HyperScale Security Technology

so my name is nikkitoni i'm uh asked for checkpoint uh here in south carolina i work with chris herron i focus mainly on commercial business um i've got andy with me if you want to introduce yourself sir i'm andy thomas uh been with checkpoint for about four years but was a customer for about 20 years done various i.t and security roles in as a customer and uh switched over to i guess they call it the dark side the sales side but uh hopefully uh we can um bring you some information on um just some some technologies that we've seen that uh benefit uh the scale that to keep up with the cloud in our data center

like andy said that today we're going to talk about hyper-scale security basically how we can use some of that same hyperscale um methodology from data centers and apply that to scaling on our traditional network security um so i'm gonna try to keep that product stuff to a minimum but i think you know one of the things we see is that scalable solutions are you know not a new thing in the cyber security world i think you know we just want to show you kind of a unique way that uh the problem can be handled but also in a way that's much more cost effective so at the end of the powerpoint we're going to have a

uh q a section you know feel free to unmute your mics we'd love to you know talk to you or answer any questions that you might have so that'll roll into it

so i want to start with the pro typical conversation organizations look to move to the cloud so the more and more customers are increasing their footprint in the cloud and whether that's sas applications or putting infrastructure up there and it seems that every business now is in the cloud in some manner usually the ones that tell you they're not change their mind once you start asking about office 365 or backup solutions stuff like that so the main reasons this is you know look to take on the cloud transformation is the productivity so users are able to you know access information from anywhere they're using this technology or the newest versions of software that's going to enable the business to

be more agile i think you know this is the perfect time in the market to show why it's you know important to be able to respond quickly to changes so cost other factor uh cost can really be an advantage or disadvantage if you hear a lot of people you know moving to the cloud and it ends up you know costing 10 cost but if an organization can utilize a cloud infrastructure efficiently it's going to lead to better performance and cost savings cobit again is another great example of how businesses can you know that are in the cloud more of the ability to scale down and really just utilize the resources that you need rather than having all

that overhead of uh you know maintain data center which is going to you know play right into the topic of flexibility but going to a public strategy it's not always the perfect solution um you know it's not draw free so the organization is going to lose all over the hardware you're trusting all your data in the hands is a new challenge for security teams they're going to have to adapt to new strategy they're going to have to secure the cloud environment you're going to keep track of your assets in the cloud but you're also going to have all of that traffic going from the cloud or sorry from your on-prem data center or from your users to the cloud and

that's another thing that you need to keep in mind about you know being handled and then last thing to point out is unless a company is born in the cloud you know i mean they started up there and that's really what they've got it's it's hard to see customers cutting the top you know all ties to the center you take a look at some recent trends it's clear to see why the public cloud is or it's clear to see that the public cloud is being used to complement on-prem data centers or private clouds so you see 87 of organizations are using some form of hybrid cloud strategy with major enterprises conducting a majority of their workloads

in the data or private clouds so you know another piece that plays into that is mentioning that a lot of organizations have to battle compliance moving to the cloud so with a large amount of workloads remaining in the on-prem data center how can we put a security solution in place that has cloud-like scalability to the data center needs so the scalability of network gateways has always been difficult to achieve you've got devices that end up needing to be replaced by better ones i think they say network traffic we're seeing like almost a three times increase every single you know year over year um so you're you know constantly having to replace network devices to keep up with you know the

needs of the data center and also you have high availability um as an issue you know redundancy is such a huge benefit that the cloud offers um but when you know a lot of times you're securing with traditional network you know static network devices you have that issue of hey one of these things is you know sit in h.a and it's not doing anything you know it feels like a waste of money um so what we're going to talk about a little bit later is kind of a unique way to address this problem use true n plus one solution really something where we can just keep adding resources um address the scalability but all done

