This is my third conversation with cloud architects. Click here for the previous one.
In this wave of developer led cloud transformation, traditional IT is often viewed as friction and a dated organization. Dennis is an exception. Not only does he manage the IT department as we know it, he is in the forefront of with the Ops team and architecting their new IT in the cloud.
I caught up with Dennis recently on the busy exhibition floor at AWS Chicago Summit.
Sherry:Which vendor’s equipment do you currently use for employee remote access and why are you changing?
Dennis: We currently use Sonic Wall for our employee remote access. But as we have moved 90% of workload to AWS, it does not make sense to require employees to first connect to on-prem and then connect to AWS resources. So, I started to research a product that enables employees to have direct remote access to AWS.
Sherry: What products have you looked at?
Dennis: I looked into Fortinet, Checkpoint and Cisco ASA. Their pricing placed them out.
Sherry: Why Aviatrix?
Dennis: Aviatrix remote access VPN is an OpenVPN® based solution that I’m very familiar with. I like the out of the box integration with LDAP and DUO. Our SRE and engineering team are already using DUO. The AWS marketplace metered AMI allows us to pay as we consume.
Sherry: Did you consider operations issues when you made the Aviatrix selection?
Dennis: Yes. I’m an architect and my focus is designing a solution. But my design must be operable by junior members in the team.The Aviatrix Controller has a user friendly interface that is simple to understand and operate.
Sherry: What is your plan to roll it out?
Dennis: We’ll start with our 25 SRE team members, then to the engineering team, finally offering the service to our 500 employees.
Sherry: You know most companies will consider employee remote access as the last thing to do in the cloud transformation process. It’s impressive to see that you are taking charge and architecting the new cloud environment.
Dennis: Yes, I’m still in the IT department, but these days I spend more time with Ops team and is the main point of contact between Ops and IT.
Sherry: How do you operate differently now that you are 90% in AWS?
Dennis: We focus more on business continuity as opposed to DR (disaster recovery) which is more reactive. Business continuity is about standing up environments in multiple regions so that in the event of an AWS region failure, our service is not disrupted.
Sherry: Any feedback regarding our product?
Dennis: I suggested a few improvements for importing the certificate, and that’s already implemented in the product. I’m very happy with the Aviatrix team, you guys are responsive and helpful. It would be great if you can integrate with Google authenticator for your 2FA.
Sherry: Thank you. Likewise, our team was impressed by your detailed research and knowledge. We’ll look into Google authenticator. Have you looked into our Egress FQDN filter?
Dennis: That’s something I’ll check out once we have user VPN deployed.
Sherry: Great, let us know how it goes, and thank you so much.