Cloud Computing

Managed Services Monday with VMware Aria: Managed Networking (2/2)


This weeks post continues were we left off last week and covers the second half of managed networking with Aria. If you missed the first half, it is highly encouraged to read it first here. We looked at a range of areas that providers can offer managed networking services in:

High-level areas for managed multi-cloud networking services
Figure 1: High-level areas for managed multi-cloud networking services

Based on that, we looked at value-added managed services to add to these areas. We covered the bottom left quadrant of adding device management, flow analysis and NSX-related value-added services for private, edge and provider-managed clouds:

Broad and deep managed networking service areas
Figure 2: Broad and deep managed networking service areas

With that, let’s cover application and multi-cloud networking in the context of managed services.

3. Application Networking

Adding application networking visibility to Aria Operations

Within modern applications, a lot of communication happens on the service layers above the physical and virtual network. These layers can be implemented in a similar way on top of different IaaS stacks and clouds. Technologies that enable this at scale and across clouds include Kubernetes Ingress, API Gateways or Service Meshes. They can for example be based on NSX Advanced Load Balancer, Tanzu Service Mesh, or hyperscale and open-source equivalents. To gain visibility into this level of application networking, service providers need to integrate them into their managed services toolset. This moves the focus into the upper left quadrant of managed network services in figure 2.

To build a base managed service around this area, Aria Operations and Aria Operations for Applications come with the respective integrations. They allow the provider to look deep into these technologies and provide troubleshooting and managed services, for example:

The integrations will give the respective teams deeper insights to deliver value-added services on the application networking layer. And like we have seen before, this approach includes a natural handover point between different managed services teams. In this case, between the managed application, managed infrastructure and managed networking teams. You can find a detailed example video of how to use the integrations for in-depth operations services that involve multiple teams here:

Aria Operations for Networks visibility into application layer

Clearly, provider’s managed networking teams need additional capabilities to dynamically discover and map applications, dependencies with the network stack and traffic patterns. As seen in the above demo, this is where Aria Operations for Networks comes in – again. It delivers ML-based application discovery by using flows, ServiceNow integration and property-based discovery. Providers may use these features to conduct application dependency mapping and build value-added application services on top. Such services help reduce friction in defining application boundaries and give accurate views on which components run these application.

Application discovery and mappings in Aria Operations for Networks
Figure 3: Application discovery and mappings in Aria Operations for Networks

On the network layer, Aria Operations for Networks helps providers deliver an intent-based network operations service that is application-aware. The value-added service here is a pro-active problem detection and resolution or notification. Customers and service providers agree on the business, technology or compliance intents in their service contracts. These get codified in Aria Operations for Networks intent templates or user-defined intents. A list of supported intent types is available in the documentation. From there, Aria Operations for Networks periodically verifies whether the defined intents are satisfied or not. Alerts get generated if an intent is violated and appropriate notifications can be triggered. The provider can take action upon these notifications as a value-added managed service:

Intent-based network operations
Figure 4: Intent-based network operations

To summarise, the combination of Aria Operations for Networks with Aria Operations and Operations for Applications allows provider to build a range a value-added application networking services. Those include pro-active operations of the application network components, as well as application discovery services, which lead to increased managed application business. Further, the provider can offer intent-based management and operations of the network, according to business requirements.

Base and value-added application networking services
Figure 5: Base and value-added application networking services

With the insights gathered from the application layer and discovery, providers can create new value-added service around multi-cloud. These range from workload placement, cloud migration planning and execution, cross-cloud traffic management, optimization and many more. What all of these have in common, is that they require interconnectivity between multiple clouds.

4. Multi-Cloud Interconnectivity

Workload placement, migration and connectivity

The capabilities and architecture of multi-cloud interconnectivity informs application placement and migration strategies. And it offers the opportunity for another set of managed services as outlined in the upper right quadrant of figure 2.

