Take your time, download and read through the whitepapers and case studies most relevant to your business. If you'd like to learn more, we welcome the opportunity to talk.
Digital Transformation: Our Abstraction Is Your Salvation
In this whitepaper, we investigate the demands that digital transformation is placing on modern businesses, discuss steps being taken to address those demands, and propose a solution to the greatest roadblock in successfully navigating constant digital change, agile interconnectivity.Download
Simple New Solutions to Complex AWS Connectivity Challenges
NetFoundry has identified three common scenarios among customers with public cloud services as part of their hybrid and multi-cloud strategies. In this whitepaper, we will investigate each scenario, explore common solutions, and invite the reader to re-imagine these solutions with NetFoundry.Download
Regional Banking: Cloud Disaster Recovery & Branch Connection
In this case study, we discuss how, in partnership with Alliance Technology Group, the NetFoundry platform was used to securely connect all branches, cloud disaster recovery services, and two data centers. This transformation resulted in a less expensive, more reliable corporate network, with the ability to provision new branch offices within two weeks. To top it off, the solution outlined in this case study saved the bank over $500,000 per year.Download
OUR ABSTRACTION IS YOUR SALVATION The fourth digital transformation industrial revolution is bringing multi cloud change at a speed, scale, and force unlike anything we’ve experienced before. It has already begun to affect every aspect of the human experience. The rate of change is so rapid, many companies are struggling to understand how to respond. Firms around the globe are completely retooling their organizational structures, operating models, business processes, technology, skills, and cultures to effectively respond to a new reality of constant transformation.Agility in the face of this new, ever-changing reality is so fundamental to success, that younger tech-centric firms are often out-pacing their larger, established counterparts. Age-old monolithic banks are struggling to respond to change as fast as they can to compete with cloud and mobile-first disruptors like Square and Stripe, whose business models are almost entirely digital. Finance isn’t the only industry that’s digitally transforming. Disruptors such as Tesla are changing the automotive industry and transforming the way consumers expect to interact with it in their wake. As established businesses evolve to try to keep up, the agility these firms need to survive requires business service architectures focused on modularization. As a result, applications and services are moving to highly distributed, multi-cloud, interdependent microservices and APIs.To truly evolve and survive, all aspects of a business from customer engagement to fulfillment, and everything in between must embrace transformation as a constant, driving paradigm shifts in systems and process integration, and deeply influencing strategic decision-making at its core. In this whitepaper, we will investigate the demands that digital transformation is placing on modern businesses, discuss steps being taken to address those demands, and propose a solution to the greatest roadblock in successfully navigating constant digital change, agile interconnectivity.In this whitepaper, we will investigate the demands that digital transformation is placing on modern businesses, discuss steps being taken to address those demands, and propose a solution to the greatest roadblock in successfully navigating constant digital change, agile interconnectivity. IT’S ABOUT THE MULTI CLOUD DIGITAL TRANSFORMATION JOURNEY With the immersion of everyday life in internet connectivity, customers typically interact with a company through multiple channels, often making buying decisions based on the perception of simple, seamless usability of channel interaction. If this interaction becomes painful, the customer will often move on to other companies that offer a better experience. In many instances, the better customer experience influences buying decisions more strongly than the actual product or service being purchased.While adaptable customer experiences and their underpinning processes are important, business functions must then be enabled in such a way that they too can be modularized and used in multiple places. In today’s world, this is done by implementing isolated, independent microservices. For example, if a customer purchases insurance, one step may require the customer to digitally sign their acceptance. If such a function is presented as a module, it can be reused in multiple places across many different customer engagement experiences. As digital transformation accelerates, the library of such reusable service modules will continue to grow. As the environment changes, business functions will be updated to meet the new requirements of the ecosystem. If at some point e-signatures are replaced by palm scans, updating a single module to meet that need ensures automatic propagation across all places that function is used. This adaptability enables fast and efficient change. A CASCADING EFFECT Ideally the modularity that the organization applies to their business services should be extended into the infrastructure that supports them, allowing for more cost-effective change and efficient scalability. Although integration between these systems is key, isolating technology in terms of the business services they provide makes it possible to swap certain modules of technology gradually instead of completely revamping the