obvious, but most important. Customers don’t want a different architecture for each of the 5 CSPs they are in. They want a single architecture that does it all.
  • Difficulty scaling out – Networking and automation have historically never gotten along well. DIY methods were hard enough in on-premises. In the cloud, where they don’t have control and visibility, it is impossible.

Aviatrix offers enterprises instant benefits with multi-cloud optionality. Even in a single region of a single cloud, Customers get a unified control, management, and automation plane for all their accounts, subscriptions, projects, or tenancies.

What’s the big deal about ACE anyway?

Simply put, Customers pursue the ACE training and certification program because they want to learn more about Aviatrix in a structured and standardized way.

When I joined Aviatrix, there were 2 ACE tracks – Associate and Professional. ACE Associate is an introductory course that fast-tracks cloud networking knowledge. It covers cloud networking for all CSPs along with a brief overview of Aviatrix. ACE Professional is deep product training with a blend of lectures, labs, and design exercises, which is great for network engineers and architects.

However, soon after I joined, it was becoming clear that our Customers needed more. They wanted hands-on training for their operators, so that they could be enabled to do their job in the cloud with better insights and better visibility. They needed this so that they could solve problems very quickly and securely build their multi-cloud infrastructure.

What does ACE have in common with Peloton?

The result was ACE Cloud Operations – an 8-hour training with 10 labs that walks students through CoPilot, which is the Day 2 Operations component of the Aviatrix platform. I like to compare this hands-on ACE Cloud Operations training with a Peloton bootcamp, where there are efforts and recoveries for optimum performance. The labs are analogous to efforts – fast-paced and focused on troubleshooting. The lectures are analogous to the recoveries – a quick recap of what the feature is all about.

One of the best parts about ACE Cloud Operations is how certification is awarded. It is 100% based on how well the student did in their labs. There are no facts to memorize, and no exams to study for. We believe that the components of a hands-on certification should be hands-on. And this approach has been very well received by our Customers and Partners.

ACE IaC – Bridging the gap between Developers and Network Engineers

However, there was still something significant missing. For decades, network engineers have felt out of place when interacting with software developers. The problem typically starts from college when they feel uncomfortable with programming language courses. They are more at ease with data in transit (i.e. networking) than writing thousands of lines of code. I most certainly was like that in school, and thousands of Customers I’ve worked with are like that as well.

But nowadays when application developers are relying extensively on the speed and agility that the cloud has to offer, they find it very frustrating when networking and security teams are slow to respond to the needs of the enterprise. Networking needs to codify their approach to building in the cloud.

And often just as soon as network engineers learn how Infrastructure as Code (IaC) works in one CSP (such as CloudFormation in AWS), they need to re-tool on very short notice when they company goes multi-cloud. This has happened with so many of my Customers. They need a cloud-agnostic approach. Enter Terraform.

We came up with ACE Infrastructure as Code (IaC) to bridge the gap between network engineers and developers. It is build on the principle of teaching DevOps for Network Engineers. We teach the concepts of DevOps, VCS, and CI/CD pipelines from a network engineer’s perspective. There are tons of free learning resources out there that cover these topics, but none that cover them so well for network engineers. This training assumes absolutely no pre-requisite in programming, but we sprinkle it with just the right amount of Terraform.

There are 3 hands-on labs with the goals of Build, Enhance, and Secure in mind respectively. By no coincidence, they map out neatly to Day 0, Day 1, and Day 2 Operations. The 3rd lab also covers a soft skill – Collaboration, and why it is important for the various stakeholders of an organization (Network Engineers, InfoSec, and Developers) to work closely together to build an enterprise-grade network.

Perhaps, best of all: this training is available for free to consume at your own pace. This is is more appealing to Customers who have different backgrounds in programming. I am especially proud of ACE IaC as there is nothing like it in the industry.

What are the desired outcomes of Customers in ACE trainings?

New customers are typically more interested in use cases like

  • How to get unstuck with cloud-specific implementations (such as AWS TGW or Azure Virtual WAN) by building on a repeatable architecture – Aviatrix Multi-Cloud Network Architecture (MCNA).
  • How to secure Egress traffic by filtering FQDNs.
  • How to build a solution for remote users to VPN to their cloud network that is cloud-agnostic.
  • How to leverage Single Pain of Glass embedded Threat Intelligence.

Existing customers, on the other hand, are more interested in deeper integrations with SD-WAN vendors. This means moving more towards the edge of the cloud network and learning how Aviatrix can work more closely in the on-prem Data Center ecosystem.

Lack of Visibility and Control in native CSP offerings was something all ACE attendees are concerned with.

What do our Customers think of ACE?

I have delivered live instructor-led training on multi-cloud networking and security to over a thousand Customers and Partners. Self-paced ACE trainings have been consumed by over 75,000 students. And I read every piece of feedback in post-training surveys.

Instructor-led training has given me the opportunity to understand the pain point of our Customers. And by and large, they come to ACE trainings because find it impossible to build a secure cloud infrastructure at scale, at a high performance, with visibility, and in multiple clouds without using Aviatrix.

The accolades I’ve received for ACE are overwhelming to say the least. Customers routinely make statements like this in surveys:

  • One of the best trainings I’ve ever had!
  • I use the skills I learned in ACE daily. In addition to providing training on Aviatrix products, the coursework took a deeper dive under the cloud providers’ covers. Thanks to this training, I have a better understanding of their underlay networks, which simplifies troubleshooting.
  • This post by a veteran in the industry.

It has been the most rewarding learning experience of my career and I’m excited with what lies ahead.

LastPass breach – Deja Vu all over again

Yesterday I got this notification from my Password Manager, LastPass:

The key phrase here is “unusual activity within portions of the LastPass development environment.” This looked too familiar.

One of the most well documented attacks of this nature is the SolarWinds supply chain attack in 2020. Although it is too early to say (the news just broke yesterday), it is very likely this lastPass breach is not much different.

We’ve seen this before on several occasions when hackers use a company’s development environment as an attack vector to inject malicious code. Often this is the case when an enterprise lets down their guard with their development environment and sacrifices security for cost. As a result, weakly secured controls allow the code to make its way into production.

Hence, it becomes critical to improve the security posture by segmenting East-West traffic. This is not easy to do. One could achieve this at a coarse level with network routing domains, but it is far more important to provide granular security – at an application level. This is what Micro-segmentation achieves – the ability to group applications together and then apply policy-based controls. Keep an eye out on how Aviatrix can solve that.