EP. 25 Revisited- SD-WAN and Advanced Networking- Josh Haselhorst
Subscribe to the Next Level BizTech podcast, so you don’t miss an episode!
Amazon Music | Apple Podcasts | Listen on Spotify | Watch on YouTube
Transcript is auto-generated.
Welcome to the podcast designed to fuel your success in selling technology solutions. I’m your host, Josh Lupresto, SVP of Sales Engineering at Telarus and this is Next Level BizTech.
Hey everybody, welcome back. I’m your host, Josh Lupresto, SVP of Sales Engineering at Telarus. And this is the Next Level BizTech podcast. This week, we’re talking about advanced networking, we’re talking about SD-WAN and everything in between. And we have the pleasure of being joined by the one, the great, the only Josh Hazelhorst, world-renowned SD-WAN networking architect, Mr.
Hazelhorst. Welcome on. What a what an introduction, man. I’m famous.
Thank you, sir. Happy to be here.
Love it. So I want to hear about you first. I want to get everybody, you know, everybody knows you are, you are covering the Southwest, but you’re also really a very strong subject matter expert for SD-WAN networking and security. But let’s get let’s let’s dial it back to just you. How did you start in this technology? Have you always been in this path? Did you do something dramatically different? And then just, you know, this sucked you in one day? Or where did you start?
Yeah, great question. I mean, when I started in tech, I was just a sales rep, I didn’t even I didn’t know anything about tech, I was actually in the boat business for a long time selling offshore race boats, waterlocks and zombies and cigarettes and stuff like that as a young man. And that was fun. But you know, you just didn’t make a lot of money, right? So, you know, I got a job at IBM, this was in the mid 90s, or whatever. And IBM had just launched this thing called ThinkPad University. So they had this program to where university students from like Ohio State, Florida State or whatever, as they enroll, they get a brand new think that as part of their deal, right. So that was my real was my first job in in tech. And I realized real quick, I hated technology. Literally hated I was working for this reseller of this this thing, that thing, and maybe the guys are running around with the chicken suit and the sales wheel and throwing candy. And I’m like, this is this is just too hokey for me, man. I hate that. So I got out of there probably within I don’t know, maybe a year or two and started with a var that was a distributor, a distributor at the time called Avnet and started the inside sales smiling and dialing, you know, George Costanza, want to buy a computer? No, want to buy a computer? No. And so I did that for a while and then just moved up and we got onto the Cisco side of the house. And became Cisco certified in the in the advanced wireless and the call managers and all that other jazz, then Avnet sold their their Cisco practice to another company called Calence. Calence didn’t need all of us from Avnet. They were already one of the biggest, you know, Cisco reseller integrators on the planet. So we all pretty much got whacked that day. And then just started hopping from bars to integrators. But every time I went to a different bar, a different integrator, I would go to a different discipline. So I started in that Cisco world and I went to another bar and started building a storage practice through EMC. So we started building, you know, backup recovery archive solutions and monster, you know, million dollar sims for giant data centers and stuff like that. And then this horrible idea of cloud compute came about. Well, there I go. Right. Nobody’s buying million dollar, you know, stands anymore. They’re just going to do it on an as a service model for a couple of venues and gigs, stuff like that. I actually got out of that. I said, that’s it. I’m done. And in between, I got a whole bunch of Cisco, so a bunch of EMC, so now I know storage compute network, stuff like that. But I’m like, tech, I’m done, man. This after probably 10, maybe 15 years of doing it and open up my own construction company about trucks and trailers.