There are several ways to connect to and between different clouds. Without going too much into the complexities of multi-cloud network interconnectivity, let’s look at opportunities for building managed services around them with Aria:

  • Virtual Private Network: Public internet connections are used to build site-to-site VPN tunnels. This includes hyperscale services like AWS VPN, Azure VPN Gateway or Google Cloud VPN. These VPN options are supported for monitoring via Aria Operations, which allows for a first basic integration into the monitoring practice, together with other components covered previously.
  • Private Connection: Private direct connections for workloads requiring high-bandwidth. Examples from hyperscalers include AWS Direct Connect, Azure ExpressRoute and Google Interconnect. Aria Operations can partially monitor these, too. Further, Aria Operations for Networks has deeper integrations into the most common network devices used to establish these private connections from the partner or customer datacenter. As another example, Aria Operations for Networks comes with support for AWS Direct Connect to VMware Cloud on AWS. This integration allows providers to:
    • Identify flows that pass over Direct Connect between datacenters and VMware Cloud on AWS SDDCs
    • Run the flow analytics to understand the flow bandwidth and the packet rate
    • View the detailed path topology between virtual machines that communicate over Direct Connect.
    • View details about Direct Connect and associated alerts.
  • SD-WAN: VMware SD-WAN and similar solutions can be layered on-top of both, private and public connections to clouds. It performs dynamic, application-aware, per-packet link steering and path conditioning to deliver reliable connectivity. VMware SD-WAN is available from partners, in AWS, Azure, and GCP. And it is one of the primary solutions to connect multiple private locations and brach offices to a given cloud in a multi-cloud environment.

Managed VMware SD-WAN for cloud interconnectivity

VMware SD-WAN can be integrated in various ways into Amazon Web Services, Microsoft Azure and Google Cloud Platform. For example, VMware SD-WAN vEdges are available for deployment in the respective cloud marketplaces. To understand the options in more detail, you can find a comprehensive overview webinar here.

The VMware SD-WAN platform is designed for partner-managed, multi-tenanted environments, making it ideal for providers that want to offer managed services. You can learn more about this in the VMware SD-WAN Partner guide. Leveraging VMware SD-WAN as part of the multi-cloud network architecture allows providers to use it’s deep integration into Aria Operations for Networks:

VMware SD-WAN monitoring with Aria Operations for Networks
Figure 6: VMware SD-WAN monitoring with Aria Operations for Networks

This integration closes the loop to Aria as the single, federated platform to provide managed network services across all clouds. It comes with dashboards for applications, sites, hubs and edges, allows to conduct flow analysis, full path visibility and more:

Federated view across sites and clouds using SD-WAN and Aria Operations for Networks
Figure 7: Path view across sites and clouds using SD-WAN and Aria Operations for Networks

The value-added services can range from designing, implementing and monitoring of cloud connectivity, pro-active alerting and problem resolution, all the way to traffic and application performance optimization. Aria Operations for Networks also comes with assessment capabilities to analyze configuration, metrics, and the flow patterns of the various branch offices and data center sites to estimate the cost savings. Combined with the rest of the Aria portfolio, this enables a wide range of adjacent value-added professional service like application and workload placement planning, cloud migration and transformation, as well as cost optimization. We cover this in a later part of this blog series.

Public Cloud Networking (5)

As the last area that providers can include in their managed networking practice, we look at public cloud networking. Aria Operations for Networks supports all VMware hyperscale solutions across the major public cloud providers:

Beyond that, hyperscalers provide a wide range of native networking services in their clouds. To gain visibility into these workloads, Aria Operations for Networks also comes with (limited) support for native public cloud accounts. For example in AWS, it can collect information about traffic going to and from a VPC via FlowLogs. And in Microsoft Azure, the integration can collect information about a range of services:

  • Azure Application Security Group
  • Azure Data Source
  • Azure NSG Rules
  • Azure Network Interfaces
  • Azure Network Security Group
  • Azure Route Table
  • Azure Subnets
  • Azure Virtual Machines
  • Azure Virtual Networks
  • and more …

Yet depending on the type of managed services and the depth of visibility required, providers might have to rely on additional tooling from the respective cloud provider.

Conclusion

This concludes the Managed Services Monday with Aria posts on managed networking services. We have seen a range of areas where providers can build managed services around multi-cloud networking. Even though we only scratched the surface and gave an overview of this complex topic, the opportunity should be obvious. Services can range from basic network connectivity and troubleshooting across various locations, pro-active traffic analysis and optimization, ensuring application performance as well as enforcing business policies via intent-based networking. Additionally, multi-cloud workload placement, planning, migration and optimization can be delivered by providers.

The tool that adds the required visibility to the previously described Aria stack, is Aria Operations for Networks. It comes with a wide range of integrations into network equipment, VMware NSX, VMware SD-WAN, as well as native and VMware-based cloud services.

In the next week, we will extend our view on multi-cloud managed services towards managed security. Until then, please don’t hesitate to reach out to your VMware account team if you want to learn more or get started on building a managed services business with Aria.