A six-figure surprise is awesome when it’s a lottery win. It’s not so awesome when it’s the “Amount Due” appearing in your monthly cloud bill. But enterprises receive these “surprises” all the time, and what can sting even more is trying to explain this preventable expense to management.

Inefficient (not optimized) traffic routing to and from your various cloud instances and other services can hurt your business in other ways too. It can lead to bandwidth and latency issues that undermine network and application performance. And while your cloud users likely have no clue what network path they’re taking to get to the resources they need, if their experience stinks, you’ll hear about it.

There’s a quick and easy way for your engineers to find and fix inter-cloud routing mistakes before they become costly problems: with a proactive intent verification in Forward Networks. We recently announced that Forward Enterprise now supports all major cloud providers (AWS, GCP, and Azure) to create a digital twin of your entire hybrid multi-cloud estate. This use case has been very well received by our current customers.

The intent verification feature in Forward Enterprise lets you confirm that all the traffic patterns to, from, and between your cloud environments — and across your cloud instances from providers such as Amazon Web Services (AWS), Google Cloud Platform (GCP), and Microsoft Azure — are configured in-policy. Even if a path works, it may not be the most direct route the traffic could take which creates latency for users and/or racks up unnecessary connection charges for your enterprise.

With proactive intent verification, you can ensure your cloud traffic configurations are in-policy. And you’ll find no more big surprises in your monthly cloud bills — at least, from inter-cloud routing mistakes.

For more details on the intent check feature from Forward Networks, join our technical solutions architects for a demo of the capability in action or read this use case.

Do cloud environments really have to be so foggy? Absolutely not. Yet, many enterprises have come to accept that not having full visibility into their cloud estate is just “how it is.”

That’s a risky position, as deploying or migrating third-party cloud platforms without a complete view of network traffic patterns can easily lead to security gaps and make troubleshooting a daunting task.

Most enterprises today use multiple cloud platforms like Amazon Web Services (AWS), Google Cloud Platform (GCP), and Microsoft Azure as part of their hybrid cloud estate. Visualizing their environment for troubleshooting requires multiple applications and often several experts within the team. As cloud use expands and providers release new services, the visibility problem is worsening quickly — and exponentially.

Sure, network and security teams have tools to validate connectivity and security for on-premises networking. But they’re not useful for the cloud. It’s like asking your teams to use a drill to hammer a nail. Plus, each cloud provider has its own nomenclature, methodology, and toolset. What network or security pro has time to learn and master all of that?

Thankfully, they don’t even have to try (unless they really want to). Forward Networks can help your teams make sense of your organization’s cloud estate and ensure the same policies you have in place on-prem are being enforced in the cloud. We’ve extended the visualization, search, and verification capabilities of Forward Enterprise to support AWS, Azure, and GCP. The Forward Enterprise platform now enables engineers to visualize the entire cloud estate alongside the on-prem environment in a single, normalized (vendor agnostic) view.

Want to learn more about the Cloud features of Forward Enterprise? Visit www.forwardnetworks/cloud.

Try a free 14 day trial of Forward Cloud through AWS Marketplace.

Today’s networks are too complex for manual network management and updates.  With most enterprises composed of tens of thousands of devices spanning multiple geographical locations, on-premises hardware, Virtual environment, and multiple clouds – it’s virtually impossible to push updates manually.   Also – the sheer volume of vendors and coding languages can be overwhelming for a network operations engineer.  In most cases learning a new language or new platform takes eight weeks to achieve basic proficiency; its not realistic to expect human skills to scale at the pace of network innovation (aka network complexity)

Fig 1. Itential Automation Example

Which is why we decided to integrate the Forward Networks platform with the industry-leading network assurance platform, Itential.  Their low-code automation platform makes it easy for network operations teams to deploy and manage multi-domain infrastructures.  Itential’s cloud-native software as a service offering provides a low-code interface that seamlessly connects to any IT system, cloud, or network technology for end-to-end closed-loop network automation and orchestration. Forward Enterprise enables network operators to deploy automated changes with the assurance that they are in compliance with network policies and won’t have any unintended side effects.

