While not ideal, many organizations in both the private and public sectors take a similar path in their digital transformation journey – first cloud and then connectivity. Last June the federal government adopted a new Cloud Smart policy to provide practical implementation guidance to help accelerate agency cloud adoption.[i] Unsurprisingly, just three months later, an update to the Trusted Internet Connections (TIC) policy was made to provide federal agencies with increased flexibility to connect to cloud services using the latest security methods. The first TIC policy, issued in 2007, was framed around traditional network security principles that aim to secure the perimeter – it focused on reducing the number of internet connections agencies have and placing more security between federal networks and the public internet.[ii] That approach does not work well in landscape where legacy wide area networks (WANs) are quickly giving way to software-defined networking (SDN) fueled by partner integration. Today SDN-enabled integration with network service providers (NSPs) makes it easy to create dynamic network to network interconnection (DNNI).
More recently, the government released an updated temporary TIC directive to address the surge in the number of federal employees who need to work from home as a result of COVID-19.[iii] Aiming to relieve increasing latency issues with a growing remote workforce, the new directive is intended to grant more flexibility in how agencies connect employees to government networks and cloud services without compromising security. Previously only service providers who had gone through the GSA Networx contract validation process, or the agencies themselves, were approved to provide TIC-compliant services. Now other vendors can provide Managed Trusted Internet Protocol Services (MTIPS) if they can meet certain criteria in the directive such as routing internet traffic through the National Cybersecurity Protection System (NCPS) EINSTEIN. This opens the door for agencies to work with nontraditional service providers, even those not yet FedRAMP authorized, so long as they can meet the criteria.[iv] And because performance is key, tactical edge infrastructure and SDN have become a critical component of the underlying architecture for delivering this service capability.
Download the "Distributed Security Solution Brief"
Learn how to control network access and segmentation with distributed security.
Virtualization and cloud make digital transformation easy
Traditional IT infrastructures were based on CAPEX models where specialized hardware was purchased and deployed to meet specific requirements. These infrastructures may also have been custom built making it difficult and costly to adapt to new requirements. Virtualization made things a lot simpler by reducing the physical equipment needed to run IT infrastructures. Rather than building functions from the ground up with custom hardware, organizations could now purchase these as flexible cloud services on demand, making it easier than ever before to transform at speed on an OPEX basis.
Agile connectivity is key
While virtualization and cloud helped to usher in greater agility, it’s incomplete without network connectivity being just as easy and fast. A federal agency may need to securely connect to multiple clouds, its own branches in other regions or other agencies to collaborate and serve different mission needs. Prior options for establishing connectivity between any of these entities may have been limited in the past, as well as time and budget consuming. But the recent updates to the TIC policy noted above are opening the door for more flexible approaches such as SDN and network functions virtualization (NFV). The benefits of NFV are similar to the virtualization of other IT functions — reduced CAPEX, greater agility for scaling up or down as needed and faster time to deploy new applications or services. In addition, the ability to tap into multiple clouds, applications, partners and ecosystems on demand provides the kind of agility and scalability that government agencies need to connect to any of these entities on-demand as the need arises.
Reach and partners matter for a flexible tactical edge
Regardless of what mission an agency needs to accomplish, achieving the maximum benefits of cloud and SDN depend on the ability to tap into dense ecosystems of providers and partners over the greatest geographical reach. For example, an agency may need to use more than one cloud partner in multiple locations for a particular mission. Or there may be a recurring requirement to share large quantities of data with one or more mission partners.
Recent updates to the Federal TIC policy are opening the door for more flexible network approaches such as SDN and NFV.
In support of these growing number of use cases that need a connection between a network edge and a partner community or cloud, Network Edge services on Platform Equinix® enable federal IT organizations to establish virtual connections to networks and cloud. It makes it easy to securely deploy and interconnect virtual network services such as routers, firewalls, private network terminators and WAN load-balancers in minutes, without additional space, power, hardware or equipment.
Source: Equinix, Virtualization Slashes Implementation Times and CAPEX Requirements. Check the Network Edge page for the current virtual network function partner list.
ECX Fabric provides access to rich digital ecosystems located at Equinix of more than 9,700 companies, including over 2,900 cloud and IT providers and 1,800 network providers across the globe.
Network Edge also includes built-in integration to Equinix Cloud Exchange Fabric™ (ECX Fabric™). ECX Fabric is a software-defined interconnection solution that connects private IT infrastructure to multiple cloud platforms within minutes over high-speed, low-latency virtualized connections. It also provides access to rich digital ecosystems located at Equinix of more than 9,700 companies, including over 2,900 cloud and IT providers and 1,800 network providers across the globe. Networx authorized TIC-compliant providers such as AT&T, CenturyLink and Verizon are also part of the Equinix ecosystem.
It’s also important to note that many of the service providers on Platform Equinix have placed direct on-ramps in geographically strategic regions, making it easy for Equinix customers to access the edge of hundreds of cloud and network service providers from a single network transport service. As an example, Verizon, a Networx authorized provider, recently launched Software-Defined Interconnect (SDI), a solution that works with ECX Fabric. This service eliminates the need for dedicated access circuits, enabling a federal agency to establish a direct, private IP network connection between Verizon’s MPLS network and ECX Fabric on-demand in minutes via a self-serve customer portal.
This diversity of options for provider partners and geographic reach is a major advantage for agencies who have connectivity needs outside the traditional federal networks.
With recent updates to Federal networking policies, nontraditional service providers, even those not yet FedRAMP authorized, can now provide network services.