Koch CTO teams up to get cloud networking right

Integrating a new network after an acquisition can be a sizable headache for any CIO. But for Koch Industries, a $125 billion global conglomerate that has acquired five companies in two years, including Infor for $13 billion in 2020, connecting those acquisitions’ networks to its own sprawling network has been a challenge of another magnitude.

Traditionally, to integrate its acquisitions, Koch would flatten the acquired company’s core network, says Matt Hoag, CTO of business solutions at Koch. While this approach makes connecting the network easier, it is a slow, arduous endeavor that gets more complex as more companies are acquired, he says.

Moreover, Koch itself is in the middle of a digital transformation that adds cloud networking to the mix, further complicating the challenge. Cloud networking comprises three layers: first from on-premises data centers to the cloud, then within a cloud that has multiple accounts or virtual private clouds, and finally, between individual clouds in a multicloud environment. It’s more complicated than standard networking, Hoag says.

“Cloud deployments typically come in the form of multiple accounts, including multiple LAN segments that need to be connected. This encompasses not only VMs but also many other services offered by the cloud provider,” he says.

The major tasks involved range from deploying core IP routing, to enabling connections among virtual workloads within a multitenant cloud, to connecting multiple clouds, to ensuring remote users can connect to the company’s cloud estate. It’s the kind of challenge few, if any, enterprises can take on without a partner today, analysts contend.

Laying the foundation

Koch Industries began its migration to Amazon Web Services in 2015, when it also started on the first layer of its cloud networking strategy.

Koch Industries

Leased lines and direct connects would remain in the data center as part of this strategy, but Hoag did not want to route users through the data center to access data on the cloud. Instead, Koch’s engineering team set about virtualizing the physical transports to build the SD-LAN and firewall within the cloud rather than in the data center.

The company invested a hefty amount of time — roughly 18 months — and engineering resources just to bring on-premises networking to the cloud. “It was more of a challenge than I thought it was going to be in the early days,” Hoag says.

For the second two layers of Koch’s cloud network infrastructure, Hoag partnered up with a specialist.

IDC analyst Brad Casemore notes that there are several multicloud networking suppliers, including Aviatrix, Alkira, F5 Networks, and Prosimo, as well as established datacenter SDN suppliers such as VMware, Cisco, and Juniper. Co-location providers that offer interconnection-oriented architectures — such as Equinix, Digital Realty, and CoreSite — partner with many of these suppliers.

Hoag brought in Alkira to help tackle the challenge.

When building out one portion of a transport construct, the CTO recalls an ‘aha’ moment that he had one afternoon in a conference room in Reno, Nev., with Alkira: Using a third-party platform to handle the abstraction of networking into a software service would vastly reduce the complexity for his own IT team.

Alkira’s network segmentation and resource sharing approach would enable Koch to unify its on-premises and multicloud networks with a few clicks of the mouse, Hoag says. So his team set about migrating the first layer of cloud networking it built from scratch to work within Alkira’s platform.

“Prior to Alkira, anytime we acquired a new company, it would take 12 to 24 months to integrate their network due to the massive complexity,” Hoag says. “Now, we can set policy and have the entire network abide within 24 hours.”

Modernizing the network

Hybrid and multicloud networking, such as Koch’s, represents the next level of cloud maturity, says IDC’s Casemore, who adds that it’s a category in which most enterprises are woefully behind.

“While compute and storage infrastructure have largely aligned with cloud principles and the needs of multicloud environments,” Casemore says, “the network has not kept pace. ”

For Casemore, network modernization is indispensable to multicloud success: “Enterprises often are not fully cognizant of their networks’ multicloud deficiencies and limitations until they experience them firsthand. By then, the network’s inability to accommodate new requirements has often compromised the realization of an organization’s digital business strategy,” he says.

Here, Hoag says, partnering can be beneficial, as third-party specialists such as Alkira have a deep understanding of cloud providers’ obscure but significant technical differences. Working with a partner can also vastly reduce maintenance and troubleshooting, Hoag says, adding that to date Koch is enjoying similar data transfer speeds in all three layers of its cloud networking architecture.

Koch’s partnership with Alkira has also enabled the CTO to build up his team’s cloud networking skills.

“There is a talent war going on,” Hoag says. “This helps us move our team up the talent chain so they can focus on working with applications teams in the company and produce much better business outcomes.”

Enterprise Management Associates analyst Shamus McGillicuddy agrees that most enterprise CIOs will need to tap a specialist to achieve seamless cloud networking — one of the final phases of their digital infrastructure.

“Building a network across multiple cloud providers and one or more private data centers is too complex because network and security teams have to use different tools depending on which cloud or data center they’re working with,” McGillicuddy says. “This solution is an overlay that removes this complexity.”

By abstracting the various networking and security features different cloud providers offer, enterprises “can manage everything from one place, with one set of design parameters, one set of network and security policies, and one console for operational monitoring and management,” he says.

One day, setting up cloud networking may be as easy as using a credit card to set up a cloud instance, Hoag says. But not now. “When you start to have the kind of user needs to potentially have connectivity between different clouds, that’s more difficult,” the CTO says.