Business & Technical Document for Transforming Networking for AI & Cloud Connectivity
1. Introduction
1.1 Executive Summary
Graphiant is an emerging player in the networking industry, recognized for its innovative approach to enterprise network solutions. Graphiant redefines how businesses connect in the cloud & AI era. Headquartered in Silicon Valley, Graphiant leverages cutting-edge technology to address the evolving needs of enterprise networking.
Technology and Innovation
Graphiant’s core offering is its software platform, designed to simplify connectivity, enhance security, and reduce costs for service providers. Built on Software-Defined Networking (SDN) and Network Function Virtualization (NFV) principles, the platform allows for greater flexibility and efficiency in network management.
Key Innovations:
Decoupled Control and Data Plane: This architecture enhances network performance and scalability by separating the control plane from the data plane, allowing for centralized management and distributed data processing closer to the edge.
Zero Trust Security: Integrating Zero Trust principles, Graphiant ensures every connection is authenticated and authorized, significantly reducing the risk of breaches and data leaks.
Cloud-Native Design: Graphiant’s solutions seamlessly integrate with public and private cloud environments, leveraging cloud scalability and flexibility without compromising performance or security.
AI and Automation: The platform uses artificial intelligence and machine learning to automate tasks, optimize performance, and predict issues before they impact operations, reducing downtime and enhancing efficiency.
Services and Solutions
Graphiant offers a range of services tailored to enterprise needs, including:
Edge Networking: Connecting distributed sites, branch offices, and remote locations to the corporate network securely and efficiently, leveraging edge computing to reduce latency and improve user experience.
Cloud Connectivity: Providing seamless connectivity between different cloud providers, facilitating application and data movement across cloud environments, enhancing agility and reducing vendor lock-in.
Network Security: Integrating advanced security features like encryption, firewalling, and intrusion detection/prevention into the network fabric for end-to-end protection.
Network Analytics: Providing deep visibility into network traffic and performance with advanced analytics tools, helping administrators monitor usage patterns, identify bottlenecks, and optimize resources.
Strengths:
Innovative Technology: Graphiant’s advanced technology offers superior performance, security, and scalability.
Experienced Leadership: The company benefits from the expertise of its founder and leadership team, with a proven track record in the networking industry.
Customer-Centric Approach: Emphasizing understanding and addressing customer needs, Graphiant builds strong relationships and trust.
Opportunities:
Partnerships and Collaborations: Strategic partnerships with cloud providers, hardware manufacturers, and system integrators can enhance offerings and reach.
Innovation and R&D: Continued investment in research and development is crucial for staying ahead of competition and addressing emerging challenges.
Graphiant is poised to significantly impact the networking industry with its innovative approach to enterprise networking. By addressing modern business needs with edge-focused, cloud-native solutions, Graphiant is well-positioned to drive the next wave of networking innovation. The company's focus on innovation, customer satisfaction, and strategic growth will be crucial for its long-term success in the competitive networking landscape.
1.2 Purpose of the Partnership
This document defines a joint business and technical framework for Graphiant and [Partner] to deliver a private, programmable connectivity service optimized for cloud and AI workloads. It outlines the target architecture, delivery responsibilities, support model, and an implementable project plan to launch the service and onboard initial customers.
1.3 Business Context
Enterprise networking is being reshaped by distributed compute, multi-cloud adoption, and data sovereignty requirements. Customers expect rapid provisioning, predictable performance, and end-to-end encryption without operational complexity. Graphiant’s stateless core architecture and cloud-delivered control plane enable [Partner] to offer differentiated, SLA-backed connectivity services with faster time-to-market.
1.3.1 The Need for a Universal Next-Generation Platform
With the rapid evolution in AI, business and government organizations must invest heavily in building private AI capabilities. Organizations must train their own large language model (LLM) that does everything AI can do but along with maintaining ownership and control. It is the next major phase of AI growth that is actively in flight that comes with its own challenges especially in network communications and data transfers for these AI workloads.
Business and government datasets are enormous and geographically distributed. Whether training AI models or running local workloads, backhauling all data to only centralized compute locations increases inefficiency. As AI adoption accelerates, access to energy will become the major limiting factor. The graphics processing units (GPUs) for AI consume huge amounts of power and cooling, and even the largest hyperscale data centers will not be able to provide the power and cooling required for the workloads that must be supported.
These factors point to a single conclusion: The future of AI will be distributed.
The networks connecting all the distributed compute are critically important. The current wide-area network (WAN) infrastructures are designed from an older time for older applications. As AI evolves, the advantages of flexible, on-demand private networks will grow.
Inside private AI
Private AI is critical for business expansion. With private AI, you train your models, run your workloads, and build whatever specialized intelligence for your assets and business. You productize that intelligence without worrying about the risks of exposing your organization’s private and valuable datasets to a third party. Organizations worldwide are pursuing this model.
One forecast predicts global GPU market will exceed $65.2 billion in 2024 and reach $274.2 billion by 2029 - a 33% growth rate. Given the distributed nature of private datasets, and the need to spread out the power and space requirements of AI clusters, a distributed architecture for connectivity and network transformation is the only viable solution.
Distributed private AI brings novel networking challenges that organizations will struggle with using older technologies. These include:
High costs and complexity: Organizations hesitate to build their own network. The capital and operational costs of deploying and maintaining that infrastructure are very large. Traditional networks also use fixed lines connectivity with rigid networking and tunnels that must be manually updated for changes. And for businesses looking to use private AI to gain a competitive edge, the long timelines needed to build new networks are unacceptable.
Demanding performance requirements: AI applications have capacity and latency requirements that demand path control and optimization for AI workloads. Yet large distributed data networks encounter occasional problems that disrupt connectivity or degrade performance.
Limited software options: Organizations building private AI are constrained by the available data networking software. Little of what’s out there was designed with AI in mind.
Security concerns: There is always risk of malicious actors sniffing data in transit, but with AI, the amount of data those attackers could access is vast. With exploding demand for quality training data, those private datasets are extremely valuable. Organizations need end-to-end assurance and guarantees along with visibility to guard against leakage and ensure that no outside party ever accesses the data.