Fig 2. Closing the Loop: Automation + Verification

Forward Enterprise helps network operations engineers avoid outages through its unique mathematical model. The platform creates a digital twin of the network (across on-premises devices, private and public cloud) enabling network operators to map all possible traffic flows, instantly troubleshoot, verify intent, predict network behavior, and reduce MTTR (mean time to resolution). Itential simplifies and accelerates the deployment and management of multi-domain network infrastructure. Both platforms support major network equipment vendors and AWS, Azure, and Google Cloud platforms.

Fig 3. Automate Service Provisioning with Forward Networks and Itential

The Closed Loop Automation process enabled by the integration of Forward Networks Platform and Itential Automation Platform (IAP) acts as a safeguard to prevent any issues from becoming pervasive following a change window.  Using the pre-built automations, templates, form builder, automation builder within Automation Studio makes it easy for network operations engineers to build an automation catalog that enables changes at scale.  By using the API integration with Forward Networks, they can verify routing, add intent checks, verify new service connectivity, check for side effects and send notifications and verifications via Slack, Microsoft Teams, Cisco WebEX, and email.  Integration with change management systems including ServiceNow and Jira ensure everyone is working from a single source of truth and expedites collaboration. In the event of an issue, the diff check functionality within the Forward Networks platform makes it easy to pinpoint which changes are causing any unplanned behavior.

For more detail on how the integration works, please view our ONUG Spring 2021 session.

As more enterprise-class cloud platforms have emerged over the last few years, organizations are looking to leverage these alternatives to take best advantage of each in a multi-cloud IT strategy. The advantages of a multi-cloud strategy can easily include resiliency, price-competitiveness, feature-alignment, and cross-silo visibility. 

But with all these advantages comes the complexity of dealing with inconsistencies between cloud providers, both from a policy compliance perspective, as well as a consolidated management view. To be successful, organizations need a common verification platform to ensure easy transition and flexibility between multi-cloud providers. 

SDxCentral outlined some of the key benefits of a multi-cloud strategy in this article:

Enterprises select a multi-cloud strategy due to the benefits. For starters, the multi-cloud is readily available. If one cloud is offline, then the enterprise may still work on the other clouds and achieve its goals. It’s also customizable and flexible in the sense that an enterprise may “select the ‘best’ of each cloud type to suit their particular business needs, economics, locations, and timing.”  Another significant draw for a multi-cloud adoption is that enterprises can escape vendor lock-in as its data is stored on various service providers’ clouds.

The multi-cloud strategy offers security precautions that a single cloud deployment does not. According to Citrix, the multi-cloud also hinders Shadow IT activity. The company describes Shadow IT as “technology used by individuals or groups within an organization that is not managed by the organization’s IT department. This problem tends to arise when policy-compliant IT does not fully meet the needs of the organization. A multi-cloud environment allows groups to comply with IT policy while benefiting from a specific cloud technology.” It also dodges the gravity of a distributed denial-of-service (DDoS) attack as the attack won’t affect all the clouds within a multi-cloud, leaving the enterprise still functional despite the attack.

But what are the differences and complexity between this and a traditional hybrid cloud strategy? In a hybrid cloud strategy, which includes a single primary cloud provider and the on-premises private cloud, there is no need to worry about inconsistencies between cloud infrastructures. If, for example, application deployments should be consistent from a myriad of policy requirements between two or more cloud providers, that has been a lot of work to ensure just from a security and application connectivity perspective. 

Similarly, should a multi-cloud strategy imply that traffic flows are not going between cloud providers and that each cloud provider is just a siloed hybrid cloud deployment? Hopefully, not, but how can network administrators visualize and manage network paths and topologies across multiple cloud vendors? Are destinations in each cloud provider reachable with the right application policies, with the optimal traffic patterns, across multiple providers and the on-premises hybrid cloud network? Who is providing this management view, tools, and verification checks?