Marketed myself out to a bunch of real estate agents. That’s when all the foreclosures were going like crazy. Well, how do you sell a foreclosed home? You got to clean out all the garbage, right? And I thought, I’m gonna buy trucks and trailers. I’m gonna hire a bunch of people. We’re just gonna go clean out garbage and make homes available. And it started with doing a couple homes a week and to doing 20, 30, 40 a week throughout the entire state. I had like a crew of 20 throughout the entire state. We were, oh, I don’t know, we were probably netting 300, 400K a year just cleaning out homes, so real estate agents could sell them. And then Bank of America Countrywide, who had my contract with, sold to a company called Safeguard out of Ohio, or sold my contract to a company called Safeguard out of Ohio. And that was it. Lightswitch just turned off. And I thought, oh, my wife is in tech at the time, too. And I thought, I got to get a job. The only thing I know is tech. Well, crud started filling out resumes, got a first first job opportunity I got was for a cloud voice company. No, no, no, not cloud voice, right? Except for on prem Cisco world. And now we’re talking about. So then I started doing that and then got into that started doing my own deployment, got them, you know, getting certified, getting engineering certs, all that other jazz.
And then I realized back then from a data warehousing world, there were technologies inside data storage world like data deduplication,
like software defined, you know, networking inside that data warehousing world from database to database, to code, to code, to code, stuff like that. And then we started doing this cloud voice thing. And I thought, why can’t I do, why aren’t people doing the same thing in this, in this voice thing? Everybody’s complaining, I’m not gonna, I’m never gonna go hosted voice, right? Because reliability and internet and all this, I’m just gonna get PR headlines, SIP trunks. So the whole reason people wouldn’t go to cloud was because of reliability, redundancy, security mechanisms, right? So the thought was, guys, why aren’t, why aren’t we doing this? Why aren’t we partnering up with companies that’ll do things like, you know, application, you know, controls and link aggregation and load balancing and, you know, in a data world, we have load balancers, but that was for storage, server, server, all this. Why can’t we do this for voice? So we started bringing in other companies, like Bello Cloud, for example, to fix voice problems. But the problem was, we wouldn’t talk about building a reliable network, building a way to reroute around internet anomalies, we would sell the voice, here’s your 15 seats, your 20 seats, your 100 seats. And then when you call them at about the hundredth time complaining about how horrible this thing is, once you start to start to start talking about lawyers about contract termination, then we would say, hey, why don’t you plug this box in? And it just magically fixes this voice issue.
And I started hitting myself in the head going, guys, why don’t we do that first? And then when we roll out our application, we never have a problem. So now our customer service that’s taken the I hate you calls every single day goes away because we fixed their network first and then layered on the application, right? So I did that for several years. And then I left the UCaaS market and went to an SD-WAN manufacturer. How does this stuff really work? How can this stuff really get built? How do we start taking these technologies and start bringing in other technologies into the same solutions? So we started looking at things like, how do I implement a firewall into SD-WAN, right? How do I implement advanced threat hunting into SD-WAN? How do I do? How do I collapse environments so an IT admin doesn’t have 13 appliances and 15 pieces of software they have to manage? Isn’t there a way I can just have like one box and one piece of software that can manage my entire organization? And now I don’t have to have 11 product managers to support 19 different countermeasures. So that’s kind of where it started going. And then, you know, I gotta go get certified in every firewall on the planet, right? SD-WAN and the planet, how does everyone from Ariak and a Zen layer do it, right? What are the ins and outs? What can they do? What can’t they do? And more importantly, then are there still holes, right? Are there holes in security or in the holes the way specific applications work around SD-WAN? And if there are holes, is that yet another product or is that now just a product dev that needs to now integrate into their existing SD-WAN platform? And these things that’s turned into now PaaS, in my world, right? Platform as a service that, what do you want? Do you want it to be SASE? Do you want it to be CASB? Do you just want it to be with Consolidate? What do you want?
Let’s talk about that. Let’s talk about what it is now. I love the journey. I love the wild story. This industry always seems to suck everybody back in, whether we like it or not.
Oh, there you find out.
So let’s talk. Let’s set the stage a little bit. I mean, I think for anybody that doesn’t understand this, there’s a lot of layers, right? There’s SD-WAN with security. There’s SD-WAN without security. There’s SD-WAN from my aggregator. There’s SD-WAN by itself. If we know that some of those things are the options, right? And then we, like you said, we start to get into the new stuff, the CASB and SASE and things like that.