A smarter solution for distributed AI
A new architecture for distributed AI Edge Networking that is both environmentally sustainable for reduced power consumption with all the required data assurance and without sacrificing privacy, data sovereignty, or regulatory compliance is the Graphiant architecture.
Graphiant provides a private network to interconnect an organization’s distributed compute. All compute is linked together as a prebuilt, programmable network that uses a committed throughput. It is purpose-built for distributed private AI. It provides flexibility to move data - cloud-to-cloud, cloud-to-non-cloud, cloud-to-edge, in any direction - with visibility, security, and path and policy control. Graphiant provides:
Simplicity and speed: Organizations connect distributed compute and datasets. Graphiant lets organizations implement private AI networks in a fraction of the time it takes to build one.
Data assurance: Graphiant maintains end-to-end encryption, assuring that private data is never exposed outside the domain. This is essential as private AI grows. Given the size and value of AI datasets, any service that decrypts traffic in transit is a prime target for attack.
Improved power efficiency and costs: As Graphiant transports larger AI workloads, it protects the data by removing static pre-existing networks and avoiding more expensive or poorer-performing paths, delivering dynamically deterministic optimal pathing for each workload.
Looking ahead
The biggest advantage for private AI provided by Graphiant is the agility it provides for navigating this incredibly fast-moving space. As AI adoption grows, every organization will experience the same limitations - continually expanding the world’s distributed AI footprint. That means more GPUs, more regional data centers, more tools and applications and datasets hosted in many more locations.
For a technology evolving so rapidly, with so much ongoing experimentation, capital into the network should be delivered as a mission-critical private AI network service.
2. Partnership Overview
2.1 Technical Scope
Managed Service Providers (MSPs) see significant value in replacing their existing MPLS VPN infrastructure with Graphiant's solutions. Many MSPs are interested in deploying Graphiant Stateless Core and Gateway (GW) nodes within their Points of Presence (PoPs).
Backbone Deployment Models
MSPs require a dedicated Sovereign Backbone due to regulatory or security concerns. This network is constructed using PoPs managed by both Graphiant and various MSPs. Any Edge connected to a PoP can establish end-to-end (E2E) data plane connectivity with any other Edge. In this setup, an Edge belonging to one MSP only connects to other Edges within the same Sovereign Backbone, ensuring no connectivity with other Sovereign or Global Backbones.
Implementation Details for a Sovereign Backbone Deployment
Dedicated Independent Cores: For customers needing dedicated cores without data plane connectivity to the Global Backbone.
Global Graphiant Cloud Services: Services are consumed as a service, allowing for segmentation of cores across MSPs.
Core Node Deployment in MSP Infrastructure
MSPs can utilize their existing infrastructure to connect Core nodes in different PoPs through:
Dedicated Circuits: Used similarly to Graphiant's global deployment.
L2 Virtual Circuits: Virtual circuits or VLANs can connect core nodes across PoPs.
Native IP Routing: Core nodes connect to the underlay IP/MPLS network, with IP tunnels established for running Graphiant protocols.
By adopting Graphiant's innovative solutions, service providers operating in regulated markets can enhance their network infrastructure, improve security and scalability, and meet data-sovereignty and regulatory requirements more effectively.
Cloud Deployment Technology
Leveraging cloud style infrastructure, Graphiant deploys micro-services over a service mesh to deliver the control and management for the core network infrastructure.
These services deployed in cloud infrastructure for ease of deployment will be deployed in Azure or Google.
These services include:
IAM & Domain Controller
Domain Services
Container Registry
Kubernetes Engine (GKE)
Anthos Service Mesh
Cloud Functions
Cloud Pub/Sub
Cloud DNS
Cloud CDN
Cloud Armor
Cloud NAT
Cloud KMS
Confidential Computing
Cloud HSM
Security Command Center
Firebase
Apigee
App Engine
Cloud Monitoring
Cloud Logging
In addition to native cloud services offered via Azure, there are relational, time-series and NoSQL databases that are deployed in the VPC environments to provide a comprehensive micros-service containerized application environment.
Core Deployment Technology
The Graphiant Core infrastructure is a very low footprint infrastructure that will be deployed inside [Partner] locations. The diagram illustrated a potential deployment model requiring minimal equipment and is not reflective of the actual end-state inside the [Partner] environments since that will be part of project discovery. This infrastructure deployed on Dell platforms, allows delivery of next generation cloud connectivity and distributed programmable connectivity over a [Partner] network infrastructure and offer SLAs and transformational connectivity.
This deployment will be Graphiant-managed but procured and operated by [Partner] to deliver complete services to end customers. This is a joint responsibility area because Graphiant is the software provider while [Partner] is the procurer and deployment owner of the physical infrastructure and ensuring successful deployment inside their facilities.
In scope of some of these platforms for certifications include:
Config5 | Config6 | |
|---|---|---|
Form Factor | Rack Mount | Rack Mount |
# of Sockets | 2 | 2 |
Processor / Cores | Xeon Platinum 8558 48Cores | Xeon Platinum 8580 2.0GHz, 60C |
Memory | 512 GB (4x128GB) Dual Rank DDR5-5600 RDIMM | 512 GB (4x128GB) Dual Rank DDR5-5600 RDIMM |
NIC Adapter | 2x 2-port 10/25 NIC Adapter with 2x 25GB SFPs | 2x 2-port 10/25 NIC Adapter with 2x 25GB SFPs |
SAN HBA Adapter | 2x 2-port 32GB | 2x 2-port 32GB |
Edge Deployment Technologies
The service is delivered to end-customers directly at the Edge using commercial off the shelf equipment types available from vendors like Dell or HPE.
For illustrative purposes, here are examples of Dell based platforms on which the Graphiant service can be delivered directly to the Edge.
