Why the Economics of Adding a Network Engineer to the Cloud Engineering Team Doesn’t Add Up

By Neel Kamal
Head of Sales, Aviatrix
September 18, 2018

Networking in AWS, Azure or GCP is complicated. (Just take a look at our Day in the Lifelist below.) Many cloud teams naturally assume they’ll need a network engineer with a traditional data center skill set to manage their cloud networking. But from both a skills and cost perspective, that’s just not the case. Let’s examine the business case and the alternatives, including the opportunity that this presents for cloud services consulting companies.

Why the Economics of Adding a Network Engineer to a Cloud Team Doesn’t Add Up

  • Skills Gap. Cloud networking is in fact far different from data center networking. Finding an engineer who knows cloud networking and data center networking is extremely difficult.
  • High Cost. Cloud network engineers are in short supply and high demand, which means they are expensive to recruit and compensate.
  • Not Enough Headcount. AWS, Azure and GCP are marketed as easy to manage, and so your execs are expecting a very lean team. When headcount is being prioritized, it’s difficult to justify a full head for a network engineer who brings nothing else to the team.

The Alternative: Networking as a Service

Networking delivered as a service helps change the value equation. By integrating with major cloud platforms’ native APIs and providing a centralized view from which to manage and monitor networking, a “Network as a Service” solution like the Aviatrix Hosted Service enables cloud engineering teams to take control of networking without the need for deep, traditional networking expertise.

A service offering may also make it appealing for cloud engineering teams to outsource networking to a trusted partner. Networking will require a fraction of the team’s routine tasks, making it an ideal piece to move to a dedicated partner resource.

The Numbers Add Up!

The fully loaded cost of adding a network engineer to a cloud team will be $200K in the U.S. The size of the cloud team is directly proportional to the cloud spend, and so if you embrace Networking as a Service as an alternative, at a fraction of the overall cloud spend, you have positioned yourself for the win.

A Day in the Life of a Cloud Network Engineer

We’re often asked what networking tasks a cloud engineer takes care of. Here is a short list.

Building and Maintaining Network Infrastructure
  • Landing Zone setup with a transit architecture
  • Build connectivity from on-prem to VPCs
  • Build connectivity from VPCs to other account VPCs, including security policies and isolation
  • Build egress controls from the VPC (fully qualified domain name filters for Internet access)
  • Build remote user access systems with policy-based enforcement of who can access what and at what time
  • Build connectivity from VPCs back to on-prem remote offices or partners
  • Monitor and alert on availability
  • Monitor and alert on latency and bandwidth
  • Monitor and alert on egress controls
  • Monitor and enforce user access
  • Monitor and govern route table updates
  • Monitor and govern CIDR block management
  • Troubleshoot connectivity issues – EC2 instance to another EC2 instance
  • Troubleshoot connectivity issues – EC2 Instance to an on-prem instance
  • Troubleshoot route table advertisement
  • Packet captures
  • Debug BGP parameters during IPsec build time
  • Identify and resolve overlapping CIDR block issues


Comments are closed for this post.

Latest Posts

Aviatrix Now Provides FIPS 140-2 Validated Encryption
By Sam Ghardashem, June 14, 2019

How Aviatrix’s intelligent orchestration and control eliminates unwanted tradeoffs encountered when deploying Palo Alto Networks VM-Series Firewalls with AWS Transit Gateway
By Sam Ghardashem, June 7, 2019

How to Use Aviatrix SD Cloud Routing to Build Azure Networks
By Karthik Balachandran, March 20, 2019

The Cloud in 2019 and Beyond: More of the Same, Only Better
By Steven Mih, December 6, 2018

Understanding AWS VPC Egress Filtering Methods
By Khash Nakhostin, November 14, 2018

Top Tags

Active Directory (AD)Amazon Partner Network (APN)Amazon Virtual Private Cloud (Amazon VPC)Amazon Web Services (AWS)Amazon WorkSpacesApplication VisibilityAviatrix Cloud InterconnectAviatrix ControllerAviatrix FireNetAviatrix Firewall Network ServiceAviatrix FlightPathAviatrix Hosted ServiceAWS Direct ConnectAWS Egress ControlAWS Transit Gateway (TGW)AWS VPNAzure ExpressRouteCasachekChefCiscoCisco Live 2018Cloud Architectscloud burstingCloud ComputingCloud Gatewaycloud governanceCloud MigrationCloud NetworkingCloudOpsCSRDevOpsEgress TrafficElon MuskEnterprise Strategy Group (ESG)FIPS 140-2GartnerGCP Next 16Google Cloud PlatformHub-and-Spoke NetworkHybrid CloudHyperFlex Multi-Cloud EcosystemInternational Data Corporation (IDC)Intrusion Detection System (IDS)Intrusion Preventions Systems (IPS)IPmotionJenkinsMalware DetectionMesh NetworkMicrosoft AzureMulticloudNetworking as a Servicenetworking infrastructureNext Generation Firewalls (NGFW)NiciraNoOpsNutanixNutanix CalmOpenVPN Access ServerPalo Alto NetworksPCI CompliancePci DssPublic CloudPublic Cloud NetworkingPuppetRemote AccessSafeLogicSD Cloud RouterSD-WANSoftware Defined Cloud RoutingSoftware-Defined Cloud RoutersSquidSSL VPN to AWSstorage and computeTransit DMZ Architecturetransit networkTransit VPCURL FilteringUse Casesvalidated encryptionVirtual Cloud NetworkVirtual Desktop Infrastructure (VDI)Virtual RoutersVMwareVNet ConnectivityVPCVPC PeeringVPN