SEARCH FINANCIAL SERVICES INFRASTRUCTURE SECURITY SCIENCE INTERVIEWS

 

     

How a Software-Centric Network Keeps Business Customers Connected in a Highly Safe Manner

By Andre Fuetsch, AT&T

April 6, 2020

You don’t design a network for a pandemic. But it turns out that building your network on software and open hardware specifications can help make it ready for just about anything.

Over the last five years, we’ve been on a network transformation journey. AT&T has been virtualizing our network functions – turning them into apps. For the remaining hardware, we’ve been adopting a “white box” approach. In this model, instead of using proprietary devices tightly coupled to proprietary software from just a handful of vendors, we’ve created open specifications and released them publicly so a variety of manufacturers can compete and innovate.

The idea was that this model could help us stay ahead of the growing demand for network data, and it worked.

Now, though, we’re facing much different challenges.

For example, with companies around the world now suddenly sending their office employees home to work remotely, how do you help those workers connect to their corporate networks? Demand for these virtual private networks, or VPNs, is surging.

AT&T offers a Network-based IP Remote Access VPN called SD-WAN Static Network Based (ANIRA). ANIRA uses an industry-standard capability known as IPSec (Internet Protocol Security) to authenticate and encrypt data packets over the broadband network. The service can work with a software client application that runs on the user’s laptop or a hardware device, called AT&T Global Network Client. The white box, or gateway, that works with the service can be placed on the customer’s premises and support multiple users and various broadband access methods (e.g., cellular or wired broadband).

Thanks to the work our network team has done, ANIRA is a cloud-based software platform. And the gateway is a simple plug-and-play white box that doesn’t require a professional installer. Plug it in and it automatically configures itself, much like our new AT&T TV platform.

Simple. Flexible. Efficient.

As a result, when the number of ANIRA customer connections jumped roughly 700% over the last few weeks, our teams were able to respond with appropriate capacity. These were customers in healthcare, financial services, and other vital segments around the world.

And AT&T was able to accommodate that demand surge without missing a beat. Just a few years ago, that would have been impossible. In fact, we’ve been adding more capacity to be ready for future needs.

Of course, it looks seamless on the surface only because of the tremendous work the engineers, developers, and others at AT&T have put into this effort, both over the last several years, and particularly over the last several days and weeks.

It’s been the ultimate proof point for our push into software-centric networking, and I couldn’t be prouder of what our team has done for our customers.

Here’s some technical background from a few of the folks on the team who made this all possible. Their hard work is what makes it all look so easy.

Bill Mueller, director – Remote Access Development, AT&T Labs
“Over the past few years AT&T has made significant investments in the infrastructure that supports the ANIRA service, transforming it from a hardware appliance model to a software-based cloud native architecture. We developed these infrastructure components internally because off-the-shelf products just didn’t have the scale, performance or cloud-native designs we wanted. The VPN Internet Gateway (VIG) software incorporates some industry-leading middleware that has allowed us to achieve dramatic improvements in real time packet throughput. And we’ve made the VIG cloud native – meaning it runs as a tenant in a general-purpose compute environment. We’ve also focused on automating the provisioning of network connectivity between the VIG and the AT&T/IP/MPLS network.”

Alan Klausner, director – Remote Client Development, AT&T Labs
“The AT&T VPN Gateway is our original white box solution where we took white labeled hardware from a contract manufacturer and married it with our internally developed Network Operating System software. This is a proven system with 15+ years of design and tuning, and more than 100,000 active units in operation. We also wanted to make the VPN Gateway simple to use so we developed a concept called Zero Touch Provisioning. The customer unpacks the Gateway which ships with the base configuration installed, plugs it into the network, and it knows how to “call home” to retrieve any customer-specific configurations. And then the customer is up and able to focus on their work.”

Mike Beltzer, assistant vice president – Network Infrastructure Operations
“There were a couple long, hectic days, but we feel really good that our investments in building a software-defined network paid off. The AT&T team was able to respond quickly by spinning up new instances of the VIG on cloud compute resources from a pool of pre-deployed assets. It was another great example of amazing teamwork across several AT&T teams. It can’t be said enough – when an AT&T team is challenged with a hard problem, we rise to the occasion and it just makes us stronger.”

Terms of Use | Copyright © 2002 - 2020 CONSTITUENTWORKS SM  CORPORATION. All rights reserved. | Privacy Statement