Some qualifying criteria for all possible platforms that Graphiant may certify for [Partner] is that they must include the following:
Intel Denverton as a minimum for Edge
Intel Xeon SP or Intel Xeon D class processor for Core with no generation older than IceLake and preferable Sapphire Rapids
Trusted Platform Model Version 2 (a TPM 2.0 chipset that complies with TPM 2.0 standards applicable to HSMs that must be embedded in hardware)
Certified Intel Network Interface Cards with appropriate SFP+ modules and supported SFP types for 1/10/25/40/100G network interfaces
The different layers of the solution require a defined matrix of roles and responsibilities.
Graphiant will handle architecture, microservice design & deployment, and management while enabling [Partner] to fully run and operate the business and deliver services to end-customers.
2.2 Roles and Responsibilities
RACI Matrix
Legend:
R = Responsible (does the work)
A = Accountable (owns the outcome)
C = Consulted (provides input)
I = Informed (kept updated)
Task | Sub-Task & Description | Graphiant | Partner |
|---|---|---|---|
Architecture & Design | High Level Design (HLD) | R, I | A, C |
Low Level Design (LLD) | R, I | A, C | |
Migration Plan | R, I | A, C | |
OSS Integration Preparedness | R, I | A, C | |
Product Development | Network as a Service | R, A | C, I |
Business Modeling | R, A | C, I | |
Process Flow | R, A | C, I | |
Product Bundling | C, I | R, A | |
Whitelabeling | C, I | R,A | |
Order Processing | New Core Hardware Procurement – Dell | C, I | R, A |
Azure | C, I | R, A | |
Software (GNOS) Procurement | R, A | C, I | |
Enable Hardware in Portal | R, C | A, I | |
Network Connectivity Procurement Core-to-Core | C, I | R, A | |
Gateway | Physical Installation & Onboarding | R, I | A, C |
Gateway Configuration | R, I | A, C | |
Post-Deploy Validation | R, I | A, C | |
Monitoring (Cloud Interconnect) | R, I | A, C | |
Network Monitoring & | Dell Core Nodes | R, C | A, I |
Core Network Capacity & Performance | R, A | C, I | |
Azure | R, A | C, I | |
Azure [Partner] Control Plane | R, A | C, I | |
Core GNOS | R, A | C, I | |
Orchestration | Orchestration of Core | R, A | C, I |
MCMP | C, I | R, A | |
[Partner] CRM | C, I | R, A | |
Lab Build Out | Design & Build Solutions Lab | R, A | C, I |
Support | Break Fix – Levels 1 & 2 | C, I | R, A |
Break Fix – Level 3 | R, A | C, I | |
Hardware Replacement | C, I | R, A | |
Circuit Management, including (but not limited to):
| C, I | R, A | |
Change Management – Configuration & Software | R, C | A, I | |
Ticket System | Integrate Ticketing Systems | R, I | A, C |
Training & | Providing [Partner] Solution Training | R, A | C, I |
OSS | Leverage API for Tool Integration | R, C | A, I |
OSS integration for Monitor & Alerting | R, C | A, I | |
New Product | New feature updates for [Partner] | R, C | A, I |
2.3 Innovation
Graphiant patents are legal safeguards of critical drivers of innovation, differentiation, and market leadership. These protections secure technological advancements and empower companies to redefine connectivity standards and accelerate their impact on global communications. The Graphiant patents in the telecommunications sector are for groundbreaking technologies that underpin next-generation networks. These innovations accelerate telecommunications companies to invest confidently in developing cutting-edge solutions using Graphiant's advanced data transmission techniques. Graphiant's patented technologies allow [Partner] to differentiate services with exclusive features and capabilities. These network innovations enable [Partner] to deliver compelling offerings that resonate deeply with customers and foster brand loyalty by offering net new premium products with specialized connectivity for cloud computing, edge computing and dynamic workload distribution for AI.
Speed is essential — in network deployment and time to market. Graphiant's patents accelerate the innovation cycle by providing differentiated security and scale without immediate competition fears that others may have similar offerings. This pathway to commercialization allows seizing market share and establishing themselves as leaders in emerging technologies and service sectors. Telecommunications continue to shape the digital frontier, and Graphiant's unique innovations drive innovation, protect investments, and secure market dominance.
In this area, Graphiant has several patents reflecting unique innovations in creating new technologies and methods to solving networking challenges around Secure Communications and creating Business to Business Data Exchange capabilities.
2.4.1 Secure Communications Network – US Patent No. 11,750,581 B1
This patent is a significant advancement in networking, offering a more dynamic, efficient, and scalable approach to networking and virtual constructs for AI and Data Assured networks. The method leverages real-time data to optimize network performance, making it highly relevant for modern, data-intensive network environments.
Key Points:
Virtual Network Overlays: The system creates virtual network overlays that dynamically adjust based on data-driven insights. This results in far more efficient use of network resources and better management of network traffic.
Data-Driven Route Resolution: Routes are resolved based on real-time data resulting from data telemetry of traffic in flight, which creates an adaptive and responsive network. This method contrasts with traditional static route configuration, which is inflexible and less efficient.
Scalability: The system scales efficiently, making it suitable for large and complex network environments especially focused on regulatory data, geo-political environments and large-scale location and segmentation protections. It supports a higher number of virtual network overlays and route configurations than classical methods.
Implementation: The system is implemented using existing network infrastructure, reducing extensive new hardware or significant changes to the current network setup. It integrates with current networking protocols and technologies to provide a seamless transition.
Security and Reliability: The patent emphasizes security and reliability in route resolution, ensuring that the network overlays are secure and dependable. The system includes mechanisms for verifying and maintaining secure communications within the network.
System and Method for Instantiation of Stateless Extranets - US Patent No. 11,924,172
The patent describes creating secure, stateless extranets that facilitate communication between different enterprise networks to accelerate business to business commerce and data exchange between disparate systems. The system allows enterprises to establish connections dynamically without maintaining continuous state information, thus enhancing security and efficiency for instantiation of data transfers across boundaries subject to data governance policies while being ephemeral in nature to use on-demand as a service.
Key Points:
Service Definition and Anchor Points: The consumer receives a service definition from the provider over the control plane. This service definition helps in creating a service anchor point based on the service identifier, which acts as a reference for the stateless service.
