Nile Service Blocks: Foundation for the Nile Access Service

Nile Service Blocks

Nile’s Service Block for wired and wireless access networks integrates traditionally separate 10+ products and services into a single solution. The Nile networking hardware as part of the Nile Service Block is purpose built to be fully orchestrated from the cloud and is powered by cloud-native software that enables comprehensive network data collection across all layers.

Such instrumentation utilizes deterministic system design and continuous collection of 1000+ data points across all aspects of the edge infrastructure. The networks are deployed with standardized design and configuration within the wired and wireless network underlay. They are always installed with high density and high resiliency design principles.

This standardized design eliminates “snowflake” installs and relevant complexity for ongoing network operations.

It integrates physical / virtual sensors to enable continuous data collection from the service block. It extends zero trust networking principles to the enterprise campus and branch by enforcing L3-only user / device isolation on hardened hardware – enabled with TPM security inside and MACSec encryption in the control path.

Nile Service Block is purpose built for end to end automation via software thanks to its single integrated modern cloud software architecture and unified data format across the tech stack. Similar to the IaaS principles in the cloud, Nile Service Block is supported with agile software development cycles with in-service maintenance. 

To better understand how the Nile Service Block is designed, consumed and operated, it is useful to compare ourselves against how things used to be.

In the 1990s, it was about connecting personal computers to each other. And, switches were born. One of the big reasons behind Cisco’s tremendous growth. In the 2000s, we have made it possible to stay connected with laptops. Wi-Fi access points arrived. To simplify enterprise deployments, Wireless LAN controllers were born. Companies like Aruba took advantage.  

In the 2010s, with the arrival of smartphones and tablets, Wi-Fi became a necessity for businesses of all sizes. Cloud portals were born to ease management across many sites. 

Then, with enterprise connectivity service more devices and applications at every corner, we tried to ease troubleshooting of quality issues with AI summarized notifications and alerts.

Besides the technology architecture, purchasing a wired and wireless access network is not necessarily easy either. 

• First, you needed to survey your space and plan the network design. Then, you would review your vendor’s product categories, such as Wi-Fi 6 access points and stackable access switches. 
• Next, you would select a specific model within each category. Each model has different features, so you had to pick one that fit your needs. 
• After choosing the right models for access points and switches, you would add the right SKU for each, along with accessories and cloud management subscription. 

With the Nile Access Service, we have fundamentally changed this 30 years of complex innovation and consumption model. With Nile, these 10+ steps are replaced by a single all inclusive service that you can sign up to in one step. Day -1/0/N network operations are automated in software, and there is no need to manually manage the lifecycle of countless hardware products, software releases and support contracts.

As you operate your Nile Service Block, you become a tenant of the Nile Access Service, and start consuming your next-gen access network as-a-service, on a per site or per building basis. 

Each of our customers enjoy guarantee in service quality within their buildings: if there are SLA violations, they receive payback in their upcoming monthly billing cycles. Payment terms of the service can be monthly or annually, and do not require any upfront capital expense. You have the flexibility to add new sites/buildings to your existing contract at any time. 

As opposed to legacy enterprise network architectures, there is no difference in design, install or maintenance of the Nile Service Blocks across different size locations.  Campus and branch network deployments rely on the same cloud based orchestration, instead of the separate network management solutions. There are no performance or security compromises that are commonly observed in controller-based or controllerless Wi-Fi network implementations.

The service pricing is designed to align with enterprise IT budget priorities. Per employee per building pricing allows you to save during the months where there are not a whole lot of folks showing up at work. Per square foot per building pricing enables you to stick a number on a per month basis independent of connected employees in the building, bringing predictability of spend next to your real-estate costs. 

Deterministic System Design

Within a Nile Service Block, Wi-Fi 6 APs with four radios are installed in salt-n-pepper redundancy, including an embedded sensor. A physical Wi-Fi sensor infrastructure is also installed for continuous evaluation of the service quality. Access switching with 5 Gbps PoE+ ports and redundant distribution switching with 40 Gbps uplinks act as the backbone. 