this question by eliminating those idle resources that are that are not doing anything so this is where hyperscale technology comes into play um so definition of hyperscale just to kind of read it off it's the ability of a technology architecture to improve and scale appropriately as per demand is added to the system so you know we see this with facebook with the googles the netflix you know these huge hyperscale data centers that can just grow and grow and grow basically you know we're looking at how can we take that same concept that hyper data centers use and apply that to the traditional data center uh security market and so what that's going to do is if we can

achieve that it gives us a solution that has incredibly high levels of performance or throughput while still having that redundancy that we talked about

so scalable platform we kind of mentioned in the beginning it's you know everybody has some way of having a scalable solution to handle security needs um it's not new in the industry and so while many vendors us included all our chassis solutions these are really targeted for those huge enterprises that really just need tons and tons of time and so chassis solutions are too expensive for mid-size businesses and you know for a smaller mid-size business you don't need a hundred gigs of you know throughput at the firewall so it's just it's overkill anyway so what we're going to go into is you know kind of talking about a new platform that we have called maestro

which basically uses regular appliances rather than a blade architecture so it's bringing all the benefits of scalable platform solutions to a business of any size so it doesn't matter if you have you know a couple hundred employees or you have you know 50 000 employees you're going to have the ability to stay at that huge upfront cost of traditional chassis solutions and so there's various use cases where having a scalable solution based on just normal appliances is beneficial and one of the going to be for obviously customers like we talked about that want scalability but the chassis is just just too big gets them in an entry cost gives you the you know the ability to

long term know that you're not going to have to rip and replace your gateways um but you know without that huge front cost of the chassis on the flip side it's kind of the exact opposite of everything we talked about which is you know very very large enterprises can can use this um so if you've got you know massive companies where chassis solutions are you need multiple chassis solutions this is a way to achieve you know significantly more throughput without the complexity of managing and using all of those chassis solutions so using normal normal gateways we can we can actually get about 10 times the throughput that some of these chassis solutions are able to offer

and then you know we talked about managing or i mentioned managing multiple classes that's kind of the last customer that really you know this use case makes sense to um and that's for people that want to consolidate resources under the same management platform so you know the whole you know one of the huge benefits to a hyperscale data center is saying hey you know we have that automation we have the ability to just keep adding resources and have the environment scale to us um you know if we apply this to security it's not not useful if it means you know a huge headache and management so there's a way that we can you know keep

same scalability but just keep you know adding on to it while keeping management um you know just a single single object and so from there i'm actually break the share for a minute and head over andy um who has some you know more slides on exactly how we can kind of take another look at how to handle you know a question that has traditionally caused the headaches so let me get started here

so good setup nick um appreciate it um you'll you'll hear me probably be redundant in some of the statements nick made but uh just to reiterate some of them so he touched briefly on why why we need hyperscale um we should just put this why do we need more capacity in the data center i was told whenever everyone was started to go to the cloud uh that there would no longer be any need for inspection of you know hardware appliances or inspection and i don't as much as people are moving to the cloud and some of that will probably dissipate over time there's new requirements when you shift your data center to the cloud or

your compute or storage whenever you shift that to the cloud you still have your a lot of you companies have users on premise kind of changing with codefood but you still have a lot of users that are still going to the cloud you have to inspect the whole entire cloud every connection essentially that goes to the cloud because the cloud's untrusted that's the point or the internet rather so um you also have people that'll always have on-prem um networks maybe not always but at least for the foreseeable future and with that you want east-west inspection there's a variety of needs of doing network inspection now with the modern data center and the modern way of computing

things are being distributed branch offices people aren't backhauling everything back to the data center people are working from starbucks so that communication may or may not be inspected by a network device it may be that you just depend on uh the endpoint agent but yet even with that maybe you're doing remote access to get access to the corporate internal corporate resources and when you do that you're going to need capacity for that vpn connection or the inspection that goes with that so things are shifting for sure but what we found is what we the benefit of what we've learned from the cloud and how it's been scalable we felt like that same method could be

