How Cloud Management and SDN Killed the Traditional Enterprise LAN
Attend BrightTALK with Paul Congdon, CTO, Tallac Networks on Sept 20th, 2016 11am PT
A colleague of mine recently mashed up a famous R.E.M song for his blog. He reworked the famous lyrics to say, “It’s the end of the LAN as we know it… And I feel fine”. He couldn’t have been more spot on. As IT resources continue to move to the cloud, traditional infrastructure and the processes associated with running it are literally going out the window. One of the last IT resources to still make the migration to the cloud is the Enterprise LAN. However, since everything else is moving to the cloud, and the way we use our LAN is changing. The actual critical IT resources still on the LAN have changed. Cloud management and Software Defined Networking are making it possible to radically simplify your Enterprise LAN – perhaps to the point where you can pay someone else to operate it. Tallac Networks is defining the SD-LAN ecosystem and is behind the next wave of the cloud movement – management and control of the Enterprise LAN.
Attend the BrightTALK Webinar Tuesday, September 20, 2016 11am PT
Comstock names Tallac as startup of the month May 2016
A cloud solution that connects customers to a customized web experience
You can’t deny it: The cloud is everywhere. Thanks to tech titans like Google, Amazon and Apple, the idea of data storage has shifted from bulky, blinking units in an enclosed place to the more abstract concept of data stored in open, virtual space.
It’s easy to see the appeal of virtualization. The cloud is accessible from anywhere, which means it can be managed remotely. This eliminates the need for an onsite network engineer and lowers costs. But Bill Johnson, president of Tallac Networks, saw something missing in this mass migration to the cloud.
“The only thing that hasn’t gone to the cloud is the network itself,” he says.
From that starting point, Rocklin-based Tallac Networks created a Networking-as-a-Service (NaaS) solution for customers who want web access on their own terms. Basically, Tallac provides a cloud-managed platform for managed service providers (MSPs), who configure customer networks for specific purposes.
Think Starbucks. Many businesses have Wi-Fi, but with a Tallac virtualized network, a business owner can build brand loyalty by securely extending their Wi-Fi to guests. Similarly, a teacher can use this solution to restrict online access in a classroom to sites only related to the current lesson. A parent can set up a network that prevents children from clicking their way onto adult sites.
“Think about it like this: We’re providing electricity,” says Andrew Wilkinson, the company’s vice president of sales and marketing. “But you decide what you plug in, and how you want to use the heater and stove.”
The startup is run by Hewlett-Packard and Cisco veterans with more than 150 years of combined enterprise networking experience. In terms of funding, Johnson calls Tallac a “slightly assisted bootstrap startup.” Bolstered by a seed round of private funding, Tallac now has contracts with dozens of MSPs, including Comcast. Johnson measures returns by the number of devices an MSP sells to various customers, which he estimates to be worth more than $500 million a year.
Generally, users of Tallac’s networks include schools, banks, retail establishments and hotels. He avoids naming specific customers because technically Tallac only serves as the bridge, and he doesn’t want to undermine any MSPs.
“If an MSP is using our services and sells it to a bank, that bank is not really our customer,” he says, but Tallac has worked directly with businesses in some cases.
For example, Tallac reached out to Hacker Lab in Sacramento, where reliable Wi-Fi is a top priority for the various startups based there. “We basically can’t have the internet go down,” says Eric Ullrich, co-founder of Hacker Lab. “If it does, it needs to go back up really fast.”
Hacker Lab agreed to partner with Tallac and has been using its virtualized network solution for about a year. The decision was a matter of security but also proximity because, as Ullrich says, “How often do you get to work with a local provider?”
For the second year in a row, Tallac also provided a customizable network for the California CareForce free health clinic in the Coachella Valley. The annual event offers free medical, dental and vision services, and organizers needed three distinct networks: a password-protected one for staff to verify volunteer medical professional certificates; a patient registration network to allow volunteers to browse on their downtime without hogging bandwidth; and a guest network for patients waiting to get their teeth cleaned or eyes checked, which needed to be isolated to protect the privacy of medical information.
Despite the growth of Tallac, marketing remains a challenge. This isn’t a quick-pitch type of service that a layperson would understand in 60 seconds. For that reason, the startup’s team has created a curriculum to educate and train workforces, partners and customers on how Tallac is making the mass migration to the cloud one that won’t leave anyone behind.
“We could’ve said we’re going to become the next Comcast, build a system, build a channel, but that was was just too much,” Johnson says. “Now we bring services to them, as well as bring people onto the network.”