The topology and design of each Nile Service Block is automatically generated based on the site survey and performance requirements for the install location at hand. Here are some of the unique capabilities of the Nile Service Block when it comes enabling deterministic system design across any campus or branch location. 

• No product catalogs for network elements: never select SKUs again
• No dedicated hardware selection at each site: blocks horizontally scale 
• No configuration for network elements: eliminating “snowflakes”
• No console ports or CLI: blocks are activated with a mobile app
• No configuration for physical / virtual sensors: orchestrated from the cloud
• No configuration for network protocols: dynamic per topology
• No configuration for traffic forwarding rules: dynamic per topology
• No configuration for network QoS: automatic with DPI

Campus Zero Trust Security

Nile Service Block enforces L3-only isolation on hardened hardware for all user and device sessions. By eliminating L2 VLAN based policy enforcement, it radically reduces the amount of complexity that’s involved in translating zero trust security policies within the enterprise campus and branch networks. By speaking the language of the internet – IP – its policy management orchestration directly aligns with cloud based security solutions. 

Here are the unique capabilities of the Nile Service Block when it comes to enabling campus zero trust security for wired and wireless connectivity: 

• Tamper proof hardware with secure boot, always with the latest security patch
• Encrypted management and control plane, each network element validating the other
• ”Default: deny” Every device must be authenticated and authorized, before IP address
• No VLANs or ACLs for policy enforcement, preventing lateral movement of malware
• Each connected device is completely isolated from any other in layer 3
• Sessions are continuously verified with first hop security and device fingerprinting
• Centralized encryption and external firewall enforcement protects north-south flows
• Microsegmentation within device and user groups protects east-west flows

Comprehensive Data Collection

Data is the fuel required to start automating traditional lifecycle management, and it is the secret ingredient that extracts intelligence out of the network. Nile Service Blocks are purpose designed to help convert enterprise networks into a collection of data sets to automate its operations. Nile Service Blocks make it possible to create an integrated data model across all aspects of the enterprise network deployments in the Nile Services Cloud. 

This includes  continuous collection of telemetry data from all types of network elements within the core of the infrastructure, environmental data from external IT infrastructure components, and contextual data from users, devices, applications and associated network services. 

Here are the unique capabilities of the Nile Service Block when it comes to enabling comprehensive data collection: 

• Physical sensors and dedicated AP radio to enable continuous and on-demand testing
• Virtual sensors in every network element to augment continuous testing
• User and IoT experience as ”sensors” to augment data collection
• Deep instrumentation to collect metrics, events and logs from every network element
• Wi-Fi air quality data across every RF link, and across sensors and APs
• Environmental data: power/voltage fluctuations, cabling issues, RF interference
• Latency and availability data for RADIUS, DHCP, DNS network services
• Latency and availability data for popular enterprise and internet applications

Conclusion

Acting as the foundation of the Nile Access Service, Nile Service Blocks make it possible to extend cloud delivery principles to the enterprise edge for wired and wireless network deployments. With a deterministic system design, they make it possible to drive closed loop automation for traditionally manual network operations via the Nile Services Cloud. 

Elimination of traditional policy management constructs with VLANs and static ACLs and its unique capability to integrate L3-only policy enforcement, extends zero trust networking principles to the enterprise campus and branch. This radically simplifies policy provisioning for IT admins utilizing Nile AI applications. 

By avoiding “snowflake” deployments – different network element level configurations, software releases, installation best practices, etc – for wired and wireless networks, it makes it possible to collect “clean” data from the infrastructure and act as the fuel for model- and data-centric AI functions that are an essential part of the Nile Services Cloud. 

With the Nile Service Blocks, we are changing the way we think about enterprise network design, installation, security, and ongoing operations.