used in the data center and and again i don't want to get too much in what checkpoint is doing here this is really an industry problem it's a unique way that checkpoint is to address a solution but really this is a problem that's industry wide and and other vendors have other solutions most of them what we've found is in the chassis so um back to what hyperscale is or why we need it you know the un unpredictable traffic patterns that i mentioned here on the slide just the increase of usage um you see the seasonal patterns you know holiday shopping is a perfect example and you know how how things may ramp up on e-commerce during that time

and and and take away from other not take away from other resources but add to what's also going on in your shops uh you know physical stores brick and mortars um but that's a shift in traffic it's a burst and then a in a down downgrade and and that's what we see the benefit of of cloud that's one of its uh hallmarks is its agility to both flex up and flex down as needed you also see new applications coming online that really spike the usage i'll give an example of you know five years ago or no no it's probably been about seven years ago when i first as a customer thought okay i need to start doing this

next-gen firewall consolidation surfaces i don't want to be managing a proxy and a firewall and an ips i want to consolidate those and when i did it was about the same time office 365 was being turned up and so at the same time i had to size my gateways for the change in how i was going to do things because i felt like that was the best use of my resources i didn't have a huge team to manage three different appliance solutions i wanted to do it all in one and it was the right decision for us but with that being said as this office 365 we didn't get good metrics on what the traffic flows would

be we sized our boxes appropriate and pretty much nailed it except for one instance we had problems in europe and there was just it was just hard to manage that uh traffic had to do some load sharing on our gateways and kind of limp along until the next budget cycle came along which isn't isn't always practical and that was more of a branch office type of use case but it still applies the idea is you get locked into the appliances and you're pretty much either you buy way over more capacity to what you need for the next five years or or or you don't have enough capacity and you have to rip and replace your solutions

so for that for that solution it would have been great to have an alternative like this uh a scalable platform that allows you to uh you know grow the solution without having to to rip in place as i mentioned the movement of the cloud isn't limited to sas which that was my use case but uh you know infrastructure service huge that's really a lot of your data center moving out to to the cloud and then platform as a service and there's going to be uh you know as a service i think it's infinite of the the message that we're going to be putting stuff in the cloud but as i mentioned that whole consolidate consolidation of network security

inspection um that drives up the need and maybe maybe a lot of company what we find is they don't they start off and they'll maybe consolidate you know like i did ips and and proxy or or some other function dlp but when they do a lot of times they don't do the ssl part of it and then so they need ssl turned on inspection turned on so where are you going to get the capacity for that you're going to go out and buy another aj pair just to handle to bigger to handle this um that's been the old methodology so we're looking at um you know kind of turning that up and and in in the right situations coming up

with something that you don't necessarily have to keep ripping and replacing upgrading um gateways and you don't have to buy a full-on chassis to grow uh that you have options um you know just to fully complete that you know some of the other ideas like the remote access i have on the list here that's another thing that's dried driven more uh the more capacity requirements is coveted more people are working from home so that could have been a perfect use case for why you would need a extendable solution where you're not locked into where you could add capacity maybe maybe you've got all this set up and configured and remote access was one of your

deployments in a in a an orchestrated type of solution um that like in in meister's case all you would add need to do is throw in another gateway so just examples of why we need it i think everybody understands that we're just we're um trying to catch up with um catch up with something that's impossible to catch up with i mean it's just constantly um we're chasing security essentially so why do i need an alternative to a chassis it's a chassis as uh nick mentioned chassis have been the solution for uh scalable capacity ads and they're done through blades you basically have a switch in a device that distributes the traffic to multiple uh blade security gateways

they're essentially blades within the hardware and you know a lot of times you're limited to eight or ten slot how many are slots whatever size the chassis is and that's been effective on really large organizations but it's it's extremely costly to get in to a chassis and um and how do you do it did you fully populate start off with or you know that that can really get expensive that's why i mentioned the entry cost to that for smaller orgs they didn't have an option there was no large there was no small chassis there were usually two options more of a medium and a large but it just does it practical for most uh businesses and you know