Network Address Translation (NAT): The consumer sends a NAT IP request to the provider, which responds with a NAT IP associated with the service anchor point. This allows for seamless communication without maintaining session state information.
Stateless Service Instantiation: The primary innovation is the instantiation of a stateless service on the consumer, meaning that the system does not need to retain state information between sessions, thus enhancing security and scalability.
Secure Communication Tunnel: By utilizing NHOP and NAT IP, a secure communication tunnel is established in the data plane, ensuring that data packets are encrypted and securely transmitted between the consumer and provider.
Network Address Translation with In-Band Return Path Resolution - US Patent No. 11,695,690
The patent describes a system for managing network address translation (NAT) that enhances the efficiency and security of a data exchange environment that eliminate IP conflicts and unsecured exchange of internal addressing information for packet routing. The innovation specifically focuses on return path resolution for data packets in a NAT-enabled network environment.
Key Points:
NAT-Enabled Router: The method involves a NAT-enabled router that processes incoming and outgoing data packets. When a forward packet is received, the router records security association data and routing identifiers in a routing table.
Return Path Resolution: For a return packet, the router uses the pre-recorded security association data to determine the correct return path to the destination. This ensures that the return packet follows the same path as the forward packet, maintaining consistency and security in the data flow.
Security Association Data: This data is crucial for identifying the return path and includes information such as encryption keys and routing identifiers. It is recorded when the forward packet is received, ensuring that the return path is uniquely associated with the forward path.
Efficient Routing: By resolving the return path based on pre-recorded data, the system reduces the need for additional routing decisions, enhancing the efficiency of the network. This method minimizes latency and ensures that packets are routed accurately and securely.
Implementation: The system can be implemented in various network environments, including enterprise networks and service provider networks. It supports secure and efficient communication between different network segments.
2.5 Use Cases
Enterprise Networking
Enterprise networks are evolving from core datacenters to include edge locations, branch offices, remote workers, and partner/customer networks. The number of nodes and the speed of connectivity required have significantly increased. Traditional solutions like MPLS and SD-WAN are expensive, slow to provision, and involve complex tunneling. Enterprises need simple, consumable connectivity available as a service. Graphiant addresses this by merging the scale and security of MPLS with the flexibility of SD-WAN and the public internet. Graphiant offers a new architecture tailored for the modern service economy.
Network Edge
Graphiant provides a next-generation solution. Traditional solutions can't support today's digital transformation needs. Graphiant enables simple, quick provisioning, cost-effective, secure connectivity that meets business requirements. With Graphiant, enterprises don't need to build and manage the WAN; they only need to choose the edge device. Options include virtual machines or software on certified hardware, deployable via the Graphiant Portal. This cloud-delivered platform offers comprehensive administration, monitoring, and troubleshooting. The enterprise network connects through the Graphiant Stateless Core, supporting multi-VRF segmentation and seamless LAN integration. All traffic is encrypted edge-to-edge, eliminating the need for tunnels.
Cloud Connectivity
Connecting multi and hybrid-cloud environments is complex, costly, and operationally intensive. Graphiant simplifies this by connecting enterprise locations and cloud workloads to the Stateless Core, reducing costs and speeding up deployment. Existing solutions for multi-cloud, B2B, and IoT networking are either expensive, or lack scalability. Graphiant offers a more affordable and manageable alternative, using high-performance gateways in carrier-neutral facilities for robust cloud interconnectivity. Enterprises can deploy Cloud Edge instances through CSP marketplaces, extending their Graphiant network directly into cloud environments.
Business to Business
The shift towards service-based business models demands modern, efficient B2B connectivity. Traditional MPLS-based extranets are expensive and cumbersome, while public internet extranets lack security. Graphiant's multi-tenant Stateless Core simplifies B2B connectivity using metadata tags to map services programmatically, allowing businesses to publish and subscribe to services easily. Connections are secured end-to-end with high-performance encryption and resilience. Graphiant also supports flexible security configurations, including integration with Secure Services Edge (SSE) providers or traditional enterprise DMZ setups.
Brownfield Deployments
For customers still using traditional IPsec tunnels, Graphiant provides a smooth transition. These tunnels can terminate into a Graphiant gateway, where traffic is tagged and mapped across the Core. This simplifies operations and enhances connectivity and security management.
Graphiant’s innovative approach modernizes enterprise networking, offering scalable, secure, and efficient solutions tailored for today’s digital demands.
3. Technical Overview
Graphiant provides a networking solution which is designed to offer enterprise-grade performance with the agility and cost-efficiency that current SD‑WAN solutions often fail to deliver.
Key Features and Benefits of the Graphiant Network Edge:
Enterprise-Grade Performance:
Combines the reliable performance of MPLS with the flexibility of internet-based services to deliver robust and secure network performance
Agility:
Offers true "as-a-Service" connectivity, allowing network provisioning in minutes instead of weeks or months, significantly enhancing operational efficiency
Provides a unique cloud connectivity option that provides service providers Graphiant Advantages of same day global access to all cloud providers
Multicloud connectivity is a complex process. Current solutions are not conducive to profitable as-a-service commercials: cloud infrastructure, egress fees, etc. Graphiant provides operational simplicity for cloud connectivity to service providers.
Designed to handle the dynamic and distributed nature of modern enterprise networks, connecting data centers, branch offices, remote users, and cloud services seamlessly
Simplified Management:
Provides a user-friendly interface and streamlined management capabilities, reducing the complexity involved in managing large-scale enterprise networks.
Graphiant's service is built on a private network infrastructure, ensuring high security and performance standards. This approach allows enterprises to achieve the reliability and scalability necessary for modern networking demands, all delivered as a service for enhanced flexibility
3.1 Component Definitions
Edge: “Edge” is a holistic term encompassing a device that is the boundary device between the LAN and the WAN. An Edge device includes functionality associated with a Router and a Firewall in current industry terms (post SD-WAN and SASE merging of security and routing functions).