infrastructure. As a result, cloud virtualization and infrastructure-as-a-service (IaaS) have become the rule, rather than the exception. Making changes and adjustments in these environments is simple, inexpensive, and immediate.With constant change in applications and infrastructure, network agility is paramount, but networks such as MPLS and the equipment that drives them have remained largely unchanged. While SD-WANs and multi cloud similar technologies have introduced some abstraction into site-to-site connectivity, they are often location, hardware, and service-provider specific. The modularity that makes thriving in a world of digital transformation possible requires a paradigm shift, where network edges are no longer defined by physical locations, but by applications. In application-specific networking, application endpoints define the edges and application contexts programmatically define the networks.NetFoundry makes it possible to spin up highly secure, performant, application-specific networks at scale using web-based orchestration tools and APIs. These “AppWANs” abstract the network in the same way that containers and virtual machines abstract applications from underlying compute infrastructure. Moreover, because digital transformation is a gradual process, NetFoundry’s technology and orchestration tools give businesses the ability to meet the needs of the digitally transformed application environment, while interworking with existing networks and systems to continue to serve current needs. As business services are modularized in a transformation cycle, AppWANs can be spun up, segmented, and adjusted in minutes to secure and connect them to the appropriate context within the company ecosystem or over the Internet.THE APPWAN SHALL SET YOU FREEOverlay networking is a method of using software to create layers of network abstraction that can be used to run multiple separate, discrete virtualized network layers on top of a physical network, providing new applications or security benefits. NetFoundry AppWANs are software defined encrypted overlays capable of dynamically adjusting to meet performance requirements created using our console, command-line interface, or APIs, that define how endpoints are permitted to access services (such as applications) across the Internet and/or existing private networks such as MPLS. One major benefit of AppWANs is that since they are abstracted above network infrastructure, they are completely service provider agnostic. HOW DO APPWANS WORK? First, an administrator uses NetFoundry’s web-based orchestration console and/or APIs to design and instantly deploy AppWANs. An AppWAN is created when an endpoint or group of endpoints (which can be any combination of virtual gateways, virtual machines, IoT devices, smartphones, laptops, etc.) is assigned permission to access a set of services (applications). The console and APIs enable the administrator to enforce their policies, without needing to manage the infrastructure itself.Each AppWAN is managed by a virtual NetFoundry controller, enabling the administrator to benefit from NetFoundry’s overlay fabric without needing to manage the underlying network. These controllers interact with business and application systems such as IAM, IoT identity, and cloud policies to enable each AppWAN to be programattically controlled by the application contexts and needs.NetFoundry’s global network fabric and endpoint software enable secure, reliable networking from anywhere to anywhere. The endpoint software connects to the fabric from any Internet connection, extending each AppWAN to the application edge. The software routes each session to the NetFoundry network fabric, and adaptively manages Quality of Experience (QoE) during each session.Our orchestration tools, overlay fabric, and endpoint designations are integration-first, designed to integrate inside applications and platforms to provide businesses with full stack solutions, which enable developers to control the network inside their apps. PURPOSE BUILT FOR DIGITAL TRANSFORMATION NetFoundry’s AppWANs replace the need for private circuits, proprietary hardware, and telco solutions, so developers can integrate secure, performant multi cloud networks in software, and use any WAN technology or Internet connection for traversal. We designed our technology to meet four key sets of requirements, providing a new networking paradigm purpose-built to enable digital transformation.Programmable, On-Demand, & Made For Platform Integrations • Untether networking from the engineering of the underlying networks, enabling virtual networks to be programmed to be fit for purpose• Enable app-specific virtual network overlays to be driven by the identities, contexts and needs of each app and set of IAM policies• Enable apps and network orchestration to communicate via APIs, eventually incorporating user and AI inputs.• Enable app connections to be on-demand and elastic such that provisioning app connections is as simple and powerful as spinning up a virtual machine in the cloud• Enable ecosystem partners to integrate the previously disparate silos of apps, network, and security, creating platforms which deliver full stack solutionsInternet-First• Provide Internet-connected endpoints and applications with the security, performance, and reliability they require, independent of the networks they traverse• Enable the use of any Internet Service Provider (ISP) or mix of ISPs to connect to NetFoundry’s overlay fabric and reliably deliver application connectivity across the InternetSecure & Performant By Design• The Internet’s permissive architecture is powerful, but it is also a security vulnerability. NetFoundry enables secure, isolated, private AppWAN overlays across the Internet, without requiring security infrastructure such as VPNs.