We can get to that a little bit at the end of kind of where this is all going. I think it ties into there. Let’s just level set on. What would you say this does? What does this technology, why is it there? What does it do? And why is it better than what somebody might have from a legacy perspective to kind of bring back to some of the points you brought up?
Yeah. Yeah. And when I go around the country and I talked about the partners, integrators, manufacturers, I work with a lot of the product, I’ve seen stuff like that. Very, very common questions, right? What’s the next evolution? What SD-WAN does? First of all, let’s level set this. SD-WAN is not a product. There’s not a box. There’s not a blinky light. It is not a spinning disc. SD-WAN is a risk management, risk tolerance idea. It is a theoretical idea of what applications do I run in my environment that are my crown jewels? What do I make money doing? I have to understand the customer’s use case. How do I make money?
Now, based on how I make money, how do I protect that application?
And how do you need it protected, right? So when we talk about over the top SD-WAN versus SAPI versus CASB versus PAV, it’s really not about, “Oh, do I need a full stack, you know, Fortinet, Kato, Cisco, whatever.” It’s really about that use case of, “Okay, let’s look at operations and logistics and risk management first. What applications do you have, Mr. Customer, that cannot risk a failover, failback event?
Is that desktop as a service? Is it workspace as a service? Is it your containers in AWS, Azure, GCP? Is it, what is it that needs, requires based on risk management, risk tolerance, 100% application uptime, zero failures. Do you have any of those applications in your organization, Mr. Customer? Yes, no. If the answer is no, I literally have nothing. We don’t run on computers. We run on, you know, post-its and sheets and then maybe they’re not a fit for SD-WAN. But again, going back to the SD-WAN in a product, right? SD-WAN is three things. It is management, meaning I can open one GUI interface and I can manage single locations or multiple locations and multiple technologies in the same admin user interface.
Visibility is a second pillar. Can I see analytics of my internet circuits, my top talkers, my top users, my top applications, my latency, my packet loss, my jitter, my cross-talk? Can I see what connected IPs I have? Do I have visibility into my entire organization? So when we talk about SD-WAN,
CAIA, SolarWinds, things like that, would those actually qualify as SD-WAN if they hit one of those pillars? Well, yeah. If I can manage everybody in a single interface, right? Then, yeah, those would qualify. And then the third biggest component is automation.
If something happens, an event happens and Internet One dies and goes over to Internet Two, do I have to manually do anything? Do I have to push a reset button? Do I have to go into a software portal and click anything? Do I have to manually do anything for it to go from Internet One to Internet Two or Internet Two to Internet One or does it do it automatically for me? If it does it automatically for me, guess what? Any one of those pillars or any combination of those pillars of management, visibility, automation qualify as SD-WAN. So then you got manufacturers out there and Gartner out there and I go going, “Oh, I’m Cradlepoint, I’m SD-WAN. I’m MicroTick, I’m SD-WAN. I’m Peplink, I’m SD-WAN.” Well, if you’re failing over and failing back automatically, then, yeah, you qualify. Doesn’t mean you’re going to keep applications in 100% off-time situations because now that’s the risk management, risk tolerance conversation around applications. But there’s a ton of things that qualify as SD-WAN. Some guys say, “Oh, there’s 40 SD-WAN platforms out there.” No, there’s 75.
And it’s because what qualifies as SD-WAN depends on what the customer needs to protect and how they need to protect it.
So it comes back to a business conversation. I’d say that’s the funny thing about this, right? I mean, this podcast is meant to be a little bit of technical exposure to how some of these different vendors and things like that work, but there has been a common thread. It really just comes down to what problem are you trying to solve, to your point, you know, what applications are your crown jewels? Are they resilient? Can you afford them to have downtime and just stop and listen? And I think it’s fascinating. I think people are surprised when we come in from a technical acumen and we’re just asking business questions because that’s really all it comes down to, right?