MAY 5, 2016 By Russell Nichols
Rescuing a Healthcare Clinic Network with SDN and the Cloud March 2016
If you are a networking person, you always hear people telling you what a hassle it is to set-up a temporary ad-hoc network at a mobile event – well, I can tell you first hand – with SDN and Cloud Management, it isn’t all that bad…really.
|Unreliable Building Wiring|
For the second year in a row, Tallac Networks supported the California CareForce (www.californiacareforce.org) free health clinic at the Riverside Fairgrounds in The Coachella Valley of California by providing a SDN-enabled cloud-based wired and wireless network. I got the opportunity to play all the roles in getting the networks up and running. This annual event is a huge free medical, dental and vision clinic sponsored by Golden Voice (www.goldenvoice.com), the guys who put on the Coachella Valley Music Festival (www.coachella.com). It is one of their ways of giving back to the community where they host their 3 week long rip roaring concert event – I actually haven’t attended, but have heard is it sort of a modern day Burning Man meets Woodstock.
Anyway, the health clinic takes place over 3 days in a couple of buildings at the Riverside County Fairgrounds. Let’s just say it has been awhile since some decent wiring has been installed in these buildings. There wasn’t much to work with, so we had to duct tape cables here and there to get the access points distributed across the main building.
|Unreliable Building-to-Building Wiring|
Another building across the quad area was used for the vision lab where 100s of glasses a day are cranked out for people in need. That building was connected by a strand of Ethernet draped across a roof, then a power line, then passing through an inaccessible building with some sort of unmanaged switch boosting the signal. Luckily the wire appeared at the remote building with a working L2 connection back to the main site. This was just enough for us to begin to set-up the various networks we needed to support the clinic.
The organizers of the clinic asked for three distinct networks; an Operations Network, a Patient Registration Network and a Guest Network.
The Operations Network needed to be password protected and provide Internet access so the staff can verify volunteer medical professional certificates – you don’t want a non-certified junior doctor ‘practicing’ on you at the free clinic. This network also needed guaranteed bandwidth for a really cool system from InDemand Interpreting (www.indemandinterpreting.com). The InDemand solution is a video conferencing system on wheels that allows you to establish a session with a human interpreter in the cloud that is fluent in the language of your choice. This was awesome for the doctors and dentists who needed to get critical information from those patients for whom English is a second or even third language.
InDemand Interpreting via Tallac WiFi
The Patient Registration Network was used by the volunteers to check-in and check-out patients. This network needed low-latency access to the Web-based registration server, but it did NOT need Internet access. Volunteers have some downtime in-between arriving patients and there is a desire to browse the Internet or watch videos, but we can’t afford to spare the bandwidth, so we have to keep the registration stations on an isolated network.
The third network was a Guest Network for the volunteers, patients and anyone wandering by that did need Internet access. We wanted guests to register for this network with a valid email address and explicitly accept the usage policy – which included the usual “don’t do bad stuff” and “we won’t give anyone your info” verbiage. This network needed to be rate-limited so the hordes of people wouldn’t consume all the Internet bandwidth required by the Operations Network. This network also needed to be completely isolated from the other networks to assure medical information privacy.
Setting up and operating these three distinct temporary networks, under pressure, in a short amount of time, across an ancient site with 1000s of people wandering around was where the fun began. The Tallac system was invaluable. We wanted all three SSIDs broadcasting everywhere at the Fairgrounds, but they all had to meet their specific requirements. The biggest challenge was how to extend all three of these different networks to both buildings across the unmanaged L2 network running across the power lines. There was no way to configure the switches on the site, so no way to use VLANs or set-up multiple subnets. I wanted different address domains for the guests, and those doing registration couldn’t have the Internet. A tough set of requirements when you can’t configure the existing infrastructure. The answer to these challenges was SDN, the Cloud, OpenFlow and Tunnels! Thank goodness all of these come with the Tallac solution and were just a few clicks away from being put to use.
|Last year’s wiring mess backhauling to the office.
This year, to the Cloud!
Last year, I had used GRE tunnels to get the vision lab back to the main building where there was a tunnel server, Floodlight OpenFlow controller and routers for each subnet. In the main building I had used standard VLANs over the wires we had duct taped to the walls. This made for a bit of a wiring mess in the office.
|Clinic Network Diagram|
This year, I did something simpler. I ran the Operations Network and the Registration Network on the base L2 network between the buildings, but I used OpenFlow to provide the isolation for the Registration Network. With a few clicks of a button in our Cloud system, I configured the Guest Network to use an SSL VPN backhaul to a virtual router/firewall running in the Cloud. This router/firewall dished out DHCP addresses for the guests and forwarded Internet traffic for them. The Guest SSID was rate-limited to 3 Mbps up and 2 Mbps down. Finally, I assigned an OpenFlow based Captive Portal application to the Guest Network that redirected unregistered users to a splash page that collected their email address and required acknowledgement of the usage policy. The Captive Portal application runs on-top of an OpenDaylight instance in the cloud as well. So this year, I took advantage of the Cloud and our OpenFlow capability in a big way. Above is a diagram of what it all looked like in the end. I also used our outdoor AP to cover the quad this year instead of zip-tying our indoor AP to a tent pole. I was amazed at the coverage we got with the external antennas. One of the security guards was using the Guest Network from across the Quad with no problems.
