Scope: Implement a secure, scalable platform to allow a large Financial Services organisation to connect to and consume cloud services quickly and cost-effectively.
Equipment Used: Cisco 4500-X switches, Palo Alto 3000-series firewalls, multiple 10G WAN circuits
Delivery: Traditionally, the bulk of the connectivity for this client was handled on-prem. One of the requirements was to be able to stand up new connectivity rapidly, so for this deployment, a partnership with a third party provider (Equinix) was identified as being the most suitable.
A pair of 4500-X switches were deployed as a VSS pair into the hosted facilities, with dual aggregated WAN links back to the on-premises infrastructure. A pair of Palo Alto firewalls were provisioned at each site, and a combination of point-to-point fibre links and connectivity via the Equinix-provided cloud exchange fabric was used to build transit paths between various Cloud Service Providers and the client, over which connectivity was established. The use of dual-active BGP sessions between the firewalls and the Cloud Service Providers meant that failover could occur very rapidly, and connectivity between the data centres north of the firewalls meant that there would be no asymmetric routing issues.
Audience: Due to the high-profile nature of this design, buy-in from multiple levels of the business was absolutely key. Presentations were given to both technical and business stakeholders and a multi-discipline virtual team was assembled to ensure a successful delivery.
Challenges: The learning curve for the virtual team was steep, as the majority of people were dealing with entirely new concepts and ways of working. The team relied on input from Cisco and Palo Alto as well as the resellers to ensure that the deployment was supportable and that all of the components were appropriate. As usual, the project incurred some delays initially due to the lead-times associated with circuit delivery, however once these were ironed out, the project as able to absorb the lost time using the planned contingency allocation.
Takeaways: Due to the fact that the bulk of the equipment was being hosted in remote data centres, it was essential that a good relationship was built with the hosting partner. This helped the project run smoothly due to the sense of goodwill on both sides.