Yeah. And when I teach partners, right? I wouldn’t say sales 101. I would maybe say sales like 202 is, “Hey, I want to start understanding SD-WAN so I can sell SD-WAN to my customer. How do I sell SD-WAN, Josh?” Don’t. Do not sell SD-WAN. SD-WAN sells itself. SD-WAN is the hook to all these other cloud services that you want to sell. You want to sell cloud migrations from on-prem to AWS, Google, TierPoint, Flite Central, Rackspace. How are you going to do that migration? How are you going to connect to it? How are you going to connect to it securely? Well, now it’s an SD-WAN conversation. How do you need those applications for form of, “Hey, now it’s an SD-WAN conversation, right?” Oh, I need, and I get this all the time. I just had one this morning is, “Hey, I want to get into SD-WAN. I do UCaaS, TCAS, and Internet.” Sweet. You get people calling you up, “Hey, I need a secondary Internet connection.” Cool. Let’s do like everybody else does and sell them whatever’s on net, near net, and just sell them that $136 broadband circuit. Right? We’re done? No. How do you want that circuit to behave?
What applications cannot tolerate failover and failback?
I didn’t sell them SD-WAN. What I sold them is, you’re going to have two Internet connections. Why not use two Internet connections? Why buy another connection that you’re going to use four or five percent of the time? Why not use it all the time and have your critical applications dictate which connection is correct in real time? Why don’t we do that? I didn’t sell SD-WAN. I sold, “How do you want your Internet to behave?”
Which happens to be SD-WAN. But then it gets way, way deeper though, right? If I’m talking to the telecom and the Internet guy at the company,
that is an over-the-top SD-WAN solution bandwidth conditioning tools, right? Stuff like that. “Okay, great. I’m link aggregating. I’m always up.” Sweet. Wonderful. Well, what are your firewalls? Maybe your existing firewalls can already do this. Maybe it can already do this with just an upgrade of an OS. You know, maybe they can’t do it at all and we need it over the top. And more importantly than that, who is managing these firewalls? So now we get into this whole cybersecurity conversation of, “I really want to start selling cybersecurity, but I don’t know how.” Well, I’m not selling cybersecurity. I sold you a secondary Internet circuit, right? I asked you how I wanted to behave, turned into an SD-WAN conversation. What applications are you running? Turned into, “I want to go buy a hosted voice.” Oh, okay. Well, now I can sell them hosted voice. I can sell them the Internet. I can sell them the SD-WAN. Now, what are your firewalls? Who’s managing them? How often do you look at your firewall logs? Are you doing advanced anomaly detection? Are you doing vulnerability scans, pen testing, all this other stuff? Are you ingesting those logs into an analyzer, a SEM, into a security operations? And then it’s, “Oh my God, no, Josh, I don’t have security operations teams. I’m not doing advanced threat hunting. I just bought an off-the-shelf firewall that’s at a typical plant.”
Sweet.
How deep in cybersecurity do you guys want to get? Do you want to start building formalized frameworks? Do you want to start doing defense in depth, everything from endpoint, security awareness training to endpoint protection, all the way into data loss prevention, and really start getting cyber-mature?
Or did you outsource an MSSP that’s already doing that? Because now that starts dictating which SD-WAN platforms. Now that we already determined from the Telco and Internet guy that SD-WAN is a need, well, now it’s a which one, which tech is going to be correct for your organization? Because if I’ve already out-josh, I’ve already outsourced all cybersecurity to whoever,
am I going to go in and talk about the KATOs and the Fortinet and the versus of the world? No, I’m not even talking to that guy. He doesn’t even know what I’m saying. So now I’m just talking to the Telco and Internet guy. So it’s really going to depend on
their risk, I guess platform, and their logistics and operation of who can support what and where are the holes and gaps because a lot of times we can kill a lot of birds with one’s own.
