Citing concerns about cloud security, Robert Half International Inc. plans to provide dozens of Amazon Web Services developers with their own virtual private cloud within AWS.
But in trying to do this, the Menlo Park, Calif.-based, worldwide staffing company overwhelmed its on-premises networking equipment's ability to create and maintain hundreds of IPsec virtual private network (VPN) tunnels into each virtual private cloud (VPC).
"Generally, the enterprise network is far more rigid and accommodates change more slowly, [whereas] AWS is designed for isolation and individual control; bridging these worlds is hard," said Sean Perry, Robert Half's chief information officer.
Robert Half needed another option.
At an AWS conference, Sherry Wei, a chief technology officer at startup cloud management software company Carmelo Systems, also located in Menlo Park, approached Perry. Carmelo Systems was developing CloudExtender (or Cloudx), a technology to better connect enterprise and cloud networks that Robert Half eventually piloted.
"Initially, the goals for getting Cloudx in were that we wanted to create an environment that was flexible, something that was standardized, something that we could spin up fast and something that was cost-effective," said Kai Paro, a solutions architect for Robert Half.
Delivered as a clustered group of virtual appliances, Cloudx has four main components: a network overlay that performs the functions of a Layer 2 network on-premises and Layer 3 within Amazon; a software-defined networking component that creates logical containers around each developer's VPC and allows them to also be fully distributed and full-mesh-connected; a cloud backbone that allows integration with AWS offerings such as message queuing; and an identification system that gives each logical container a unique identification code.
The technology lets Robert Half give each of its developers an individual VPC without purchasing new edge-networking equipment to accommodate the bandwidth. Cloudx also either customizes the logical containers to individual developers or standardizes them so the network topology always looks the same in each AWS region.
While the software has shown promise so far in trial at Robert Half, Carmelo is still at an embryonic stage. Robert Half is its sole customer and pricing has not been set. Carmelo Systems has only recently become an Amazon Technology Partner.
Perry said Robert Half expects to eventually pay yearly maintenance on the software, but will receive licenses for free in exchange for its piloting and beta work until then.
Cloudx cuts down on lead time
Cloudx can also be used to apply standard cloud security policies, so the enterprise security team has a say in what policies are applied to each logical container without having to look at every single environment that is created. Meanwhile, each container has its own IP address space, which is repeatable across all containers, so they can spin up and down quickly.
"We can create environments en masse and do it in a self-service fashion, knowing that it's going to be secure," Paro said. Previously, standing up such a container would require the deployment of multiple firewalls within Amazon, along with pre-deployment testing and configuration."
"We've watched that lead time go from two to three weeks down to a couple of minutes," Paro added.
Developers from any location can also stand up their own VPCs quickly and easily because traffic doesn't have to flow through the corporate data center and to the cloud to create VPN tunnels.