|Outdoor Coverage from the Tent|
All in all, the event went quite well. The organizers gave away over $600K in services to over 1500 people in 3 days. They made approximately 700 pair of glasses on the spot, and cleaned, filled and yanked out countless numbers of teeth.
|California CareForce Clinics|
You can see the summary numbers at (www.californiacareforce.org/cs). The network is critical to the operation of the clinic, and the diverse needs of the different networks are a perfect test case for how flexible the Tallac system is. Tallac is proud to be a sponsor of this event and you can count on us to be at the next one.
“It’s the end of the world as we know it…" Jan 2016
“…and I feel fine !”
Whenever I start noodling on a new blog post, I almost always have a song lyric pop into my head. I’m going to date myself a bit, but this time it was a song from REM. EXCEPT I was singing it with the the alternate lyrics, “It’s the end of the LAN as we know it….and I feel fine!”
The Enterprise LAN has been around for decades. Over the years I designed and redesigned LANs more times than I care to admit. As network engineers, we took pride in designing better networks then the next guy.
But quite honestly, at this point they all look pretty much the same especially when you’re talking about mid-market businesses, say anywhere from 50 to 2,000 users. Wi-Fi APs, closet/distribution/core switches, perimeter firewalls with/without VPN and IDP capabilities, DHCP, DNS, some kind of management software…
Yet, as I’ve traveled around meeting with customers the past couple of years, I’ve been blown away by how smaller organizations build and manage their networks. Let’s take an example that’s close to home for me.
There are over 300 K12 school districts and 30 independent colleges in Indiana, most of them with fewer than 3,000 students. Nearly every one of them hires someone to design a network specific to their campus, independently solicits proposals from vendors, negotiates their own pricing and hires engineers to do the care and feeding of their network.
Do you think the networking requirements for K12 districts are THAT much different ? Does the LAN at one small, private college look that much different than the next?
Sure, there are some minor differences between a small school with 2,000 students and a large school with 15,000 students. But one 2,000 student K12 district or college’s networking requirements look pretty much like the next one. Yet, every school is still designing, building and managing their own network with absolutely no economies of scale across schools.
Now let’s compare that to another aspect of running a school – their cafeterias!
Nationally, more than 80% of colleges  outsource the management of their food service and, depending on the state, anywhere from 20-75% of K12 districts outsource their food service . The companies providing these services have much greater buying power and have much larger scale and therefore more specialized expertise in order to refine things like layout of space, recipes, processes, etc. They’ve saved schools money and, if a recent visit to my alma mater is any indication, they’ve greatly improved the quality of the service!
So why don’t they do the same thing with their networks? The answer is, they are – and at a pace that is increasing! And it’s not just education.
Why are they doing this? The specific reasons vary a bit from industry to industry – which I’ll discuss in more detail in later posts – but the overarching trend is the same and it’s driven by cloud and mobility!
SMB and mid-market businesses have embraced cloud and mobility quite rapidly. With their services moved to the cloud and accessible from anywhere, the LAN is starting to look like a utility. If the primary use of the LAN is to connect users to the Internet, from the C-level perspective, it’s really no different then someone’s home broadband, their LTE service or Wi-Fi at the coffee shop. So why are they still designing, buildings and running their LANs as if it were a unique resource providing a competitive advantage to their business?
The headache and expense of staffing qualified engineers, the unpredictable costs associated with refresh cycles…why continue to do this for something that has become a utility that provides no differentiation for your core business?
The trend towards Network-as-a-Service for SMB and mid-market business is already in full swing in certain verticals and is gaining moment. IMHO, this is the most significant trend to hit the Enterprise LAN business during my almost 20 year career in networking. It’s going to be disruptive to every aspect of the business from the sales channel to the underlying technologies in the network.
I don’t exactly how this will all play out, but as it does, I fully expect the Enterprise LAN as we know it – how it’s designed, sold, built and operated – will come to an end…
“….and I feel fine.” because I’m extremely fortunate to be part of an amazing team that is squarely focused on a next-generation Enterprise LAN solution built from the ground up for Networking-as-a-Service!
Stayed tuned for additional posts where I’ll attempt to provide more insights on how this might all play out!