Core: The Graphiant Core infrastructure that delivers stateless delivery of services and enables the marketplace
Portal: Graphiant configuration, monitoring and reporting infrastructure Dashboard; This includes both its user interface and user experience elements. It is found at portal.graphiant.com and provides a single Portal for customers to interact with the service.
Cloud Gateway Service: The Graphiant Gateways are points of interconnection into Cloud, IaaS, SaaS, and other services both on the Internet as well as private networks. Graphiant's Cloud Gateway Service provides high performance private connectivity into public cloud environments with natively connected AWS DirectConnect, Microsoft Azure ExpressRoute, Oracle FastConnect & GCP Dedicated Interconnect. The Cloud Gateway Service allows customers to be able to on-demand bring up complete routed networking from all their locations to any cloud environment using private connections.
3.2 Solution Architecture
Graphiant’s vision is to evolve towards a more advanced Network Service. Graphiant uses SDN principles with specific advancements in areas like encryption and data-plane management.
Graphiant is a newly designed routing stack that adjusts to this new "Internet" based on business needs.
Every time data is encrypted or decrypted, it takes processing power. Each point can now see the unencrypted data while it's being transferred, and additional checks and inspections must happen before the data is encrypted again. Current solutions create control and data plane relationships and add an encryption layer. This approach has significant issues regarding security and scalability.
The Graphiant edge is designed to be “any” x86 platform either in hardware or virtual form factors. These are the types of Edge’s that are available for customers to choose from:
Graphiant Edge Types:
Virtual Edge
Generic Virtual Edge on ESXi, KVM
Cloud Edge on AWS, Azure, GCP
Hardware Edge on certified platforms from known vendors like Dell & HPE
Hardware Edges must be pre-loaded with the Graphiant Edge Operating System and register using certificate’s present in the TPM 2.0 chipset on the device to authenticate with the Graphiant Portal where customer configuration takes place.
Graphiant Network
This process is automatic and transparent from the end user perspective so only traditional LAN and WAN interface routing is configured on the Edge by the customer.
Simple & Granular Policy Controls
Through the Graphiant Portal, all networks associated with the location will be accessible and configurable on the Edge. In modern networks, being able to utilize multiple circuits, sending traffic directly to the Internet and inspect locally via Next Gen Firewall (NGFW), or via 3rd party tunnels to the SSE vendor of choice is available. The Edge will encode metadata label information for the Stateless Core. This allows users to program traffic via the Portal and send it to the Edge. Users decide how QoS is applied, define segment membership, influence path selection, and map B2B traffic. This makes the Graphiant Edge smarter and enables the Stateless Core to focus on packet forwarding. All traffic between Graphiant Edge nodes will be encrypted end-to-end, with no decryption in transit.
Branch Redundancy
Single CPE
Dual Uplink-Tunnel to two different core nodes
Dual CPE
Dual Uplink-Tunnel to two different core nodes; First hop LAN redundancy via VRRP or IGP/BGP
Branch circuit redundancy is achieved using multiple WAN circuits, and Edge redundancy is achieved using multiple Edge devices. In a high availability (HA) scenario, depending on the local site network configuration, the Edge uses VRRP with object tracking for L2 failover, or for L3 sites, uses OSPF or BGP to achieve Equal Cost Multi-Pathing (ECMP) as well as HA. The Graphiant Stateless Core solves for return traffic symmetry, removing a layer of complexity from the end user configuration.
Graphiant provides Deep Packet Inspection (DPI), recognizing thousands of common applications. The Graphiant Portal offers visibility, reporting, and the ability to program application pathing and prioritization across the Stateless Core. Users can define custom applications based on attributes like source/destination IP, DNS, and more via the Portal. The DPI engine will classify traffic using first packet matching for well-known resources.
The Portal
The Graphiant Portal is the platform for users to engage with the Graphiant solution. It enables users to deploy, configure, upgrade, monitor, and troubleshoot their network. The portal also hosts an API gateway, allowing customers to interact with the service programmatically.
Control & Management Plane
The Graphiant Portal maintains constant connection with Edges via a secure tunnel. This connection allows real-time monitoring, troubleshooting, configuration adjustments, and enables use cases provided by Graphiant. The Portal is multi-tenant and runs on micro-services across various multiple regions in the Cloud for guaranteed availability. It is part of the Graphiant service and delivered via the cloud; customers don't need to maintain their own control and management plane.
Control Plane
Legacy solutions tightly couple the encrypt/decrypt boundary with the data plane, encrypting/decrypting traffic at every hop. Graphiant separates this encryption issue from the data plane, while ensuring that:
Graphiant is designed to comply with all major security regulations (SOC2, HIPAA, PCI-DSS, etc.). We ensure that hardware devices approved for our service include Trusted Platform Modules (TPM) or Hardware Security Modules (HSM). For virtual devices, we utilize HSM and TPMs available on platforms like KVM, ESXi 6.5+, AWS NitroTPM, Azure Confidential computing, and more.
Our software never generates keys. Instead, we rely on TPM or HSM and use private/public keypair for setting up primers and symmetric encryption keys. The keystore resides on the device HSM and is under the customer control. Graphiant never accesses the private keys and doesn't use pre-shared keys. Graphiant uses the public key from the TPM or HSM keystore to set up encrypted connections to the Graphiant Service. Diffie-Hellman is used, via the controller, to set up symmetric pairwise keys for data plane traffic between each pair of Edges. Our software never generates keys. The key store resides on the device's TPM or HSM and is under the customer's control. Graphiant never accesses the edges' private keys, and we don't use pre-shared keys.
Once certificates are exchanged and issued to the edge based on the keystore, it then establishes a connection to the Portal. Once this control plane is established, the edge device doesn't need another exchange with the Core network. It relies on the metadata information delivered by Portal. The Portal instructs the Edge on what metadata to use when communicating with the Core.
Encryption
Keys must never be exchanged over the data plane. Instead, we use the public key information on the Edge HSM to generate Diffie Hellman primers, which are exchanged over the control plane to establish an edge-to-edge security association. This is not a conventional "tunnel," but rather a security association that allows for data encryption and decryption between two Edge endpoints. We've decoupled the relationship of tunnel and encryption key exchange.
