A Conversation with Dennis Estrada

This is my third conversation with cloud architects. Click here for the previous one.

Meet Dennis Estrada, enterprise architect at JellyVision, a company with a long history in software for education, entertainment and now employee benefits.

In this wave of developer led cloud transformation, traditional IT is often viewed as a friction and backwater organization. Dennis is an exception. Not only he manages IT department as we know it, he is in the fore front working with Ops team and architecting the new IT in the cloud.

I caught up with Dennis recently on the busy exhibition floor at AWS Chicago Summit.

Sherry: Which vendor equipment you currently use for employee remote access and why are you changing?

Dennis: We currently use Sonic Wall for our employee remote access. But as we have moved 90% of workload to AWS, it does not make sense to have employees to first connect to on-prem and then connect to AWS resources. So I started to research a product that enables employees to have direct remote access to AWS.

Sherry: What products have you looked into?

Dennis: I looked into Fortinet, Checkpoint and Cisco ASA. Their pricing placed them out.

Sherry: Why Aviatrix?

Dennis: Aviatrix remote access VPN is an OpenVPN® based solution that I’m very familiar with. I like the out of box integration with LDAP and DUO. Our SRE and engineering team are already using DUO. The AWS marketplace metered AMI allows us to pay as we consume.

Sherry: Did you consider operations in your vendor selection?

Dennis: Yes. I’m an architect and my focus is designing a solution. But my design must be operable by junior members in the team. Aviatrix Controller has a user friendly interface that is simple to understand and operate.

Sherry: What is your plan to roll it out?

Dennis: We’ll start with our 25 SRE team members, then to the engineering team, finally offering the service to our 500 employees.

Sherry: You know most companies will consider employee remote access as the last thing to do in the cloud transformation process. It’s impressive to see your taking charge and architecting the IT for the new environment.

Dennis: Yes, I’m still in the IT department, but these days I spend more time with Ops team and is the main point of contact between Ops and IT.

Sherry: How do you operate differently now that you are 90% in AWS?

Dennis: We focus more on business continuity as opposed to DR (disaster recovery) which is more reactive. Business continuity is about standing up environments in multiple regions so that in the event of a AWS region failure, our service is not disrupted.

Sherry: Any feedback to our product?

Dennis: I suggested a few improvements for importing the certificate, and that’s already implemented in the product. I’m very happy with the Aviatrix team, you guys are responsive and helpful. It would be great if you can integrate with Google authenticator for your 2FA.

Sherry: Thanks you. Like wise, our team was impressed by your detailed research and knowledge. We’ll look into Google authenticator. Have you looked into our Egress FQDN filter?

Dennis: That’s something I’ll check out once we have user VPN deployed.

Sherry: Great, let us know how it goes, and thank you so much.