Caption: Amir Khan - SD-WAN pioneer, and now leading a new revolution in cloud networking
Founder & CEO Alkira - formerly founder & CEO, Viptela, acquired by Cisco in 2017

Thought Leader Perspectives
~ The New Era of Cloud Networking ~
NetReporter interviews
Amir Khan

Unlocking the power of the cloud: Alkira promises to lead a new revolution in manageability, flexibility and speed of deployment in the new era of cloud networking

Alkira is a recent start-up in the networking business with an impressive pedigree. Its founders Amir and Atif Khan set up Viptela in 2012, the company which pioneered the software-defined wide area network, SD-WAN. The Khan brothers, engineers with numerous patents to their credit, sold Viptela to Cisco in 2017 for $610m.

The global SD WAN market is now valued at more than $5bn and could hit $30bn by the end of the decade. The Khans, meanwhile, have moved on to their next challenge. Alkira’s mission is to enable their Network Cloud platform, to overcome the problems of building networks in the cloud that are secure, easy to manage and quick to deploy.

Alkira started life in 2019 with backing from some of the biggest names in the business including Sequoia Capital, Kleiner Perkins, GV (the venture capital arm of Google) and Koch Disruptive Technologies, the VC arm of Koch Industries, which is an early and enthusiastic champion of the Alkira platform.

Altogether, Alkira now has $76million of funding under its belt. And it has big plans.

To tell us about them, NetReporter talked to co-founder and CEO of Alkira, Amir Khan.

(NetReporter) As we’ve just heard, Alkira is a recent start-up. Can you tell us a bit more about the company and where you’ve come from?

(Amir) We started in the middle of 2018 after finishing up with Viptela. I was looking for the next big problem to solve in the industry. Everybody was starting to see the cloud being adopted, and if you look deeper there are really two fundamental aspects that we leveraged to build this company. One is the raw capacity of compute, storage, databases and bandwidth in the cloud. You can build very strong solutions – building the almost infinite capabilities available in the cloud.

The second piece is that as we started talking to customers they were struggling to build multiple cloud environments for different reasons. From the network perspective every cloud is different, all the underlying constructs are different, so they needed a common infrastructure to be able to adopt multiple clouds. That was the premise behind our formation of this company.

Then we went to the venture capital firms and within a couple of weeks we got funded to bring a very strong and transformative solution to the market.

(NetReporter) It’s been decades since we first started talking about the cloud. Why is it that businesses of all sizes are still struggling even now to get to grips with it?

(Amir) The reason is that in general enterprises did not have much familiarity with the broadscale deployment of the cloud. It’s one thing to have shadow IT go and deploy a few instances which are isolated from the rest of the environment, but as you start to move more of your workloads and resources into the cloud it starts to become very complicated very quickly. You have to make sure that everything communicates with everything else only when you need it to. The network may have to be sub-segmented and controlled in such a way that instances and resources are isolated from each other except in specific situations.

The second major piece is obviously security. As you move into cloud environments, you can bring them up in many different ways if you’re doing it on your own. Before you know it, as you start to manually stitch things together, it becomes a nightmare to support the complicated environment.

And the third major piece is obviously how you manage and monitor this environment. You have to use so many different tools, sometimes different tools for different clouds. If you have a hybrid environment it becomes an even bigger issue to support all the day-two operations – it just becomes very challenging for the customers.

(NetReporter) As you said earlier, compute power really isn’t the problem. We have an infinite supply of that. But as the complexity grows and you connect together more devices and systems in the cloud then connectivity becomes the real issue

(Amir) As the IT departments embarked on the journey of adopting clouds, the first thing that they did was start to build a physical infrastructure, put hardware in their co-location facility and peer with the cloud providers as individual enterprises. That brought them to the edge of the cloud, but they quickly realised that you have to go deeper into the cloud to fully utilise its capabilities, so they started to adopt as a second phase the cloud in a do-it-yourself environment. That meant they manually spun up resources and instances for security or for manageability and even simple things like routing to provide basic connectivity. Before they knew it, manually integrating all of this, even though it’s a virtual environment, became a nightmare.

NetReporter) We like to think of the cloud as a single, amorphous mass of power, but as you’ve already said there is not one cloud but many and that creates yet another layer of complexity.

(Amir) Yes, and as you go into multiple clouds it becomes exponentially complicated. When the Internet started there were no standards and there were many different protocol suites, not just the Internet protocol suite. Over time we’ve standardised on things and IETF [Internet Engineering Task Force] was a key player in standardisation of protocols so every vendor’s equipment started talking to each other.

Now we live in the virtual world where cloud providers are starting to offer services to the industry but there’s no standardisation in the cloud world. Every cloud provider does things in their own way, based on whose equipment they are using, how they have tied that equipment together, and how they have created a virtual layer. So as an example, if you look at the data centres, how you bought the servers and connected them together to form the network was a big challenge and data centres grew in complexity.