even within that you're still an lha model even on the you know high availability within the chassis you do have some of the n plus one type of aj capabilities built in within the chassis but that's another thing that you know what we're talking about here what what checkpoint has done is put basically a switch in the top of a rack and then allowed you to fill up that rack with as many gateways uh i wouldn't say as you want but there you'll see the limitations uh but much more than what you could actually fit in the chassis so therefore the throughputs are much higher than even a a chassis so you can start small

where you can grow in to it um and then you have the ability to auto scale there's orchestration built into the system to you know just like the cloud you ought to automatically add resources and up upscale and downscale um based on capacity requirements based on thresholds and we'll see a demo later on so this is an example of just some of the throughputs uh that you can get so almost a terabyte of throughput some of this is theoretical but it's still a significant amount of any amount of traffic throughput inspection that you can get from a chassis platform pardon me uh so the auto scaling um can be for your traffic going to the cloud or

branch offices uh really the use cases we'll talk about a little bit more um you have a restful api that allows for the orchestration as you can see here you've got up links and downlinks as you would imagine and uh your downlinks or 10 40 or 100 gig and your uplinks the uh the same but you just have the ability to basically uh the user communication goes to the switch and that's distributed between the gateways um and we keep session management synced up um each lot a group of appliances are put into what they call a security group and that security group is safe basically what you would have in a gateway instance so security group one

would be an inspection for one particular use case and group two in this slide would be for another particular use case um it would just be you know you if you have multiple firewalls on your floor that would be each one of those would relate to that that firewall instance that you have for you know maybe you have one for finance maybe one have one for e-commerce that kind of division and here's some of the specifics on the just the limitations single management object is basically just a way to talk to a single security group and manage it so there's a load balancing map uh mechanism that distributes the load equally and you're in plus one it it uh

it basically pretty much raid fives of traffic similar to what you would do in disk um you you're you're putting everything across those um across the gateways that you have to to send the load to and you need basically one to handle redundancy you lose one you still have the same capacity uh that it's load balanced through a dynamic uh algorithm and it's has to do with basically the five tuple type of criteria there's a correction to ensure that there's no asymmetric uh communication so that's obviously a problem whenever you're doing something like this it's not like you're just talking to one device you're talking to a multiple we we have software to actually handle that

um basically that uh making sure that we can keep up with the connection across the gateways so just some dynamic scalability requirements that come from our different business units you have um shops for example this is done from our israel counterparts you know shops is more of a european term but you know any of our e-commerce or um brick-and-mortar type of stores big box stores whatever they may be you telco's a great use case government you know you know i could only imagine some of the systems that have had to come online for the government to support covert coveted what's going on in the world would uh require dynamic uh significant uh increases of of dynamic traffic

transportation companies just a few uh there's so many different use cases um i support a hospital and they're very interested in it because where some some organizations decentralize with branch office on their their their model is to centralize the traffic uh coming all their inspection coming from all their employees going out a single inter one or two internet pops so with that uh consolidation of all that traffic coming through means that you gotta have you know large inspection to be done so so here's an example of just a couple different security groups and the unassigned gateways you can assign reassign these gateways based on on thresholds so essentially what happens to it we don't really call this out that

that that much in these slides but essentially what happens you can manually move these things by a simple web interface but essentially what happens on the auto scale is you set threshold policy and if a certain security group it's over 50 cpu utilization you pick your own thresholds if you get to that you say okay things are gonna happen here where i need to move in more resources it automatically does that for you and again that's what we'll show in the demo here in a minute so here's an example okay so you're um i'm not sure the significance of this 30 here but uh you've got you've got threshold set your uh 70 is the threshold um