And, you know, I want to make sure too that everything that anybody hears is that this is the value of being a Telarus partner, right? They get to ride side by side with you helping them with their customers in these discovery calls because this technology is complex, but it doesn’t have to be. So, you know, small plug for the Telarus engineering team, right? That’s what we’re here to do. We’re here to help you figure these things out, figure out where your customers are at, figure out where they’re going, figure out what their pitfalls are going to be and talk about pitfalls that we can, I think, hopefully help them avoid. So, you know, I think you laid down some good things about how a partner can be asking these questions and not make it about a specific technology, make it about a business. And you did start to allude to some of the trends, and I want to jump into trends here. I want to go trends and then I want to get into a detailed example. So from a trends perspective,
you know, if I flashback, I remember we started doing this years ago, the idea of putting a box managed as a service is a customer’s environment that they didn’t totally know what it did. No way. Get that box out of here. I ain’t doing that. I manage all my own gear. I got all these pieces and I can adequately staff and I got no problems with that. It’s great. Fast forward to where we’re at now. Massive employment shortage that keeps getting worse and worse,
the great resignation, all this stuff coming off the back of COVID, blah, blah, blah. What are some trends that you’re seeing these days that you didn’t see a couple years ago that any partner should look out for?
Yeah, no, great question. And go back to that COVID specific, right? As we had, you know, office workers, you know, coming into the office in the CUBE farm doing their jobs. I got my on-prem firewalls. I got my security team. You know, we’re beautiful. Everything’s cool. We might need some other countermeasures and stuff like that. But then, then I sent everybody home. Well, how am I going to securely connect those guys when I send everybody to go work from home? Oh, well, I got VPN licenses on my firewalls. Okay, how many concurrence can you actually handle? What’s the capacity? Well, when I bought my firewall, I bought 25 concurrent VPN licenses and then I sent 150 people home. Well, that’s cool because only 25 at a time can actually do work, right? So what did I do? I’m going to get more concurrent VPN licenses, but every box has a max capacity. So then, uh-oh, I guess I have to get a bigger firewall that supports more VPN licenses or I go buy another appliance called a VPN concentrator or I go buy another appliance called a security mode access appliance, right? And then it was, okay, well, nobody’s here. Who’s going to rack and stack those appliances? How am I still going to get these guys into their network resources working from home? This was an absolute nightmare. And even if I did get a VPN concentrator or secure mode access appliance, the configuration of that and getting those tunnels, this is weeks and weeks and I got remote workers sitting at home can’t do any work. And that was a problem, right?
So, some SD-WAN platforms solved for that when it came in and said, “Hey, why don’t we just go ahead and decommission those old firewalls, drop a gateway in there?”
Now my gateway is doing local SD-WAN. It’s doing all of my advanced security algorithms and it’s doing VPN as a service from a service provider on my backbone. And now that VPN congestion is no longer shoved in your wiring closet or your internet, right? But it just made it clean and quick, right? And these things could be deployed in like seconds. And then all of a sudden it was, “Wait a minute. I got everybody sitting at home. Yeah, I got them, you know, security mode access and that’s all cool.” But their home internet is garbage. I mean, they’re complaining all the time. Their voice quality is horrible. I had one that was an animatronics company that went home and started doing, you know, animations and running these trackball technologies. You didn’t need to be real-time and super fast on this residential broadband and going, “This is horrible.” Well, yeah, it’s horrible because kids are in Google classroom. Mom’s working from home too. You got one stick of residential internet. I got to have a way to carve, again, my business critical applications and get everybody else out of my way, even in a single residential world. So now resident home as the win was created. Now I just put a little appliance in there. I plug in my little deal and then boom, you know, I’m up and running and I’m actually steering my application around anomalies in real time. I didn’t have to do a bunch of stuff. I just had to plug in this box that would do it for me, right? So that’s kind of how that evolution works. Cut to today, we’re starting to talk about the hybrid, right? It’s, “Okay, I’m going to come. I got remote workers, but some of them are going to come in, some are going to come out. Maybe these guys are going to work here Mondays and Tuesdays, and then Thursdays and Fridays are going to be home and a different shift is going to come and that’s cool.”