We move all of these constructs into multiple cloud environments because each one of these cloud environments may give you certain capabilities, but because customers also want a choice of providers. The complexity I’ve described is limiting that choice and causing customers to stay away from multi-cloud. That’s good for cloud providers because they lock customers into their own environment.

So a company like ours comes in and provides a common infrastructure across all these cloud providers so that they can start to utilise the best-of-breed capabilities of not only the cloud providers but also services like firewalls which customers may have been used to, such as Palo Alto Networks. We have created a marketplace of services, not only connectivity end to end but how you integrate the higher-level services like firewalls, address management, load balancers, etc. It’s full end to end connectivity with integrated services, visibility and governance built into the solution.

(NetReporter) Amir, you and your brother Atif were pioneers of the software-defined wide area network (SD-WAN), which was hailed as revolutionary in its day. Why do we need another revolution now?

(Amir) SD-WAN was done very specifically to solve the branch interconnection problem with the data centres and connecting them to the cloud, not inside the cloud. You could try to manually stitch things together to be able to extend those capabilities deeper into the cloud but that does not necessarily help much.

The second piece, as I described earlier, is why rely on building hardware when you have enormous capability in the cloud? Businesses like Netflix and Zoom have grown significantly over many years in the cloud without building their own infrastructure. So why are we still deploying big hardware solutions where it takes months or years to build out our network infrastructure? We have enormous capability in the cloud, why can’t we build the networks in a new way?

And that’s what Alkira is about, it’s about transforming the industry. We have built our own infrastructure which resides in multiple public clouds and we are leveraging the raw capability of these clouds to bring not only multiple clouds together but the traditional interconnection of branches and data centres and integration of services.  You can transform your infrastructure completely into the cloud, but that is not possible unless you have capabilities that are automated and provided “as-a-service”. This allows you to scale very simply in an elastic manner, with high availability built in to allow you to move your data centres with confidence into the cloud environment.

(NetReporter) We are in an industry that coins new terminology like it’s going out of fashion. The term of choice for Alkira is the “Network Cloud”. Can you define that for us?

(Amir) It’s very important to differentiate new concepts when you bring them into the industry, and categorise them so that the customers have an easier time understanding what the offering is about. To us, a “Network Cloud” provides a full end-to-end connectivity infrastructure-as-a-service, and brings together higher layer services in a seamless manner fully integrated into this environment. Alkira manages the lifecycle of those services like firewalls so that the customer does not have to think “If I bring in a firewall, how do I integrate it in this complicated environment?” It should be simple, intent-based policy that allows you to steer the traffic through a firewall. If you are under attack, on demand you should be able to bring up more resources in an elastic manner so that you can contain that cybersecurity attack in your environment.

And why am I not able to see what applications are running in all environments, not only in multiple clouds but from my on-premise [systems]? What am I consuming as far as SaaS [software as a service] is concerned and what traffic is coming in from my data centre?

I need to understand that so that I can make business decisions quickly. I’ll give you a simple example in the case of retail: people want to do a segmentation and put point of sales solutions into completely isolated [network] segments, so they are more isolated from the rest of your enterprise IT. It’s almost impossible for the average enterprise to go and figure that out in the cloud today. It would take months or longer to work out what needs to be done to provide that level of security or segmentation because the way you run protocols in the cloud is very different.

We have simplified it to the extent that you can literally point and click to configure this solution in minutes. You click and provision and it automatically comes up. Then you have complete control over what kind of traffic and how you want to steer it through these firewalls and services. It’s as if today we’re in the roads and railroads industry and now we’re building an airplane industry. It’s very different.

(NetReporter) Cloud networking is quite a broad term that means different things to different people. You’ve already explained why you’ve settled on a different term. In a few sentences, could you summarise the essential distinctive features of Network Cloud? 

(Amir) Yes, when we say Network Cloud it’s obviously part of the broader trend to cloud networking, but we would identify five distinct traits.

First, it is an on-demand service, as distinct from an on-premises capability built out of the enterprise data center.

Second, it provides end-to-end network connectivity. A mid-mile only service is not what we mean by Network Cloud.

The third is that it offers fully integrated network and services such as firewall, with an easy way to provision new third-party services – we do this through a ‘marketplace’ portal.

Fourth, it provides end-to-end governance and visibility. We don’t know of another service that does this.

Finally, in our definition a Network Cloud isn’t restricted to a single cloud provider but enables connectivity to multiple clouds. 

(NetReporter) Can we talk for a minute about Koch Industries, an Alkira customer with a very complex global network, which illustrates some of the issues you have already described?

(Amir) It’s a very interesting network. As you know, Koch Industries comprises of many different completely independent businesses, and they have a centralised entity called Koch global services which offers IT services to the majority of these internal businesses. They have presences in over 70 countries with 700 locations and huge compute, storage and networking infrastructure.