62 it looks like it's at right now you add the other gateway and now you're down to 25

so again the benefits are it's more for any business there were limitations and scales solutions to really large companies who could purchase really large chassis and that has been an inhibitor and it's not been fair it's not been a fair playing field for for smaller companies to not really have an option but to keep having to buy rip and replace gateways based on capacity aids again buying way more capacity than what they uh actually need at the time and just letting it sit or buying it more right sizing and then finding out because a new application comes along or there's a shift that uh that there's gonna be enough capacity i mean just just being

into those in that situation it's just not a good solution with this you hit with um a scalable platform top of the rack you got a switch that you put in you just uh add gateways in as needed to address capacity it gives them much more flexibility i mean andy if you don't mind if i add a point to that i think absolutely one of the you know benefits i like as you can see kind of on your slide there the start from little um you know it uses using the same technology that you're already gonna you know have securing you know that network meaning you can start at a right size solution and then

find out later that you need the scalable solution and add that on down the road so you don't have to go you know all in on you know a scalable solution right off the bat you can you know just protect these assets like normal and then put in a scalable solution the other piece of that is you know andy talked about you know new inspection you find out you have to do let's say all of a sudden you decide you know the organization decides that you need to inspect you know us to sell traffic you can also you know instead of having if you're in a chassis solution instead of having to buy an incredibly expensive you know

additional blade to to run that you can just put even a smaller gateway and so you might have two large gateways and then you know let's just add a little bit more on top of it to be able to handle the needs that we need so it i think you know those two things are worth pointing out for showing you know how this really can help not not the giants you know how it can help the your average businesses handle the scalability problem andy you gave the example of the offices in europe generating more traffic than expected do you provide an inspection solution that does not require the traffic in europe to come back to

the usa yeah in that example that's exactly what it was and this is not like we're doing this in cloud this is on premise so this was actually the the european uh gateways were sitting in europe um [Music] so yeah it didn't have to come back to the u.s we were just uh the company i was with was we were distributed um but we had regional data centers and since then they've done even branching out to where they have more of a direct internet access from their branch offices but those regional offices kind of provided failover if there was a failure in the in the direct internet access at the branches but with that said they still had those

regional data centers they had dmz's they had other capacity requirements other than just outbound user traffic so you had inbound but the the point is is where it was really pushing uh really pushing the need for more it was putting office 365 that was the one single solution that or problem that was introduced that really caused the need for uh additional capacity there but does that make sense yes thank you sure so um nick makes a great point too there's so much flexibility in this and the fact that when we started out we were limited to certain models that could participate um to explain this orchestrator that happened something that happens too that we kind of flew through and didn't touch

on it essentially what happens in this orchestration process is you've got auto scaling which i i'm going to again show that demo but you can manually move stuff around through this web interface that you'll see but um with with that said what happens when you actually move a a un um untagged resource a gateway that's unused into a security group we basically deploy the code the proper code it could have a release of software on it that is not current maybe it's newer or older it doesn't matter when it's moved in that security group that's wiped out and it's re-imaged with the proper software version and it receives the policy for that security group and all this

happens automatically through the orchestrator and another gateway that associates uh that deployment um that that all happens within like a five minute process uh and again we'll see that in an auto auto deploy environment what's also cool about this is when we started out you were limited to certain gateway models we've opened it up to all our currently supported gateway models and it used to be uh that particular gateway models had to be identical within a security group um that is that is a limitation now but soon it won't be a limitation so what was really cool is theoretically what you can do is you can migrate to all new newer models without any downtime

all you do is just move the new models in the gateways take the old ones out so that's one use case of the benefits of this whole orchestration so you don't really have to do anything other than just hook the stuff up and and move it over and it automatically repopulates all this stuff and this is this is the way stuff is done in the cloud it's automatically provisioned it's it's auto scaling like you see in azure and aws so um we're really trying to take the idea we took more from google of how they took and put us you know how they distributed stuff they use the what we call a top of the rack switch

and then put all these devices uh connected them all together in a single system so i'm gonna i'm gonna do this demo there it is i'm deciding well i think we have time i think i'm just going to let the whole thing run it takes about five minutes it's the actual process it's real time so you get to see the full thing it gets kind of dead at some time nothing's happening you'll if you want to shoot some questions while that's going on where there's not much happening feel free to i'll probably fill in with some commentary as well but let's just get at it and let you see what it what it can do