But I can’t have multiple different mechanisms to secure these guys and give them connections. So now how do I do this? And now we’re thinking of platforms and we’re rolling out platforms like Saffy and Cassidy platforms and ZP&A platforms and stuff like that to where when you’re outside of my office environment, I’m going to grab your machine and I’m going to send you prescribing centers. I’m going to sandbox and quarantine your device. If I see malicious code, I’m going to do kill codes on that malicious code and then and only then allow you into the network resources that only you are allowed in to do your specific job. You don’t even know there’s other stuff in here. Only you’re allowed somewhere, right? But then there was a problem with that too, is, “Okay, now you allowed me into my Azure container to do my specific job and you gave me a VPN.
So my front door is open, your front door is open, you gave me a secure connection. Where am I allowed to go once I get into your front door? Your bedroom, your bathroom, your basement, your crawl space, your house? I’m allowed to go anywhere, right? It’s linear. I can go anywhere now.” So you need to be able to segment me into no Hazel Horse. You’re allowed in the second cabinet drawer of the kitchen. You don’t even know there’s other rooms in this house.
That’s ZTNA, Zero Trust Access. But Zero Trust Access also has a different animal called Zero Trust Network, which means access is simply that I’m allowed in the third kitchen drawer. But what happens if I’m in the kitchen drawer and I go to Facebook Marketplace and pick up some malicious code in flight?
Do I have the capacity of now infecting that container? Yeah. Well, what if I was on a backbone provider and that backbone provider had me in a scrubbing center that was staring at me in real time scrubbing malicious code in real time? That way, if I do go to Facebook Marketplace and pick up malicious code, I can’t infect that container. That’s not Zero Trust Access, right? That’s Zero Trust Network architecture. And marketing companies are selling ZTNA all over the place. You see it in Google and LinkedIn or whatever, but it’s back to that use case, Mr. Customer. What do you mean by Zero Trust Access? Because Zero Trust Network could be, “I’m going to do a Z-scaler. I’m going to do a Palo Prisma. I’m going to do a Checkpoint Harmony suite. I have no local SD-WAN controls,” right?
That is an option. Sorry, am I going to be talking about ZTNA and stuff like that if you already have a Cisco Umbrella in whatever of the world? No, but I need to know that from the customer is what tools have you already invested in. We don’t want people spending money unless they need to. If they’ve already invested in a technology, we need to be able to utilize that technology, but make it more simplified and more elegant. That’s what we’re doing. So
fair to say, if I sum that up, we’ve gone from the far reaches of, “No, I’m going to manage this box myself. All my employees are in one location,” to where we are, the gradual growth of remote work, call it COVID or not COVID. After all of that, still definite prominence in remote work. And mix in all of the social media and all of the, thankfully, realization of needs for granular security over the last couple of years because of how good some of the bad guys have gotten to where now we’ve gotten and can get very, very, very granular on the security and the controls within that. And it all gets collapsed. So good, awesome sum with some of that. So as we get into the last question here, I would love to have everybody understand because like we said in the beginning, right? We’re here to help run side by side with our partners, talk to the customers, figure out what they’re trying to accomplish and put that into a solution that then is a fit. So I would love to walk through from your perspective, walk us through real quick an example that you got brought into, what were you told the situation was? What did it look like as you kind of got deeper into the customer’s environment? And then what did you ultimately end up replacing with Adam? What was the value in that story?
Yeah, great question. And I do a ton of these, just so you know. So it’s hard to pick one out. So I’m just going to pick out my most recent one because I’m old and I have a short memory.
But in this instance, we were brought in by the telecom guy. Hey, look, I want to go UCaaS and I want to go cloud contact center. But I need these applications on 100% uptime. I can’t do failover failback that I’m doing on my Palo Alto Firewall. I have to have 100% uptime. So I need SD-WAN. And in this case, they were an international company. So I need an international SD-WAN. They also had locations in mainland China. They were also doing distributed file shares all over the globe. So my guys in mainland China needed access and resources to LA and Hong Kong and Bangalore and Singapore and Ireland and all this other stuff, right? So we brought in a backbone provider that could get us outside of mainland China. They’ve got agreements with, you know, the Chinese government that allows them to do SD-WAN and kind of do a workaround around that great firewall world.