• Traditional security infrastructure often compromises performance. Thus, businesses often move performance-sensitive applications such as voice and video outside of VPNs.NetFoundry builds both security and performance into the architecture, as it is not acceptable to compromise either in a digitally transformed worldManageable In A DevOps Paradigm, Rather Than A Traditional Network Ops Model• Networking needs to be an agile, fit for purpose innovation enabler, which integrates with DevOps automation, continuous integration, and quality assurance frameworks• NetFoundry’s web-based orchestration console and APIs enable administrators to orchestrate AppWANs without requiring specialized network engineering skills or toolsSECURE BY DESIGNEach multi cloud AppWAN is fortified by a military-grade, five layered security architecture which isolates and protects data flows, resulting in a private, dark network, microsegmented by application. In an ecosystem defined by AppWANs, security and compliance needs are defined by application, rather than the combination of application, network, and security infrastructure. This eliminates potential vulnerabilities introduced by separate policies.Security Layer 1: Authenticate-Before-ConnectBy design, AppWANs authenticate endpoints before the endpoints are given network access. This authenticate before-connect security paradigm is becoming a best practice with advocates including the Cloud Security Alliance (“Software Defined Perimeter”), US Defense Information Systems Agency (“black cloud”), and Google (“BeyondCorp”).Security Layer 2: Least Privilege Access (LPA)Each authenticated endpoint is only given the access it needs, as defined by the security polices of the business. LPA enables application-level, centralized (one IAM policy across apps and network), micro-segmentation. For example, an IoT device may be diverted to a honeypot network depending on its identity or location.Security Layer 3: Dark NetworkProtected endpoints open an outbound connection to the NetFoundry overlay fabric which “listens” for authorized data. AppWANs deny any packets which have not been authorized, making the network dark. Even if a device inside the network is vulnerable, AppWANs mask the deficiency by rejecting the externally originated attempts before it can reach the vulnerable device.Security Layer 4: Data-In-Motion ProtectionAppWANs use strong encryption, on demand. NetFoundry partnered with Dispersive Technologies to incorporate Dispersive session splitting technology, which is currently used for the transmission of US power grid data, and fragments each individual data session into multiple, individually encrypted data flows. Our web-based orchestration console and APIs enable administrators to centrally manage encryption and session splitting on an application-by-application basis.Security Layer 5: Move the Attack Surface Away From the BusinessNetFoundry manages infrastructure at data centers around the world, including data transit nodes, proxies, session border controllers, and security infrastructure. These data centers move the attack surface to the highly resilient and protected NetFoundry overlay fabric, and away from business networks, assets, and data.PERFORMANT BY DESIGNTraditional networking solutions such as MPLS and SD-WAN lose control of data once it is routed to a destination which is not front-ended by WAN CPE, thus relying on best effort Internet over those routes. Conversely, NetFoundry’s overlay fabric optimizes data across the Internet, assuring quality of experience (QoE) with a quad-layered architecture.QoE Layer 1: Supplementing BGP-Based RoutingBGP, the dominant inter-AS routing protocol, is tolerant of latency and packet loss until they result in “outage” conditions, and ISP routing is often built to optimize costs over performance. AppWAN endpoints work on top of BGP to adaptively route across the best performing paths on NetFoundry’s global overlay fabric (multiple tier one Internet backbones).QoE Layer 2: Proxying TCPTCP, the protocol underlying most Internet data, suffers from well documented problems which constrain performance, particularly when there is material latency or packet loss. NetFoundry overcomes this issue by proxying TCP, substituting a performant method over UDP with reliable delivery mechanisms, dramatically outperforming traditional single-path VPNs in terms of throughput and latency.QoE Layer 3: Hybrid WAN Local AccessNetFoundry’s optimizations for BGP and TCP significantly improve “middle mile” performance. However, AppWANs optimize the local access segment as well. Each endpoint can aggregate multiple networks such as wired and wireless into a single overlay according to application policies, improving performance, throughput, and cost. In addition to providing better access network resiliency, this multiplies route diversity, enabling the AppWAN to utilize more paths to meet the QoE requirements of the application.QoE Layer 4: Direct RoutingSince AppWANs are network agnostic, provide embedded security, and do not require custom CPE, businesses can directly connect any endpoint or site to its destination. The latency added by the “trombone” routing above is one of the major causes of QoE problems to SaaS and IaaS services. Although SD-WAN could theoretically route directly via Nashville in our example, the policy will most often steer data to the MPLS network, because the SD-WAN cannot control security or performance once it hands the data off to the Nashville ISP. NetFoundry’s embedded, Internet