While innovative GenAI applications seem to be sprouting up everywhere these days, the work of layering GenAI services into bread-and-butter enterprise apps has not hit critical mass yet. However, the impact that GenAI is having on the consumer market will undeniably spill over into traditional enterprises – we’ve all seen the signs, and we know it’s coming. For example, my twelve-year-old daughter is now fully adept at breaking digital hearts with her favorite set of character-based AI chatbots. Is balancing a checkbook a skill she is going to need? Hardly. That will be done by a GenAI assistant that comes with her online bank account.
Compared to the latest wave of consumer-focused apps, which are undoubtedly born in the cloud, the business-critical apps that power traditional enterprise will face a much steeper climb to bring GenAI into the fold. For these massive hybrid platforms, it’s not quite so simple as pushing all your customer data into an LLM and slapping a webapp and a chatbot on top. All sorts of factors will come into play here – data transformation, data loss prevention, compliance, governance, global delivery, fault tolerance, multi-cloud support, and of course, network and application security.
If you’re involved with enterprise IT, I’m sure you’ve already done the math here. We’ve got a lot of serious and exciting work ahead. The first thing we will become absorbed in is building the landing zone for these new platforms, then trying our best to adhere to established standards and best practices as we go forward. And I’m willing to bet that security will be the make-or-break factor on the initial success of these apps. Under-invest and you risk a serious data breach that will tarnish your shiny new market image. Over-invest and you fall prey to sprawl or complexity, which can cut deeply into profitability.
The good news on the network and security front is that many of the latest GenAI platforms – such as Microsoft Azure’s Open AI and GCP’s Vertex AI – support private endpoints with the VNet or VPC. This means that when a top or middle tier of the app wants to access a PaaS offering, it can do so without having to go over the Internet. Most security types tend to frown upon exposing business-critical apps to public IPs - especially if the Internet is involved and a firewall is not. Even when a firewall is involved, the extra latency and performance hit on the application is sometimes a deal breaker.
For these reasons, private endpoints have become the de facto standard for linking business-critical apps to PaaS and SaaS backend services. There is very little downside to using private endpoints: They are relatively cheap, easy to deploy and maintain, robust, and support hybrid connectivity strategies like VPN, SD-WAN, and so forth. Most importantly, the entire conversation between the app and PaaS service is exclusive and private, a key part of both ZTNA and many data compliance standards. This really helps improve security while keeping cost and complexity down, which is always a win/win.
Just like any solution, however, private endpoints are not perfect. Using private endpoints in hybrid or cross-cloud designs can cause a twist in DNS, where non-local DNS queries must be forwarded into cloud-managed DNS systems to resolve the hostname correctly. In certain cases, private endpoints don’t support advanced network or security features that virtual machines enjoy, and finally, private endpoints can be difficult to incorporate into multi-cloud or large-scale designs. Meaning, it’s always more complicated to backhaul traffic over a private network than it is to just use the Internet, especially if your application is cloud-based. Yet this complexity and cost must be tolerated to leverage private endpoint services across hybrid or multi-cloud networks, right? Let’s quickly review the most common options here.
The usual choices for building hybrid and multicloud networks are VPN, SD-WAN, or leveraging private connections like Direct Connect or ExpressRoute. Each one of these choices has pros and cons, which can cause both IT pros and business owners confusion over which is best. VPN tends to be cheap and easy to configure, but bandwidth can suffer and there are hard limits on overall scale. SD-WAN helps solve scaling issues, but performance can still suffer, and buildout tends to be a slow, manual affair. Private backhauls support lots of bandwidth and capability, but are expensive, prone to IP address overlap, and can add unnecessary latency between regions or clouds. It’s easy to get caught in a “damned if you do, damned if you don’t” situation, and just fall back to using the Internet and hoping for the best.
But there is one more option here that is often overlooked: Multi-Cloud Network Software (MCNS). MCNS has been around for a while but has gained a lot of maturity in the last three years and is starting to take off. MCNS has a lot to offer customers that are looking to augment their existing cloud connectivity solution, replace it all up, or build their first serious private cloud network for the first time.
The most compelling reason to consider MCNS is that it has been purpose built to fill the gaps that these other solutions don’t address. Another way to think about it is that all the solutions above leverage network technology that pre-dates the cloud, in part of whole. MCNS was created specifically for customers that want to build cloud-first networks then connect them to on-prem networks, branch offices, and of course, other clouds, both private and public. Another cool thing about MCNS is that it creates an encrypted overlay across one or more cloud provider networks, turning their dark fiber into your dark fiber. Next, MCSN can seamlessly connect all these networks together using encrypted tunnels over public transport, private transport, or both.
In summary, because MCNS platforms are entirely software-based, they have some distinct advantages over born-in-the-datacenter tech:
- They are very easy to automate, deploy, manage, and scale.
- They are agnostic to the type of cloud network underneath.
- They understand cloud-native constructs through API integration.
- They can embed critical functions like security, visibility, and traffic steering across the entire network but are centrally managed.
- They support industry standard connectivity like IPSec or P2S, and they understand industry standard routing protocols like BGP.
All these factors make MCNS an ideal solution for building GenAI-powered applications for enterprise. Why? Because I guarantee you that this next wave of business-critical applications will have a lot in common:
- They will be deeply hybrid and/or multicloud in nature.
- They will combine legacy or heritage applications with AI/ML PaaS services in cloud.
- They will leverage best practice high-security patterns in cloud, such as private endpoints and ZTNA.
- They will be built at massive scale, across multiple regions and even global theaters.
- They will need low network latencies and large quantities of network bandwidth.
- Security will be the most important factor in their success, given the vast amounts of private data involved.
