Netskope Expands Secure Access Service Edge with Mirantis OpenStack Private Cloud
Take-Aways
Automation is the key to speed. By combining their own infrastructure automation tool with OpenStack deployment tooling from Mirantis, Netskope has reduced the time required to stand up new production IaaS host clusters from months to five days.
Key partners go the extra mile. Mirantis was able to swiftly solve network issues, validate Linux kernel versions, and provide selective support for AMD processor types required by Netskope’s aggressive rollout plan for OpenStack.
Company
Secure Access Service Edge provider
Founded 2012
Santa Clara, California HQ
1,000+ employees
These days, enterprise services can, and do, live anywhere you can imagine. Some are hosted by SaaS providers. Others are managed by IT staff across a mix of physical data centers, cloud regions, co-location facilities, and edge servers. Meanwhile, workforces accessing the service edge do so increasingly from home and on the go — enabled by a mix of company-owned and personal devices.
How do you secure the modern enterprise service edge? Netskope, founded in 2012, helped pioneer a new assemblage of technologies, aimed at providing strong and consistent security and access control adaptable to all the different modes, places, and patterns a diverse service edge requires. Now they dominate the category, dubbed ‘SASE’ (Secure Access Service Edge) in 2019 by Gartner.
Netskope Security Cloud
Netskope’s solution stack brokers access and makes secure connections for users based on their identity, circumstances, devices, and the applications they’re permitted to access, plus behavioral history and other data. It provides the services of a modernized Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), Zero Trust Network Access (ZTNA) along with a host of additional services for data-loss prevention, API utilization analytics, and other kinds of threat and risk management.
The solution is cloud native, and Netskope supports various hybrid configurations. Netskope has always advocated that the future of SASE entails moving the service perimeter into the cloud — replacing the legacy paradigm of protecting data centers with firewalls and building private networks to carry business traffic. To host their Netskope Security Cloud platform, they’ve built out a global network of data centers and have interconnected these with a secure, global, high-speed multi-service network, known as Netskope NewEdge.
Finding a Cost-Efficient, Private Cloud
As Netskope evolved NewEdge, they needed cost-efficient, flexible IaaS such that Netskope NewEdge clusters could be deployed and lifecycle-managed remotely — that’s where Mirantis came in. Netskope chose Mirantis for a variety of reasons, including the historic stability of the Mirantis OpenStack distribution, and for Mirantis’ long standing opposition to vendor lock-in. This enabled Netskope to deploy, test and validate using their preferred, FIPS-compliant distribution of the Ubuntu Linux Operating System and to configure the infrastructure elements of CPU, network and storage as cost-effective hyperconverged systems. But the most important reason for their selection was Mirantis’ relentless focus on automated deployment and platform lifecycle management using cloud native continuous integration/ continuous development (CI/CD) tools.
“Before partnering with Mirantis, our rate of standing up and stabilizing regional availability zones at scale would not meet our velocity targets,” said Joe DePalo, Senior VP of Platform Engineering at Netskope. “We knew that we would require greater efficiency to achieve our goals globally.”
Their journey began with exposing the Netskope Platform and Development teams to the OpenStack framework and application programming interfaces. This led to a 40-node pilot. Mirantis and Netskope engineers worked collaboratively to adapt the Mirantis OpenStack platform to satisfy all of Netskope’s unique requirements. This included the ability to quickly deploy, scale, and update the OpenStack control plane and compute resources, and to integrate the CI/CD driven operations with their own extensive automation for provisioning, managing, and scaling instances of the Netskope Security Cloud platform.
Multiple key collaborations followed. For example, Netskope and Mirantis engineers began a successful proof of concept (POC) that achieved a 100% increase in storage performance, crucial for effectively running the databases used to persist the data that drives Netskope’s Security Cloud platform. By replacing Ceph software-defined storage with Nova encrypted LVM storage and controlling it with the OpenStack Cinder driver, Mirantis engineers were able to yield the much higher IOPS levels needed to support the required database activities. The performance levels obtained were comparable to that of Direct-Attached Storage (DAS).
Transitioning to Fully-Managed, Containerized OpenStack
After great success with its first cloud from Mirantis, Netskope quickly expanded its OpenStack deployment to multiple clouds, spread across several data centers. Recognizing Mirantis’ technical leadership in OpenStack and the benefits of working with Mirantis’ world-class customer support team, Netskope also began transitioning from LabCare 8×5 support subscriptions to OpsCare Plus fully-managed services, which features up to 99.99% availability SLA.
“The team at Mirantis rocks. It’s your willingness to work through the challenges that keeps us coming back for more,” commented John Sengenberger, Sr. Platform Architect at Netskope.
The company began implementing Mirantis’ latest IaaS platform, known as Mirantis OpenStack for Kubernetes, which dramatically simplifies OpenStack operations by bringing the resilience, upgradability and configurability of Kubernetes. Its modernized design enables Netskope to both reduce the size of the control plane for targeted edge clouds and greatly speed up deployments and upgrades, as it expands Netskope NewEdge on a global scale.
Currently, Netskope NewEdge has hundreds of nodes in production, spread across several OpenStack private clouds, and will scale out with thousands more nodes distributed among dozens of clouds in the coming years, all managed by Mirantis.
Expanding to Global Scale
Netskope NewEdge is the world’s largest, highest-performing security private cloud. Deploying OpenStack solutions from Mirantis has been key to its rapid growth, enabling Netskope to reduce the time to deploy a new IaaS cluster from months to just five days.
Netskope also continues to engage with the Mirantis professional services team for DevOps engineering as well as to help the company prepare their infrastructure for internal and external compliance audits. This includes compliance with FedRAMP, a government-wide program that promotes the adoption of secure cloud services across the federal government.
Challenge
Affordably deliver endpoint- and location-agnostic, multi-mode edge security and zero trust access control for SaaS, cloud-hosted, and on-premises services.
Provide a simple, uniform experience for end-users.
Solutions
Use Mirantis technology to rapidly deploy, scale, and lifecycle-manage OpenStack in regional POPs, enabling hosting and LCM of Secure Access Service Edge workloads.
Adapt existing cloud-centric automation to efficiently provision and configure these workloads for customers.
Results
Faster time-to-value: 3600% reduction in time required to provision new POPs
Simplified IaaS lifecycle management with Mirantis OpenStack for Kubernetes
Features delivered to customers faster
“The team at Mirantis rocks. It’s your willingness to work through the challenges that keeps us coming back for more.”
— John Sengenberger
Sr. Platform Architect, Netskope
Additional Case
Studies