native security and performance optimization enables the business to route isolated AppWANs directly from Nashville.REAL CHALLENGES, ELEGANT SOLUTIONSExtend SD-WANs & MPLS to Multi-cloud & SaaSVelocloud announced their SD-WANs used NetFoundry to meet Proen’s Office 365 needs. The Velo CPE routed the data via AppWAN to improve Office 365 performance. Proen continued to use Velocloud for their site-tosite SD-WAN needs, but could now secure and optimize apps such as SaaS and B2C with NetFoundry.SD-WAN and MPLS CPE can’t be provisioned at all SaaS, cloud, IoT, mobility, B2B, and B2C sites, so the on-site CPE is forced to hand the data off to the local ISP, traversing best effort Internet. Using AppWANs, that data can be secured and performance optimized, just like the site-to-site SD-WAN or MPLS data, without the need for private telco circuits and hardware.Industrial IoT (IIoT) Solution StacksPatients use Integron delivered healthcare IoT solutions, such as networked dialysis machines over residential Internet connections. NetFoundry’s AppWANs enable these B2C apps to be delivered reliably and securely to healthcare and pharmaceutical organizations, regardless of what homenetwork the patient is using.Micron leverages NetFoundry’s platform to provide identity secured networking for cases such as connected car, and Neustar is leveraging AppWANs to provide identity secured networking.Secure, Business-to-Business ExtranetcleverDome, a leading financial consortium, uses NetFoundry to enable their members to participate in a secure, encrypted extranet without the high cost and unwieldiness of private telco circuits.NetFoundry’s AppWANs enable extranets and supply chains provides superior security by only granting access to specific apps, rather than forcing the exposure of entire networks, and enabling administrators to control the access by web console, IAM integrations, and APIs.SaaS Performance & Security OptimizationIBM and NetFoundry showcased how IBM Watson customers can securely and reliably connect contact centers and enterprises to Watson cognitive services using existing Internet connections, rather than provisioning telco circuits to IBM Watson data centers. SaaS providers can use AppWANs to offer “platinum” tiers of increased security and performance.Multi-Cloud ApplicationsAlliance Technology group harnesses NetFoundry AppWANs to meet their banking customer needs for secure connectivity without requiring telco circuits and custom hardware.Businesses can use NetFoundry to optimize internal private apps and to migrate apps to the cloud without causing security or performance problems while optimizing public cloud services.CONCLUSIONAs the fourth industrial revolution affects every aspect of the human experience and drives cycles of change, all aspects of a business from customer engagement to fulfillment, and everything in between must embrace transformation as a constant, driving paradigm shifts in systems and process integration, and deeply influencing strategic decision-making at its core. To enable the agility required to meet these needs, businesses are turning to highly distributed, multi-cloud, interdependent microservices and APIs which demand agility in network connectivity.NetFoundry leads the next generation of software defined networking, purpose-built to meet the needs of a digital transformed application landscape which cannot be fulfilled by the separate-from-apps, hub-and spoke, private circuit and hardware reliant architectures of MPLS and SD-WAN.With the distribution and software speeds of a digitally transformed world, WAN hardware no longer defines all network edges. Application endpoints are the new edges, and their contexts need to programmatically define the networking which connects them. AppWANs are built using NetFoundry’s orchestration console or APIs to connect apps, rather than connecting WAN sites. Since digital transformation is enacted in phases, AppWANs supplement existing networks, rather than requiring rip and replace migrations.You cannot control every network in a digitally transformed world, so NetFoundry ensures QoE and security mechanisms are agnostic of the underlying network. NetFoundry’s QoE and security is purpose-built to optimize Internet segments, and to interoperate with applications and ecosystem partners to be a part of a full stack solution. NetFoundry’s orchestration tools, global private overlay fabric, and AppWANs are uniquely capable of providing businesses with the networking paradigm required to meet the needs of the digitally transformed application landscape.CLOUD DISASTER RECOVERY & BRANCH CONNECTNetFoundry & Alliance Technology Group Partner To Bring Secure, Software-Only Application-Specific Networking To Regional BanksSECURITY & AGILITY: APPLICATION-CENTRIC NETWORKINGWith digital transformation becoming the norm in the finance industry, the network has to evolve to better serve agile, distributed business-led applications. Traditional networking approaches such as MPLS, SD-WAN, and IP VPNs cannot meet the challenges of today. They are are location, hardware, and service-provider specific. Thriving in a world of constant digital transformation requires application-centric networking, where the network is an integral component of application development and operations life cycles, alongside databases and other related components.NetFoundry is a software-only solution that enables our customers and partners to instantly spin up secure, performant, application-specific, zero trust networks with public Internet reach and scale. These “AppWANs” are created and managed using secure developer-friendly web-based orchestration tools and APIs