A Conversation with Daniel Huenink

sherry
By Sherry Wei
Founder and CTO, Aviatrix
May 18, 2018

Working at Aviatrix gives me opportunities to meet many smart people, the practitioners and pioneers managing cloud infrastructure. I want to understand and document their cloud journey and perspectives.

Today is my first piece: A Conversation with Daniel Huenink.

Meet Daniel Huenink, Network Architect at Nelnet, a public company in the student loan and repayment business.

Daniel is one of those superstars when it comes to Cisco domain expertise. He has architected and managed networks with Cisco WAAS, VoIP, ASA and ASR. Daniel also has diverse experiences as a database programmer and sysadmin.

We met with Daniel recently, discussing at length a specific routing feature he requested. Afterward, my curiosity caught up with me, and we talked some more. Here is part of our extended conversation with Daniel’s permission.

Sherry: Why did Nelnet move to public cloud?

Daniel: The biggest factor is cost, trying to reduce cost. It enables us to do more with less money so that we can remain competitive with our products and services in the market.

Sherry: How did you learn about Aviatrix?

Daniel: I met you guys at AWS re:Invent, watched theThis is my architecturevideo, and attended one of your bootcamps.

Sherry: What did you like about our Aviatrix product?

Daniel: I like the security feature on Aviatrix Transit Network. The fact that a Spoke VPC does not have connectivity to another Spoke VPC unless specified provides the network isolation we need in our highly regulated industry.

In our environment, business units have their own AWS accounts and therefore VPCs. For the most part, they shouldn’t be talking to each other. But if the underlying infrastructure is a fully connected network, then we’ll have to setup VRF and policies to prevent cross talk, that added layer of complexity is not what we need.

Sherry: Did you not try Cisco CSR1000v?

Daniel: I did start the POC with CSR1000v, but for the reasons I mentioned above, we decided to not to deploy it. In addition to segmentation, adopting CSR1000v implies we would be managing hundreds of BGP sessions, which is a task no one has time to take on.

Sherry: What is your view of security and encryption?

Daniel: Our business requires us to comply to PCI, HIPPA and other government regulations. We get audited often. Encryption for data in transit is a requirement, and data leaving a facility must be encrypted.

Sherry: Where does data encryption happen?

Daniel: Well, data can be encrypted at application layer or it can be encrypted at infrastructure layer. We have many applications, some are home grown, and some are commercial off the shelf (COTS) apps of which may or may not natively encrypt, so we enforce it at infrastructure layer. That’s why we deploy encryption over Direct Connect.

Sherry: Do you have a large deployment?

Daniel: Our current deployment is small as we are just starting, but I expect it to grow significantly in the next 3–6 months. We typically like to do an annual contract, but since it’s difficult to predict the usage growth in this case, we switched to Aviatrix Metered AMI offering. I like the flexibility of cloud consumption model where you pay as you consume.

Sherry: How do you plan to manage a large deployment?

Daniel: Automation. We are going to try to automate as much as possible. I have looked at Aviatrix Python SDK and REST API. It is currently written with python 2.7. I updated in my own environment to 3.0. It seems to work fine.

Sherry: That’s awesome. Since these are just https calls, they should work with either python 2.7 or 3.0. We are short in SDK comparing to our REST APIs. You will be more than welcome to contribute to our SDK open source project!

Anything else you may be interested in looking into?

Daniel: We enabled NAT function on the Spoke gateway for Internet access. We may be looking into the FQDN function for egress control in the future.

Sherry: Sounds great. Let’s sync up again later, I would love to learn more as your deployment gets bigger.


Comments

Comments are closed for this post.

Latest Posts


Understanding AWS VPC Egress Filtering Methods
By Khash Nakhostin, November 14, 2018

Implementing a Secure Transit DMZ Architecture with Next-Gen Firewalls
By Josh Hammer, October 16, 2018

Talking Innovation, Disruption and Software Defined Cloud Routing with Steve Mullaney
By Frank Cabri, September 28, 2018

Why the Economics of Adding a Network Engineer to the Cloud Engineering Team Doesn’t Add Up
By Neel Kamal, September 18, 2018

Navigating the New Networking Landscape In the Era of Public Cloud Computing
By Frank Cabri, September 7, 2018


Top Tags


Active Directory (AD)Amazon Partner Network (APN)Amazon Virtual Private Cloud (Amazon VPC)Amazon Web Services (AWS)Amazon WorkSpacesApplication VisibilityAviatrix Cloud InterconnectAviatrix ControllerAviatrix FlightPathAviatrix Hosted ServiceAWS Direct ConnectAWS Egress ControlAWS VPNAzure ExpressRouteCasachekChefCiscoCisco Live 2018Cloud Architectscloud burstingCloud ComputingCloud GatewayCloud MigrationCloud NetworkingCloudOpsCSRDevOpsEgress TrafficElon MuskEnterprise Strategy Group (ESG)GartnerGCP Next 16Google Cloud PlatformHub-and-Spoke NetworkHybrid CloudHyperFlex Multi-Cloud EcosystemInternational Data Corporation (IDC)Intrusion Detection System (IDS)Intrusion Preventions Systems (IPS)IPmotionJenkinsMalware DetectionMesh NetworkMicrosoft AzureMulticloudNetworking as a Servicenetworking infrastructureNiciraNoOpsNutanixNutanix CalmOpenVPN Access ServerPalo Alto NetworksPCI CompliancePci DssPublic CloudPublic Cloud NetworkingPuppetRemote AccessSD Cloud RouterSD-WANSoftware Defined Cloud RoutingSoftware-Defined Cloud RoutersSquidSSL VPN to AWSstorage and computeTransit DMZ Architecturetransit networkTransit VPCURL FilteringVirtual Cloud NetworkVirtual Desktop Infrastructure (VDI)Virtual RoutersVLANVMwareVPCVPC PeeringVPN