Brought in the appliances, which just do local link aggregation, all this other stuff. We’re going to stack it onto the Palo Alto Firewall. We’re not even going to do security yet. But this is how this worked and this is why it gets real fun, right? So now we do this. We’re going to do private layer 2 backbone, get rid of all their MPLX. We’re going to do local SD-WAN for link aggregation application control. So now go buy your UCaaS, go buy your UCaaS. It’s going to be perfect, right? They were doing cloud services through multi-cloud.
So and they weren’t doing, I think, their European location at Verizon MPLS, their US locations at AT&T MPLS, which is fine, right? And then they had Megaport to give them direct connects into all of the hyperscakers.
So we do the local SD-WAN, then we give them that layer 2 backbone, and then it was an epiphany. But wait a minute. Now that I’m on these guys’ layer 2 backbone with their 60 pops throughout the globe, and they are in all of these data centers, can’t they just use their layer 2 to get me directly into Azure, Google, AWS, TierPoint, all this? Well, yes, you can. So I can get rid of Megaport when that contract comes up, right? Yeah, go ahead. Okay. I can go ahead and get rid of my Cisco routers, because I don’t need those anymore, because now I’m doing real SD-WAN, right? So I got rid of Cisco routers, I got rid of Megaport, right?
Got rid of my MPLS when that’s coming up, and that was $40,000 a month. So I got rid of MPLS, got rid of my direct connect, and got rid of my local regular router, right? And then as we’re doing this deployment, then we finally get to the cybersecurity team. Originally, we were blocked out of that. I got a team that does cyber-second, we want to talk about it. We’re a big Palo shop, we love Palo. I love Palo too. Big Palo shop, we love Palo. And then I got to the, well, we’ve got, you know, 60, 70 locations around here with a Palo firewall at each location. I got two guys managing those Palo’s. I don’t have a security operation center. I’m not doing SAM, I’m not doing MDR, XDR. But I love Palo, and I love those local firewalls, except for they’re kind of becoming a headache to manage those local firewalls. Hey, Mr. SD-WAN player, can you help me with this? And it was a, well, you know, you’ve got on-prem firewall. What if you did this, Mr. Customer? What if you ingested the Palo firewall software into the appliance that’s doing SD-WAN?
I can decommission the on-prem Powos, but I’ve got the Palo perimeter security inside my SD-WAN appliance. And then what did I do? Oh, look at this. I got NextGen firewall that replaced my on-prem firewall. I got SD-WAN that replaced my routers. I got direct connects that replaced my Megapore. I got private layer two that replaced my MPLS. And the original conversation, I think in the first two, five minutes, or five, ten conversations was, oh, this is going to be so expensive.
It can be if you eat the entire elephant day one, but if you look at everything you’re spending on all these other best of breed products, if we collapse them, we just had a giant cost containment modeling on accident. So I think our current, originally they were spending close to $200,000 a month on all of their best of breed products. And I think we’re now at 60 grand a month. So we saved them what, $140,000 a month by collapsing their environment. Not only do we collapse our environment with really the same product they’re already using, but now I’ve got Simplistics and Elegance too, because I’m not logging into a router. I’m not logging into a firewall. I’m not logging into that. I’m not logging into that. So now a network admin has one orchestrator. The telecom is using the same orchestrator as my security guy that’s using the same as my connectivity guy that it’s all there, simple and elegant. Oh my God, how easy to just get this just get. And that’s where SD-WAN has gone back to it’s not a product. It’s a platform based on a use case. That’s what it is.
Love it. Beautiful stuff. Good detail. It’s funny when we stumble into saving people money, there’s value there. Unbeknownst to us.