They embarked on this cloud journey very early. They’ve gone through the two phases I’ve described. The first one was building the physical infrastructure in co-location facilities across many different locations and that merely brought them to the edge of the network. They didn’t have much visibility into what was going on inside the clouds or any level of control, so they were flying blind at that point. And then they decided to build their own infrastructure inside the cloud, where it took them another six months just to do it in a single cloud.

So they came to us very early when they heard that we were building Alkira. They had worked with us at Viptela and had deployed the Viptela solution across all their branches across the world, so they had confidence in the team. We started discussing our solution and found it was a hundred per cent aligned with what they wanted to do in the future.

They were thinking of doing an [integration] service in their own internal environment and obviously it’s a huge undertaking. I’m very proud to say that at the beginning of this year we were able to provide a solution that continues to evolve and expand in their environment to the point that within the next year or so they want to have pretty much all of their infrastructure running end to end on the Alkira solution. That is huge from a start-up perspective.

They went from 18 to 24 months for the physical infrastructure deployment, to six months for do-it-yourself, and with us they did it in hours. Configured in minutes, provisioned in less than an hour and the whole environment was tested and up and running within a few hours.

(NetReporter)Can you summarise why your Network Cloud platform is such a disruptive technology?

(Amir) The level of simplicity and elasticity and availability that the customer is looking for, that requires not only physical resources but also time. This process is traditionally very time consuming. It’s the difference between building the house yourself or contracting it out to somebody else.

Here we have built a solution that is fairly automated so that the customers can do business at the speed of business, not be hindered by the speed of the networking team or the IT team, which will only slow them down.

As an example, in the case of retail stores, their business requirements for bandwidth and security are enormous during the holiday season, but that capacity is not required during the regular seasons, so why should you have to provision for peak consumption when you can have a solution which scales based on your [peak] requirement and scales down when you don’t need it? Furthermore, you only pay for what you consume.

That’s where a transformative solution like Alkira means that you don’t have to worry about any of that deployment yourself. It’s an automated service which is available to you at your fingertips. You can just come into our portal and start provisioning a global infrastructure in minutes.

(NetReporter) When we think of cloud, and multi-cloud particularly, we think of large enterprises. What about the smaller businesses, how is this relevant to them?

(Amir) That’s a fundamentally important point. Why should we build a solution which is restricted to the large enterprises? As a matter of fact, in our previous lives [at Viptela] we did that and that’s why at Alkira from the beginning we focused on multi-tenancy so you can have smaller businesses start to utilise this very quickly as well. The solution was built to scale to the large enterprises, but it’s flexible enough to be adopted by many thousands of smaller and medium enterprises. We are working with our partner ecosystem to reach a broader set of customers, especially the mid-sized customers.

(NetReporter) You recently introduced CBaaS, a Cloud Backbone-as-a-service, which you described as an industry first. Why is this a particularly significant product?

(Amir) It’s fundamentally important to understand that over time the wide area networking industry has evolved from initially leased lines to sub-segmentation of those leased lines because, again, it was a physical infrastructure and we tried to virtualise it.

We brought in technologies like frame relay and ATM in the early days, so you could create a number of virtual connections over a single physical connection and as service providers we built the infrastructure to provide that at large scale to the customers. Then we realised that the connectivity environment from the routing perspective was becoming very complicated, so Cisco worked with many service providers to offer something called MPLS for private connectivity at large scale to interconnect branches and data centres. Again, this was the evolution of the virtualised technology to interconnect branches and data centres.

Then came the cloud, so we tried to extend the same technology to the edge of the cloud and it did a great job at high-speed connecting to the cloud, but we need to be able to extend inside the cloud. Then the late evolution was SD-WAN because Internet traffic was growing in capacity, it was very inexpensive but there was almost no SLA [service level agreement] available over the Internet. Companies tried to provide some level of SLA but customers particularly over international connections were still experiencing significant performance issues with the Internet.

So there is either MPLS which is extremely high cost and low latency with strong SLAs or the Internet with low-cost, high performance, but very “lossy” and there’s nothing in the middle.

Now cloud providers have been spending enormous amounts of money on their own infrastructure and their own network, so why can’t we leverage that to provide services to the end customer which can be lower cost than MPLS, especially significantly lower for international connectivity, and much more flexibility on demand, which MPLS does not offer?

It also scales across any region on the globe. Because our solution resides in multiple clouds, our service is available as a global service across all major regions where the cloud providers have presence. This is a new way of doing wide area networking, it allows you to expand beyond the physical branch/data centre connectivity to go inside the cloud to interconnect all your resources, which could be either virtualised like VMs [virtual machines] or containers and serverless or storage end-nodes.

To us it doesn’t matter where your end nodes are residing, we have a solution that interconnects all these environments seamlessly with one way of doing things end to end. And we bring security seamlessly to all those environments so that you can secure everything in one common way.

Interview conducted by Julian Patterson, podcast host and writer at NetReporter

Call for Papers

  • About You

  • About Your Paper Submission