Category Archives: OCI

Learnings from teaching multi-cloud networking and security to thousands

Last week was my 2-year anniversary at Aviatrix. I thought I would take a moment to reflect on my role and what it has meant to me.

I lead the technical enablement for the Aviatrix Certified Engineer (ACE) Training and Security program. When I joined the company, there were less than 500 certified individuals. I’m very proud to announce that Aviatrix has 18,000 ACEs just two years later.

  1. What’s the big deal about Aviatrix anyway?
  2. What’s the big deal about ACE anyway?
  3. What does ACE have in common with Peloton?
  4. ACE IaC – Bridging the gap between Developers and Network Engineers
  5. What are the desired outcomes of Customers in ACE trainings?
  6. What do our Customers think of ACE?

What’s the big deal about Aviatrix anyway?

Who are these 18,000 people and why did they invest their time in Aviatrix? For the most part, they represent Enterprise IT professionals who are facing a challenge of managing a multi-cloud infrastructure.

Earlier this year, I talked about it at length in a webinar titled ‘Getting Ahead in the Cloud: Use the Skills Gap to Your Advantage‘. In that talk, I identified some personas that I have typically encountered:

  1. On-prem networking professionals who need to adapt to the needs of the business in order to stay relevant. They know networking inside out, but since their company has recently moved to the cloud, network engineers find themselves having to play catch up.
  2. Cloud Infrastructure architects and engineers who need enterprise-grade networking with visibility, which is something the CSPs struggle to deliver because of their multi-tenancy model.

In general, they all come to Aviatrix to enable their business driver goals by adopting Public Cloud. These goals include:

  • Application turnaround and uptime – Just about every enterprise finds cloud a strategic enabler for their business. They move to the cloud to gain better agility and unearth new sources of revenue. This means that household names, such as Fortune 100 companies, are now technology companies. It doesn’t matter what industry or vertical they are in. But to get there, their applications need to be secure, highly performant, highly scalable, and highly available.
  • The massive skills gap in multi-cloud – Enterprises will adopt the best of each cloud to improve their business initiatives. And as soon as an enterprise goes multi-cloud, the IT team is put under immense pressure to re-tool with very little time.

Moreover, they want to adopt Aviatrix because they face operational challenges in the cloud such as:

  • CSPs disincentivized to support multi-cloud – That’s pretty obvious, but most important. Customers don’t want a different architecture for each of the 5 CSPs they are in. They want a single architecture that does it all.
  • Difficulty scaling out – Networking and automation have historically never gotten along well. DIY methods were hard enough in on-premises. In the cloud, where they don’t have control and visibility, it is impossible.

Aviatrix offers enterprises instant benefits with multi-cloud optionality. Even in a single region of a single cloud, Customers get a unified control, management, and automation plane for all their accounts, subscriptions, projects, or tenancies.

What’s the big deal about ACE anyway?

Simply put, Customers pursue the ACE training and certification program because they want to learn more about Aviatrix in a structured and standardized way.

When I joined Aviatrix, there were 2 ACE tracks – Associate and Professional. ACE Associate is an introductory course that fast-tracks cloud networking knowledge. It covers cloud networking for all CSPs along with a brief overview of Aviatrix. ACE Professional is deep product training with a blend of lectures, labs, and design exercises, which is great for network engineers and architects.

However, soon after I joined, it was becoming clear that our Customers needed more. They wanted hands-on training for their operators, so that they could be enabled to do their job in the cloud with better insights and better visibility. They needed this so that they could solve problems very quickly and securely build their multi-cloud infrastructure.

What does ACE have in common with Peloton?

The result was ACE Cloud Operations – an 8-hour training with 10 labs that walks students through CoPilot, which is the Day 2 Operations component of the Aviatrix platform. I like to compare this hands-on ACE Cloud Operations training with a Peloton bootcamp, where there are efforts and recoveries for optimum performance. The labs are analogous to efforts – fast-paced and focused on troubleshooting. The lectures are analogous to the recoveries – a quick recap of what the feature is all about.

One of the best parts about ACE Cloud Operations is how certification is awarded. It is 100% based on how well the student did in their labs. There are no facts to memorize, and no exams to study for. We believe that the components of a hands-on certification should be hands-on. And this approach has been very well received by our Customers and Partners.

ACE IaC – Bridging the gap between Developers and Network Engineers

However, there was still something significant missing. For decades, network engineers have felt out of place when interacting with software developers. The problem typically starts from college when they feel uncomfortable with programming language courses. They are more at ease with data in transit (i.e. networking) than writing thousands of lines of code. I most certainly was like that in school, and thousands of Customers I’ve worked with are like that as well.

But nowadays when application developers are relying extensively on the speed and agility that the cloud has to offer, they find it very frustrating when networking and security teams are slow to respond to the needs of the enterprise. Networking needs to codify their approach to building in the cloud.

And often just as soon as network engineers learn how Infrastructure as Code (IaC) works in one CSP (such as CloudFormation in AWS), they need to re-tool on very short notice when they company goes multi-cloud. This has happened with so many of my Customers. They need a cloud-agnostic approach. Enter Terraform.

We came up with ACE Infrastructure as Code (IaC) to bridge the gap between network engineers and developers. It is build on the principle of teaching DevOps for Network Engineers. We teach the concepts of DevOps, VCS, and CI/CD pipelines from a network engineer’s perspective. There are tons of free learning resources out there that cover these topics, but none that cover them so well for network engineers. This training assumes absolutely no pre-requisite in programming, but we sprinkle it with just the right amount of Terraform.