so what you see here is um two gateways already in a particular uh group security group configuration and it has no auto scala settings so we're turning on auto scaling here and we're adding the configuration for it so it's telling it what to do in a scale-up situation if there's more than 70 cpu or consecutive 60 seconds then we're changing to 30 there to speed things up but um well actually just change to 50. i'll let it i'll let the screen tell you i don't have it memorized all those parameters but as you can see this is your scale down rule here and you've got a couple different parameters what you what you actually scale down or scale up on

so that's set so now they're gonna start sending traffic to it to change the behavior so as you can see the cpu utilizations and and the average for the two gateways so it's 44 now so it's this is kind of the wait time it's got to hit be that at that criteria for a certain amount of seconds

so we're looking for a scale-up event so watch the top one so there's 30 seconds all right now we're going to start seeing the other system come online with the unused system that's our uh being automatically added to the scale group or the security group see it added into the gui populates

so you see the node detached it's getting its configuration now and this is kind of where it gets boring any questions about what's going on in the screen or anything is it clear i'll point out here you see this this is the version this sp is a scalable platform operating system that runs you got two of three sgm's or security gateways ssms or security switches or orchestrators you got two in use but three in the security group so that's that's the point of this two and the three here you get the policy firewall policy update so that's what's going to get deployed the firewall policy with that

date

again this is all happening you think if you if you need this on the cloud and you're doing um you're doing inspection you're going to have to have the ability to scale up automatically on-prem as well either that or run way over capacity again you get the benefits of moving resources around another point i didn't make earlier too is on the whole portability of the gateways maybe nick touched on it but that you have the ability to not only use these gateways you could use them in an orchestrator and all that and maybe your orchestrator is good your your maestro solution it's good you can take and use that gateway take it and send it to a branch office or

something like that you can pull them out of here obviously there really there's no special they're the same gateways that you buy for non-orchestrated environments as well so that gives you a more flexible investment right and just gives you um you know an environment that you can customize and use as you need so it's got the policy it's rebooting now as a policy in the new software update you still see it up here on expired on everything but it's in the scale unit you're still you're running still hot on these two members is um and participants are automatically muted when they join the meeting but participants do have the ability to unmute themselves to ask a question

great thanks now you see things average out average cp utilization is going to come more normalized as load gets distributed to that third unit and then andy another thing that i know i see with the with our customers is that this also kind of helps you know from from a high availability perspective instead of having a gateway you know sitting there idle um you know you can use this in the sense of as long as you can handle you know one member being down and handle that you know meet the traffic requirements this makes uh i know it's definitely a rare occasion but it makes the rma process a lot easier as well because if

anything you know happens and you need to you know swap gateway members it's just you know automatically built you know as quick as you showed in the demo [Music] all right so that's the demo absolutely nick um that's a that's perfect uh lead in i mean that that whole h8 that always bothered me i had a box sitting there that's why i turned up load shearing when i could but load shearing is also not good if you uh actually lose one of those load sharing members and you were going more than one unit could actually uh process by itself then you're then you're oversubscribed on capacity again and you can't ever count i'm not losing

the gateway this this ability to do um being able to lose a gateway but not having a 50 percent uh or 100 overhead for your gateway counts is another um huge advantage of of the platform so it just gives you a better way of managing your your security spend your investment in a multitude of ways again i just want to just say you know we kind of did get it go into the product a little bit because that's what we do we see it as a problem and whether other vendors come along and do something similar we don't know we just know that this is a unique way to really address a scalability problem in the data centers

again i don't believe all the processing and security inspection can can or ever will be done all in the cloud your you know the cloud has to have connection points from somewhere whether it's a mobile device whether it's a endpoint or whether it's network connected to the cloud there's got to be inspection done somewhere to give us that security security trust that we need you know the internet is untrusted we can't say that we trust that if we're not going to trust it then we have to expect inspect it and get a disposition of what we see give protection or prevention you know prevention is something that i think is so overlooked and and if you're really able to the more