tailored to fit within application development and operation life cycles.Application teams can easily configure and operate AppWANs, which act as one-to-many discrete application-specific microsegments. Each AppWAN is a selected subset of endpoints associated to an application with which, authorized endpoints are allowed to exclusively communicate, creating a zero trust relationship. NetFoundry AppWANs enable non-expert Line-of-Business and IT project teams to quickly and independently spin up and scale out compliant, performant internet-distributed applications as easily as they spin up services inside a public or private cloud.Key BenefitsNetworking as agile as the applications and IT functions it servesFaster configuration changes and updatesHardware and service provider agnosticLower operational costPerfect for DevOpsUnmatched control & security with software-defined perimeter (SDP) & zero trustEnables secure networking across branches, clouds, and SaaS providersUntether networking from underlying infrastructure with networks that can be programmed to be fit for purposeNetworks driven by the identities, contexts, & needs of each app and set of IAM policiesNetworks are on-demand and elasticNETFOUNDRY & ALLIANCE TECHNOLOGY GROUPAlliance Technology Group offers purpose-built solutions targeted at some of the most demanding IT challenges. Alliance has developed solutions for big data, cyber security, physical security, public safety, and cloud markets. NetFoundry and Alliance came together to develop secure, agile, and resilient turnkey solutions for financial services companies focused on disaster recovery and cloud connectivity.This case study focuses on a state-chartered bank with a corporate office, two data centers, and 22 branch locations. They have been in business for over 100 years, and pride themselves on having local decision making authority and using advanced technology to be responsive and knowledgeable, while offering reliable service to their clients. They have grown to over $700 million in assets and have 150+ employees.THE CHALLENGESThe client needed to revisit their approach to disaster recovery to ensure efficient data backups and rapid restoration of business services following a disaster. With increasing scrutiny from regulatory agencies and constant, evolving cyber threats, security was paramount.In addition, the contract for the bank’s MPLS network was coming up for renewal, and the acting CFO decided to look at other cost saving options before resigning multiyear contracts with the incumbent telco.Finally, the bank wanted to become more agile in the process of opening new branches. In the past, opening new branch locations was cumbersome, limited by the time required, and the ability to procure private data circuits from local telecom companies. Due to their operating territory, many potential branch location sites existed in remote places, far from MPLS availability. These remote locations frequently required new circuits to be installed at great expense and with long lead times. This lack of affordable connectivity limited the ability of the bank to grow and service new clients in a cost effective manner.THE SOLUTIONWith the help of Alliance Technology Group and NetFoundry, the bank was able to find a solution which addressed each of their major pain points.Cost ReductionThe NetFoundry platform utilizes a redundant network mesh and eliminates the old complicated hub and spoke design, enabling each branch to communicate directly with any other branch, cloud provider, or data center located on the network. This new design results in increased network resiliency and improved performance. The bank was also able to eliminate their expensive MPLS circuits entirely, replacing them with less expensive and more ubiquitous Internet connections. NetFoundry’s software defined perimeter (SDP) architecture and overlay topology ensures more robust security than traditional MPLS connections, even over the Internet.Agile GrowthThe bank can leverage the security and resiliency of the provider-agnostic NetFoundry platform to quickly open a branch anywhere with Internet access. In fact, they can even use the NetFoundry platform to securely connect over LTE or cellular networks, enabling the flexibility to operate in very remote or temporary locations.Disaster RecoveryAlliance Technology Group used NetFoundry’s platform to securely connect the bank’s data center to the Alliance Technology backup and recovery service. In the event of a disaster, recovery and restoration could be executed very quickly. NetFoundry’s platform ensures secure, resilient networking from anywhere to anywhere, whileenabling seamless IP portability from site to site without the complexity typically associated with network changes to DNS, routing tables, IP address schemes, and other cumbersome security and network related requirements. NetFoundry AppWANs are fortified by a software defined perimeter with a military-grade, layered securityarchitecture which isolates and protects data flows, resulting in a private, dark network, microsegmented by application.THE RESULTSThanks to Alliance Technology Group and NetFoundry, a complex MPLS network has been greatly simplified using the NetFoundry platform to connect all 22 branches and two data centers. The resulting transformation has resulted in a more reliable corporate network with the ability to completely provision a new branch office within two weeks. To top it off, the solution outlined in this case study saves the bank over $500,000 per year.Annual Cost Savings: $500,000Time-To-Open: From 2 Months to 2 WeeksDisaster Recovery: From 3 days to less than 5 minutesROI: 4 months