The payload is encrypted edge-to-edge, with only the Edges able to encrypt and decrypt it. With no edge-to-edge tunnel, there's no need for a full session state or running BFD or IP SLA probes. Compared to an IPsec relationship, our approach is quicker to set up. In a full mesh environment with transport flaps, many tunnels terminated on each edge increases this time exponentially.
Our advantage lies in the absence of end-to-end IPsec tunnels. Edge nodes only establish a data plane connection to the Core. The security association key exchange doesn't require a full session state handshake, taking only a couple of seconds depending on the latency between each Edge and the cloud they're communicating with to exchange the Diffie Hellman primers. Key exchange and rotation have no relationship with the tunnel, and encryption is also decoupled.
From a traffic perspective, when the edge sends traffic, it uses the security association of the destination. However, the next hop is the Core, which has no key pair association, eliminating the encrypt/decrypt event associated with the next hop. When the packet reaches the Core, it merely label switches the packet. Only the destination edge, with the security association, can decrypt the payload. All other transport solutions and architectures include the state is in thier Core. Not so with the Graphiant Stateless Core. Our design strategy focuses on making the Core as lightweight as possible, prioritizing efficiency and performance above all else.
Graphiant’s Stateless Core & Data Plane
Because of Graphiant Stateless Core’s multi-tenant capabilities, it allows for management of connectivity to Graphiant services and provides dedicated bandwidth and high throughput in a stateless environment. As a result, enterprises can connect to the edges.
Our Stateless Core differs from MPLS VPN as it doesn't contain any customer information, routing state, or VRFs. Compared to SD‑WAN, we reduce the number of tunnels and overhead associated with current SDN deployment models. Essentially, the Stateless Core is a pure packet forwarding space.
Metadata Labels for Policy & SLA
Graphiant has developed a new protocol and BGP extensions that propagate additional information beyond currently available address family attributes. For instance, extended segment information regarding application characteristics is handled in the routing protocol itself. The combination of our new protocol and label switching techniques allows for metadata label switching across the Graphiant backbone. This enables us to guarantee SLAs and allows customers to influence the types of connectivity their applications traverse across the Core. Our service aims to simplify operation without requiring specialized skills.
Due to reduced tunnel overhead and removal of customer config, our Stateless Core nodes have a significantly smaller footprint than traditional carrier backbone routers or MPLS P or PE devices. The lower power draw and smaller physical footprint allow rapid deployment (usually contract +60 days) as per customer demand. This ensures the customer edge is never more than 15ms from the nearest Core, reducing intermediate ISP peering points where most transit issues occur.
Data Plane
In enterprise networks, security is paramount. That means traffic must be encrypted end-to-end without being decrypted in transit. Simultaneously, the need for each enterprise edge to maintain legacy IPsec tunnels to all other edges should be eliminated. To achieve both, we developed a new protocol stack. To understand this, let's look at the packet header.
Metadata Based Forwarding
As packets from the LAN enter the Graphiant Edge, we first encrypt the packet and add ESPv3 header based on established security association (SA). The Edge does not build a full IPsec tunnel end to end; separating each is crucial.
The packet is now encrypted but not associated with a tunnel. Next, we add an IPV6 header assigned from our pool, not the customers. After IPV6, we add the Graphiant metadata labels, followed by an Authentication Header (AH) to protect the integrity of the traffic. This allows packets to traverse the public Internet without risk of third-party actors modifying the data or headers in transit.
Scalability of Graphiant Core
By arranging the packet header in this specific way, we ensure traffic is encrypted only once, maintaining edge-to-edge encryption. This method prevents tunnel sprawl and enables us to transmit customer data without revealing their IP information. In essence, our unique use of ESP, IPV6, and AH ensures that customer information, including their internal IP addressing, is never exposed.
From a forwarding perspective, when packets traverse our Stateless Core, there is no need for fragmentation or reassembly, enabling customers to benefit from the associated performance gain. If the last mile supports a 1,500-byte MTU size, we can maintain this (minus the Graphiant overhead) end to end. If the last mile supports a larger MTU size, the Graphiant Stateless Core can support that as well without the need for fragmentation.
There will be a pre-determined limit on frame size from the edge to the Core. This won't change in transit as the edge is only a hop away from the Core. Our header stack, including padding, will take no more than 92 bytes of overhead for a guaranteed transmission size of 1408 bytes, end to end. One major issue we're addressing with this approach is the intermittent fluctuation of frame size at intermediate points across the public internet. With our service, this probability is significantly reduced, limited only to the last mile segment where it's extremely unlikely to occur. We know that the only overhead introduced will be our predictable packet header size. Our Core-to-Core connections are private, which allows us to ensure that what's set by your provider remains constant from edge to edge. Our guiding principle is simple: by reducing the number of hops with indeterminate behavior, we can provide our customers with better and more predictable performance over time.
Step 1: Edge to Core
Once traffic reaches the stateless Core, it removes the authentication header providing integrity protection. The Graphiant Core can’t decrypt the packets since only the customer’s edge has the pairwise encryption keys. Most importantly, the authentications headers ensure our metadata labels can’t been tampered with in the last mile. The Core then examines the metadata stack and determines how and where to route the traffic, selecting the path that meets the SLA specified in the packet header's metadata label.
Segmentation
Segment information is encoded in the IPv6 Header, assuring that enterprise traffic remains separate unless all parties agree to share specific services and Graphiant authorizes this relationship. This offers the highest level of data protection and privacy for customers while giving them the flexibility to share what they need, when needed, to meet business demands.
Step 2: Ingress Core to Egress Core
Once the packet arrives at the Core node servicing the destination edge, it adds an integrity protection header before forwarding to the final edge. The edge can then determine the source, understand the header information, and use its private pairwise encryption key to open the payload.