And even funnier though, even better though, is when the partner brings us to the table of the, I need another circuit. And we ask why. You know, what’s the firewall and we ask why. When we the engineers come in and help those partners, we could have just sold this guy some SD-WAN and some connectivity and walked because that’s what he asked for. And we would have been what, eight, nine, 10 grand a month, maybe in that example. But by helping them collect their environment and build elegance and simplicity based on risk management.
I mean, we tripled that MRC for the partner. I wouldn’t say on accident because I’m always thinking this is our engineering team, but for the partner, it was a,
oh my God, I did not know that this was even possibility.
And I love the detail that you go into, right? That kind of shows behind the scenes how we got there because that’s the point as we get to kind of some of the final thoughts on this. The point is whether you’ve sold contact center before, you’ve sold network before, you’ve sold mobility before, whatever. Our goal with this is to help you get deeper into a new discipline that you may not be in, right? And understand how we do it and understand some of those resources that are behind us. I love that glimpse that you give with that. Awesome.
So final thoughts,
future looking, if you look out, right? We’ve painted, I think you’ve done a really good job of a picture of gradually how this model has changed, but your humble opinion of what’s next, right? Is it CASB, is it SASE, is it the collapsing of tools? What do the next 24 to 36 months look like? Yeah,
so your gardeners and your forester, your analysts out there are still saying, you know, I even hear them today, right? Best of breed is dead. We’re going to collapse into single environments and platforms as a service. That’s not true. That’s not true because we still have the fortune 5000 out there that has divisions of divisions of divisions of. I got a security division that’s going to do this. I got a talk division that’s going to do that. I got a voice division that’s going to do that. And they don’t talk to each other. They don’t want the same platform, the same operation, the same management mechanisms, right? They’re separate. And that’s okay. And that’s where these best of breed products come in that we have. And we can bolt on and do all that other stuff like service training. That’s fine.
It’s the guys that are, I don’t have a team of 60 guys in engineering.
I did. And I have 19 different cybersecurity platforms and 16 different pieces of software and I had 20 guys run in my shop. And now I’ve got four.
IT admin’s jobs are not to run around with their hair on fire with band-aid fixing people’s broken mouse pads. It used to be. Their jobs are now make me money. You, Mr. IT guy, from the CTO all the way to the desktop support guy, your job is no longer to fix the keyboard. Your job is to go figure out ways to make the organization money. Make me elegant, make me simplified. Figure out used to be, oh, just go save me money. No, no, no, no. Saving money is a byproduct of simplicity and elegance. So now, all the way to the guy in the telecom closet, right? He’s got to start figuring out where’s my value to the organization. It’s not in the patch panel. It’s got to be in the next evolution of technology. What’s the next software? What’s the next application that’s going to make me money? What’s the next way to do better customer service? Should I do chatbots and AI? I need to figure this out. How can I figure this out if I’m in the attic pulling Cat5 cable?
So now I need to take my IT guys that I hired them to buy our IT tech or whatever. And now I’ve got to give them strategic visionary ideas on making me more money. Now,
the enterprise guys still have the guys, you know, covered in asbestos, you know, and under desk pulling cables and fixing desktops. That’s going to happen for quite some time now. So, for us or Gartner, I’m sorry if you’re listening, best debris is not dead. However,
for those guys that have collapsed their staff and their talent pool, they’ve got to start thinking, I wouldn’t even say outside of the box. I would just start thinking about how do I make my job easier and make my company more money. That’s the game.
I don’t want to make my own tech anymore. It’s money.
Beautiful stuff. I think anybody that listens to this gets an honorary doctorate in something.
We went to school today. This is great stuff.
JoshHazelhorst I appreciate you so much for being on the show, my friend.
Love it, sir. Thank you for letting me come in and I love teaching. I got a passion for this stuff. So call me anytime.
Awesome. All right, everybody. That wraps us up for today. I’m your host, Josh Lupresto, SVP of Sales Engineering here at Telarus. And this wraps us up for Advanced Networking. Tune in next week after this as we have our supplier on to dive deeper into their technology. Until next time. Thanks, everybody.