Hybrid cloud platforms and management tools often have a difficult time showing end-to-end traffic flows and topologies across a single cloud provider and the on-premises network. But this is exactly what makes Forward Networks an ideal platform to ease the migration from a hybrid cloud approach to a multi-cloud strategy.

Within our multi-vendor, cloud-agnostic verification platform, we eliminate the seams between cloud vendors and the private cloud network. Not only can the entire topology of a multi-cloud environment be visualized in a single view, but we can ensure that implementations for various policy requirements are consistent between cloud providers. Organizations can eliminate most of the complexity and differences between various cloud platforms, or at least easily verify the impact of deployments as they are migrated from one provider to another. 

Distributing workloads to where they make the most sense financially and technically can finally be managed with greater flexibility and confidence. If an organization has experts on managing only a single hybrid cloud infrastructure, now everyone can take advantage of a common view and automated verification checks to quickly assess network-wide, multi-cloud policies, identify configuration errors between cloud platforms and quickly add more value to the organization. 

Today, Forward Networks supports AWS VPC cloud services, along with Microsoft Azure, and (coming soon) Google Cloud Platform (GCP). Building a multi-cloud environment between and across these vendors has never been easier or cost-effective, as you look to avoid cloud-provider lock-in. 

Network complexity has reached nearly unmanageable proportions for most organizations. With thousands of devices, millions of lines of code to configure networks, and constant updates, it has become nearly impossible to track network topology details, let alone network policies, behavior, and capabilities end-to-end. The result is a network infrastructure that is resistant to change and risk, which reduces the ability of the IT team to quickly address changing business needs and application requirements. Can Automated network mapping solutions stem the tide of complexity and tedious resource drain?

For many organizations, the state of the art for network maps and documentation is Visio diagrams or spreadsheets of device names and IP addresses. Even network management tools can not keep pace with the rapidly changing details of dynamic network environments. Organizations have to rely on senior network engineers to track network details, but such expertise is easily lost and learning curves are steep and expensive. 

Organizations need to automate the network mapping process, so that information is always up-to-date and accurate, while reducing overhead in documenting network details. Automated network mapping software can form a single-source-of-truth for network details, configurations, topology maps, and connections. The ideal automated network mapping solution can even turn the tens of millions of network details, security policies, connections and forwarding rules into a usable database where such information is readily accessible with simple queries to be used in troubleshooting, network analysis or compliance checks. 

The heart of an automated network mapping solution is the centralized process that can access each device and collect and organize the relevant data. With all of the right details, a current network topology diagram can be generated quickly to guide network management tasks and workflows. 

Automated network mapping is one of the key use cases and features of the Forward Enterprise platform. Forward Enterprise collects all network information, including forwarding tables and security rules, from each device in order to build an interactive map of the network topology. The information is organized into a database as well, with a simple query language to quickly identify configuration errors, outdated systems, or down links. 

Network collections, to update the automated network map, can be scheduled periodically or pulled on-demand, to make sure that IT managers always have access to current information. Information from the automated network map can then guide a wide range of network management workflows and processes. Automated network mapping can also ensure that all team members and IT silos have access to the information they need, no matter where they are on the learning curve of managing a complex enterprise network. 

The Forward Networks automated network mapping capability even includes cloud networks. Network maps can show flows throughout a multi-site on-premises data center over a WAN connection and to public cloud providers such as Amazon AWS and Microsoft Azure. Being able to visualize a contiguous network map across multiple vendors, sites and service providers is a powerful debugging and analysis tool that can quickly improve IT operations. 

As networks become more complex and require more frequent updates, organizations need to automate more of the management tasks. Automated network mapping should be a primary focus to ensure that an accurate, always-up-to-date view of the network topology and key management details are available to accelerate IT processes.

Top cross