Step 3: Egress Core to Edge
Graphiant uses a combination of IPv6, MPLS, VPN, and SD-WAN capabilities in unique and innovative ways . By decoupling, we achieve peak efficiency from SDN. State abstraction means that the Core doesn’t need to carry customer state information in the data plane. We can split up state and abstract control plane and data plane. We are applying a scalable microservices control plane, provider and SDN models in our design. These proven techniques allowed us to evolve and provide a service that is a more secure and efficient way to accomplish private connectivity. In addition, our customers have dedicated bandwidth allocation and are not subject to the constant performance fluctuations of the internet.
Gateway Services
The Gateway (GW) in the Graphiant architecture serves as an intelligent onboarding point for external resources and services into the Graphiant domain. It's a core element that functions as an extension of the edge, offering external services to all customers. Interaction with the Gateway is facilitated via the Portal, simplifying configuration and management by abstracting complexity.
Gateway Services include:
Internet Services (e.g., SaaS)
SASE service providers (e.g., Zscaler, Netskope, etc.)
Cloud Connectivity (public and private, Azure express route, AWS direct connects, etc.)
NNI interconnects with 3rd party service providers (e.g., Verizon, ATT, etc.)
3rd Party IPsec Tunnels to partner networks not yet connected or published to the Graphiant backbone
Graphiant Gateways can be thought of as a Graphiant hosted multi-tenant Edge. Many of the functions of the GW are common with the Edge, including but not limited to:
Control/management Plane
SLA-based routing and QoS
Edge Redundancy/HA
Service Side routing (BGP)
Control/Traffic/FW Policies
Some aspects of the GW are different than what is delivered on the customer Edge. Some examples include segmentation, multi-tenancy, split horizon to avoid inter-enterprise and transit traffic, NAT on the Edge to a globally unique address before sending traffic to GW, SLA negotiation between the service provider and enterprise consumer, etc. Graphiant gateways are typically deployed next to the Stateless Core nodes in the same POP. However, there are some use cases where the GW might be deployed in a partner location and connect to the Core via internet tunnels or private connectivity. As an integral part of the Graphiant service, Gateways allow enterprises to eliminate the need to architect, design, build, provision and deploy (or procure) advanced connectivity use cases. Including the gateway as part of our Service provides tremendous value and flexibility in the way customers can migrate to and consume the Graphiant Service subscription.
3.3 [Partner] Graphiant Architecture
([Partner]) will use the Graphiant solution to offer private connectivity services to Cloud Service Providers, including Google (GCP), Oracle (OCI), and Alibaba. Graphiant can also enable additional services, such as a Business-to-Business Extranet, Data Assurance/Monitoring, etc.
[Partner] has an existing L2/L3 MPLS VPN infrastructure composed of Aggregation/PE Routers.
[Partner] will use a common/shared “Super VRF” to provide private IP connectivity between the Edges, Cores, Gateways, and the GCS services in the Azure cloud. This VRF is shared across multiple customers.
For premium customers, a dedicated VRF will be instantiated for specific customers. This dedicated VRF is not shared with other customers.
The network provides Ethernet handoff to the CPEs from the aggregation routers based on OTN/UPE. Two major Data Centers/Landing Zones exist. Four cloud providers are Amazon (AWS), Google (GCP), Oracle (OCI), and Microsoft (Azure).
Placement of Graphiant Components
Graphiant Edges at the customer locations will be connected to aggregation routers via Ethernet.
Graphiant Gateways will be deployed alongside the aggregation routers where we have Cloud interconnects.
Graphiant Cloud Services (GCS) will be deployed in Azure.
Graphiant Cloud Services (GCS) Deployment in Azure
Leveraging cloud-style infrastructure, Graphiant deploys micro-services over a service mesh to deliver the control and management for the core network infrastructure.
These Graphiant Cloud Services (GCS) services will be deployed in Azure.
Some of the cloud services include:
IAM & Domain Controller
Domain Services
Container Registry
Kubernetes Engine (GKE)
Anthos Service Mesh
Cloud Functions
Cloud Pub/Sub
Cloud DNS
Cloud CDN
Cloud Armor
Cloud KMS
Confidential Computing
Cloud HSM
Security Command Center
Firebase
Apigee
App Engine
Cloud Monitoring
Cloud Logging
In addition to native cloud services offered via Azure relational, time-series, and NoSQL databases are deployed in the VPC environments to provide a comprehensive microservice containerized application environment.
Graphiant will build and manage this environment for [Partner] as part of the project.
GCS Deployment in Dedicated VRF Use Case
For premium customers, [Partner] will instantiate a new dedicated VRF for the customer. The selective routes of GCS/Core nodes will be leaked between the Super VRF and customer VRF.
Core Node Connections via L2 VLAN Service
The core nodes will have point-to-point VLAN connections between them as shown below.
Logical topology of the backbone is shown below.
IP Reachability between the Edges, Core, Gateway and GCS
Different components will be assigned private IP addresses and placed in the Super VRF. This will provide IP connectivity between different components.
Edge Connection into Aggregation Routers
[Partner] will provide one (or two) VLAN’s to connect the Edge to the aggregation routers. The first VLAN will be used for Graphiant data and control and management plane.
The second VLAN may be used for OOB access so that network operators can manage the Edge using Graphiant Local Web Server (LWS). This will be used in case the Edge loses the connection to the GCS.
Each aggregation router will police the aggregate traffic into the Super VRF in the backbone (40G).
Each of the VLANs will have a dedicated bandwidth of 1G. The customer can assign the bandwidth on-demand from 100-500Mbps, which will be provided through a shaper/policer on the Edge/Core nodes.
IP address will be assigned to the Edge by a DHCP server in the Cloud, via DHCP Helper address on the aggregation router.
Dedicated BW of 1G on vLAN X, user configurable from 100-500M on Graphiant Edge (shaper + policer) vLAN X
Gateway Cloud Connectivity
A VM Gateway (GW) is spun up and the configuration is achieved via the portal based on customer request.
[Partner] will be responsible for establishing connectivity between [Partner] router and Customer VPC and providing the Graphiant gateway with a VLAN. We can either run BGP or static to exchange routes with the [Partner] cloud router.
GCS Services and Integration with OSS/BSS
The GCS portal/API gateway is the primary method of interacting with Graphiant devices, including Edges, Core, and Gateways. The portal allows for complete life-cycle management of Graphiant components.
