Defy the Rules: Get 3 out of 3!

The other day, while re-reading “Michelangelo and the Pope’s Ceiling” (written by Ross King and published by Penguin Books), it struck me that Michelangelo changed his approach from being a strictly Do-it-yourself proponent early in the project (the entire Sistine Chapel project took 9 years) to more effectively outsourcing key expertise in order to finish the work (belatedly for a number of reasons), be successful… oh and also get paid. 😊 Just to name an example, early on Michelangelo would go as far as procure the basic chemicals to mix his very own colors (he was famous for the shade of blue he mixed), but that was something he absolutely gave up on over time. To cut a long story short: Michelangelo learned that his early top-to-bottom, do-it-yourself approach cost him, time, money… and nearly his eyesight (trust me, Ross King tells the story much better than me). And he learned, changed his approach, focused on what was essential to his success – and the end result still stuns us over 500 years later.

When planning any enterprise-class network infrastructure project – just like Michelangelo-, network managers face the constraints of the traditional project management triangle: “Good, fast, cheap: Choose two”. Meaning that network managers cannot expect to build a network that delivers on all the features required in the digital era and expect to roll it out quickly as well as within budget constraints – that is simply not possible with a do-it-yourself model. As we will see, there *is* a way to deliver on a feature-rich enterprise network with global reach, and to do so quickly and within budget, which we will discuss later. As network managers set out to transform their networks in the cloud era, they face three basic constraints:

  1. The quality of the desired enterprise network is constrained by the project’s budget, deadlines and required features. These are the three constraints we mentioned above.
  2. The network manager can make adjustments between constraints, but we also know that stakeholders are unlikely to be satisfied with a network that does not deliver on business agility, security and cloud readiness. The demands on a modern enterprise network are extremely high, stakeholders in application delivery, infrastructure or involved in regulatory compliance will not compromise on their needs.
  3. Changes in one constraint require changes in others to compensate – or quality will suffer. Since we know the feature scope needs to be extensive in the era of SD-WAN and SASE, this means for most projects this will result in a higher than anticipated budget and/or a delayed project timeline. Which in fact we hear a lot in our market.

What does this mean for an enterprise network deployment, especially now that many network managers are looking into transforming their wide-area network architectures and look at concepts like SD-WAN and SASE (Secure Access Service Edge)? Furthermore, let’s not forget that network managers have a lot of choice these days when it comes to vendors as well as implementation and operational models.

SASE architecture overview

The traditional choice represents the venerable do-it-yourself (DIY) tradition in networking: pick one or more box vendor solutions, roll up your sleeves and configure the entire network as well as security stack yourself. This is where the project management triangle will constrain you in a world of implementation and operational complexity. Which undoubtedly, in the world of SASE, is the case: look at the SASE overview image above, all the puzzle pieces involved and it’s easy to establish that, if you truly procure the entire functional stack, it’s unlikely you’ll have the time or expertise to configure and operate each and every function optimally to maximize the value of every single function: you’ll have to make adjustments to finish your project in time, within budget (the box vendors will invariably offer advanced services to help you and save the day, but they will add a lot of cost to the project). On top of that, no single vendor right now truly provides all the functions required in the SASE stack, certainly not as a truly integrated solution nor as a best of breed solution in every possible area. So that’s the basic challenge of the DIY approach in an increasingly complex world of converged, advanced network and security functions: the 2-out-of-3 project management constraint may well mean that:

  1. Your project will run significantly over budget.
  2. Your project will not be delivered on-time.
  3. Your project will not meet key stakeholders’ expectations due to lack of required functionality – either because the vendors of choice cannot possibly be leaders in all solution areas or because there wasn’t enough time to build the expertise required to optimally configure a particular function.

To sum it up: DIY solutions will always, inevitably be constrained in either cost, functionality, or timely delivery by the fundamentals of the 2-out-of-3 rule.

As we hinted at before, though, there is a different way. In IT technology, it was pioneered in the computing and application world as basic infrastructure demands (upgrading and maintaining server hardware and the basic OS, solution elements that add no business value by themselves) started to get in the way of application innovation and delivery. The solution? Abstract the underlying infrastructure and focus on the business value of software innovation by delivering on new business outcomes. You guessed it; it’s called the as-a-Service consumption model.

And that brings us to the second choice for network managers as they roll out a next generation network and security infrastructure like SASE. Instead of trying to do everything themselves, with an as-a-service approach network architects now can focus on architecting the solution, but leave the nitty-gritty details day-to-day operations to domain experts. Only the enterprise network architect can act as the expert on establishing the exact requirements for optimal network performance, global coverage or the architectural or regulatory requirements for a custom-tailored SASE solution.

A mature as-a-service solution will always include choice when it comes to critical functional stacks. Think about AWS’ marketplace, which offers a multitude of solutions with distinct strengths that address particular use cases and customer needs. On top of that, think of domain experts that optimally configure and manage every carefully chosen part of the complex solution puzzle for you via an overall orchestration umbrella that ensures every component of the custom-tailored solution is always performing at its best.

That is the Aryaka Cloud-First WAN solution: it allows network architects to design the optimal combination of network connectivity and advanced optimization their global or regional network infrastructure requires. As to the SASE security stack in the desired solution: network architects can pick between branch- or cloud-based security stack from best-of-breed security vendors, optimally suited to their very own enterprise architecture or regulatory needs. And the entire solution, top-to-bottom and left-to-right is optimally configured and maintained by experts with deep domain expertise. With complete, real-time visibility – no more opaque, partial visibility into virtual overlays or physical underlays, no more siloed troubleshooting to establish the cause for the complex issues that arise in a network and security infrastructure further abstracted by virtualized sub-domains.

Instead of spending most of their day simple keeping the lights on when it comes to their global enterprise network infrastructure (which inevitably happens with a do-it-yourself approach), network architects can now spend their time planning and innovating ahead to optimally address the demands of the digital age for their businesses: optimal public and private cloud connectivity, superior application performance for both cloud and on-premises applications, a best-in-class security stack as well as a superior user experience for a hybrid workforce.

In closing -and to tie this back to the Michelangelo story-, an as-a-service approach allows network architects to truly deliver on the particular Sistine Chapel implementation their particular enterprise requires, without wasting time mixing colors from scratch or having to paint 200 sqft monochrome backgrounds themselves while perilously exposing themselves unnecessarily at great heights or risking their eyesight. It’s all about focusing on the optimal outcomes and delivering on a masterpiece that completely satisfies all stakeholders’ needs. That is the power of abstraction – delegating the implementation of irrelevant, underlying details to the responsible domain while delivering on overarching success.

About the author

Paul Liesenberg
Paul is a Director in Aryaka’s Product Solutions Team. Paul has over 20 years of experience in product marketing, product management, sales engineering, business development and software engineering in Cisco, LiveAction, Bivio Networks and StrataCom. Paul enjoys scuba diving, motorcycles, open software projects and oil painting.