you're able to inspect and detect maliciousness the much that much more that you'll be able to prevent so again um whatever your whatever you do find solutions that can give you them full inspection don't take shortcuts and not do ssl or other things because it's too hard or it's too uh resource intensive there are solutions to help you scale in a way that you can get the inspection that you need all right do we have any uh any questions hopefully we have answers now for a configuration consistency is is maestro able to manage um devices in multiple locations so we do have a redundant um redundancy solution and this is something that wasn't an initial product but it is now as long as

you have well good connectivity you can put security groups you can use gateways in disparate locations in the same security group so that means yes absolutely you can do that most the time it's somebody's large data center their production and their dr environment that they have a redundancy land redundancy and bgp and they'll be able to fail over to the second data center and that's how it's done but we've got i had a slide what didn't make it here but basically showed you a security group that went across site or one that ran in and then ones that ran individually on the two different data centers so yes but i would say that you would

probably do that in you know maybe one one two sites at most i would think um that's typically what it is and it's for those larger things if you're thinking of branch office there's other ways of doing those kind of uh inspections whether it's inspection in the cloud or on-premise gateway and do you typically only inspect your own company's traffic or if you're collaborating with another company and they're accessing the cloud does their traffic go through your device before going to the cloud only if they're connected through your network um obviously this is an on-prem solution so wherever that inspection point is so it would depend on the topology of your network some bring partners in like that and

then feed them back up to the internet um there's uh like in the hospital case there's times whenever they do partnerships with other hospitals and the the big comp the big hospital would have say in what the little hospital does and says we're going to inspect all your traffic so but this is the inspection isn't done in the cloud even though it works like the cloud and it's technologies that are that we're basically born in the cloud this whole auto scaling idea it really is still on premise so it would depend on the topology good questions though and again everyone can take themselves off me to ask a question um along the lines of sight redundancy

there's also a lot of people say okay that's great you're gonna give me a you're gonna give me this switch basically to distribute this traffic to the gateways and the gateway can fail and you have enough capacity what about the switch well that's one where you have the choice you can run a single switch or yet and this is to a consider it as a single site you can run one switch but then you got a single point of failure but the switches are you know not aren't really as costly as the gateways depending on the gateway models but the switch essentially can have redundancy um if that's a concern of the single point of failure in which most there are

most people most customers buy too yeah i was going to actually add that to the first question andy is that you know the switch redundancy can be done over you know multiple sites as well so you can have a you know second second stack of you know entire solution at a you know secondary data center

hey guys this is uh chris i just want to make one comment i know nick and andy have both mentioned this but you know from what we've seen people at different levels within an organization have a different appreciation for for the solution um people are who are more hands-on appreciate the technology and how you know innovative it is and how it can allow them to be more effective and more efficient what they do as you move up um people are more appreciative of the financial impact and again this is the part that was emphasized a couple times but i i want to emphasize it again just because we've seen it play out where you know instead of

buying capacity that you think you're going to need in three to five years you buy the capacity you need now if you grow quicker than you thought you were going to grow you just buy the additional smaller gateways sooner if for whatever reason you don't grow as fast as you thought you were going to grow you just don't buy those gateways as quickly so it allows you to be a better steward of your companies and financial resources rather than spending a lot of money upfront on something that you know may even be you know obsolete sooner than you thought because of rapid growth in the company or spending a lot of money and not ever

actually hitting the the capacity you know in three to five years because covet and you didn't grow as quickly as you were going to grow you know the for people who are very budget-minded this is also a very good solution in addition to people who are more just concerned with the technology leave it to the sales guy to to bring in the financial inspect impacts to keep us honest right chris and at the end of the day something can do you know everything in the world but if you can't afford to pay for it it's not going to benefit that company yeah that's right

landy and nick thank you for your presentation today and for your support of b-sides greenville thanks mike thank you thank you appreciate it