There are 3 hands-on labs with the goals of Build, Enhance, and Secure in mind respectively. By no coincidence, they map out neatly to Day 0, Day 1, and Day 2 Operations. The 3rd lab also covers a soft skill – Collaboration, and why it is important for the various stakeholders of an organization (Network Engineers, InfoSec, and Developers) to work closely together to build an enterprise-grade network.

Perhaps, best of all: this training is available for free to consume at your own pace. This is is more appealing to Customers who have different backgrounds in programming. I am especially proud of ACE IaC as there is nothing like it in the industry.

What are the desired outcomes of Customers in ACE trainings?

New customers are typically more interested in use cases like

  • How to get unstuck with cloud-specific implementations (such as AWS TGW or Azure Virtual WAN) by building on a repeatable architecture – Aviatrix Multi-Cloud Network Architecture (MCNA).
  • How to secure Egress traffic by filtering FQDNs.
  • How to build a solution for remote users to VPN to their cloud network that is cloud-agnostic.
  • How to leverage Single Pain of Glass embedded Threat Intelligence.

Existing customers, on the other hand, are more interested in deeper integrations with SD-WAN vendors. This means moving more towards the edge of the cloud network and learning how Aviatrix can work more closely in the on-prem Data Center ecosystem.

Lack of Visibility and Control in native CSP offerings was something all ACE attendees are concerned with.

What do our Customers think of ACE?

I have delivered live instructor-led training on multi-cloud networking and security to over a thousand Customers and Partners. Self-paced ACE trainings have been consumed by over 75,000 students. And I read every piece of feedback in post-training surveys.

Instructor-led training has given me the opportunity to understand the pain point of our Customers. And by and large, they come to ACE trainings because find it impossible to build a secure cloud infrastructure at scale, at a high performance, with visibility, and in multiple clouds without using Aviatrix.

The accolades I’ve received for ACE are overwhelming to say the least. Customers routinely make statements like this in surveys:

  • One of the best trainings I’ve ever had!
  • I use the skills I learned in ACE daily. In addition to providing training on Aviatrix products, the coursework took a deeper dive under the cloud providers’ covers. Thanks to this training, I have a better understanding of their underlay networks, which simplifies troubleshooting.
  • This post by a veteran in the industry.

It has been the most rewarding learning experience of my career and I’m excited with what lies ahead.


Why I Joined Aviatrix

Earlier this month I joined Aviatrix Systems as a Solutions Architect with a focus on growing the Aviatrix Certified Engineer (ACE) program. I had gone through a journey of 2 years of immersing myself in Public Cloud platforms from training sites, such as A Cloud Guru and Linux Academy. Here are some of my observations during that period which led to my decision to join Aviatrix:

  • Cloud Networking is radically different from on-premises networking. For example,
    • In the on-prem world, network architects designed in layers (Core, Aggregation/Access). The world of Public Cloud is flat in order to meet the pace of DevOps.
    • Security principles, such as Defense-in-Depth have led to new constructs, such as IAM, Accounts, Organizations, Subscriptions, which were not prevalent in the on-prem world.
    • Cloud Vendors try their best to abstract the networking underlay constructs so that networking is represented as a black box to the cloud architect. To a certain extent they’ve done well (who honestly misses Spanning Tree?), but just because they don’t offer a mechanism to view these constructs, it doesn’t mean they no longer exist. In fact, Operations needs better visibility now than they did in the on-prem world.
  • While Cloud Vendors offer Networking Specialty certifications, they don’t provide any visibility into Day 2 Operations. And from an Architecture perspective, they trivialize the networking underlay. For example, they don’t provide solutions to real-world problems like overlapping subnets or end-to-end visibility.
  • Cloud vendors are incentivized by lock-in and have no real motivation for multi-cloud.
  • Enterprises find it easier to interpret multi cloud mostly in terms of governance and billing rather than infrastructure.
  • Cloud Training platforms such as A Cloud Guru and Udemy completely lack multi-cloud networking offerings. They have training courses on various cloud-first tools and technologies like Terraform, CloudFormation, Deployment Manager, Docker, Kubernetes, and certification courses for AWS, Azure, and GCP. But when it comes to multi cloud let alone multi cloud networking, they have not yet capitalized on the opportunity.
  • Enterprises need better instruction on the need for multi-cloud networking. Often when Enterprises say they need Cloud Infrastructure Architects, they really mean Cloud Application Architects. Yet, when they cross that bridge of multi-cloud (and they almost inevitably will), then they realize that application performance relies on a rock solid transit. And that is where Aviatrix shines.

Aviatrix is the pioneer in multi-cloud networking and is solving a really hard problem the right way – by simplifying. I’m looking forward to sharing some more of my learnings with you as I embark on this new journey.

What’s the Big Deal About Multi-Cloud Networking – Part 2

If you were experiencing issues with Zoom calls today, you were not alone.

But if you take a close look at today’s outage, it is clear that it was correlated with an AWS outage today.

In fact, most of Zoom runs on AWS, according to AWS. This is despite Oracle’s claim that millions of users run Zoom on Oracle Cloud. Zoom didn’t state the cause of the outage, but it is quite possible from these two charts that a well-architected transit network, such as the Aviatrix Multi-Cloud Network Architecture, could have prevented this outage.