The API Gateway supports API calls to automate and integrate with 3rd party systems. The [Partner] systems (OSS/BSS) do not need to interact with the devices directly. These systems will communicate with the API Gateway to manage the solution.
Additional Services in the Cloud
The devices need a few services to operate, including DNS and NTP services. These will be deployed in Azure, and the LLD will provide the details.
4. Support and Lifecycle Management
Graphiant provides a complete service offering as part of the solution provided to [Partner]. As part of the service transaction, Graphiant provides solution support for the technology stack and Level 3 support for the technology requiring no additional licensing. The RACI model in section 2.2 further illustrates the ownership of Level one and Level 2 support with [Partner] and Graphiant providing Level 3 support. Definitions of support are provided as follows.
4.1 Level One Support Summary
Level One is first-line support, responsible for simple customer issues that require a broad knowledge of the Graphiant technology. Level One support specialists can identify customer requests/needs and provide tips on how to manage the problem.
Answers/solutions provided by partner Level One support are generally available via Graphiant’s Documentation, FAQs, and step-by-step product guides in the Partner Portal.
Typical tasks handled by Level One support specialists include:
Explaining tenant user and password policies/issues
Requesting Graphiant support to add and delete users
Explaining navigation around the Graphiant admin console
Reviewing customer-reported documentation errors
Initial incident classification and appropriate resolver group routing
Managing the customer in supported local language
Classifying and documenting reported issues that require escalation to [Partner’s Level Two support
4.2 Level Two Support Summary
Level Two is responsible for assisting Level One support by performing the next level of investigation of technical issues and finding solutions related to more complex issues. Level Two support can help end customers find workarounds by adjusting policies to resolve basic security issues such as blocking or unblocking access to Web sites.
Typical tasks handled by Level Two support specialists include:
Resolving website rendering issues
Performing basic log analysis with the admin console
Recommending workarounds that allow end customers to continue business operations.
Assisting end customers with basic security policy adjustments based on business requirements.
Triaging end customers reported problems, categorizing them and escalating issues to the Graphiant support team when appropriate.
4.3 Level Three Support Summary
Level Three is responsible for assisting Level Two support by performing the next level of investigation of technical issues and finding solutions related to these more complex issues.
Level Three support can support [Partner] Level Two resolve complex software and configuration issues. Optionally Level Three support may join end customer crisis calls where appropriate.
Provide configuration/policy/design recommendation and assistance in End Customer deployment.
Assist engineering and operations teams to investigate and resolve complex software or operations issues.
Perform patch qualification related tasks such as bug fix verification. Perform in-depth analysis of log data, network packet traces, internal logs.
Communication may be conducted in US English as required.
5. Project Management
5.1 Project Management Methodology
Aligned with [Partner] best practices, Graphiant adopts a proven project management methodology tailored to meet [Partner] standards and deliver this transformational project. Graphiant provides a framework for managing end-to-end activities, resources, and stakeholders, with focus on [Partner], along the stages of the project. Graphiant continuously optimizes by deploying highly qualified project management professionals, design architects and subject-matter-experts (SMEs) with strong backgrounds in data networks experienced in designing and building networks drawing on expertise from Cisco, Juniper, AT&T, Verizon, Meta, Google and Amazon Web Services to cater for [Partner] and the complex nature of the project.
5.2 Project Management Lifecycle
To achieve project management excellence, Graphiant optimizes the project management process to best align with practices observed by [Partner] and its internal project lifecycle stages.
5.2.1 Initiation
Before project launch, to guarantee a successful delivery, Graphiant Project Manager will lead and conduct analysis for all project aspects, through which a thorough feasibility study is performed to evaluate problems and challenges and assess how the project will achieve the desired outcomes.
Throughout this stage, Graphiant Project Manager will closely engage with [Partner] to define and align on the project scope, goals, key stakeholders, constraints, risks, and detail the project team structure as well as the overall project governance.
5.2.2 Planning
At this stage, Graphiant Project Manager will develop a comprehensive project plan that covers project milestones and deliverables, activities, dependencies, risks, and issues along with the associated contingency and mitigation plans, in addition to the required resources and skillsets and the associated timeline and budget.
Following best practices, Graphiant Project Manager will continuously revisit the project plan and introduce adjustments in line with the project progress and updates.
5.2.3 Execution & Control
At this stage, we carefully put the tasks and activities defined in the project plan into action to produce the project deliverables. The Graphiant Project Manager working in conjunction with the lead Network Architects, Site Reliability Engineers (SRE), Quality Assurance (QA) from Graphiant and the equivalent resources from the [Partner] team will ensure implementation of the project plan and conduct checks throughout the project implementation, as well as reviews each output in this stage to ensure adherence to our quality standards.
5.2.4 Closure
At this stage, we confirm completion and delivery of the entire project scope and deliverables, focusing on:
Informing all stakeholders about project completion
Assessing project outcomes and team performance and documenting lessons learned
Developing and communicating project closure report with the stakeholders
Transferring the project to the [Partner] operation team and providing required training and support
Administratively closing the project
5.3 Project Delivery Excellence
Graphiant will align project delivery to the excellence expectations from [Partner] based on nine key global best practices that are embedded in [Partner] project management methodology across the project lifecycle, to achieve optimal and quality project delivery. These best practices are captured in the below diagram and detailed in the subsequent sections.
Clear Scope
Graphiant has dedicated Project Manager for [Partner] that work on defining and managing clear project scope in alignment with our customers to ensure mutual understanding on the project objectives and deliverables.
Engaged Stakeholders
Graphiant keeps [Partner] engaged at every point throughout the project by maintaining active communication channels and having consistent project progress reporting.
Delivery Enabling Plans
Graphiant ensures integrated planning and scheduling when developing the holistic project plan and schedule, and closely track progress and resources across the different project work streams.
High Performing Teams
Graphiant ensures that every project is equipped with the right set of skills and capabilities to boost team performance and ensure timely and quality delivery.
Managed Risks
Graphiant ensures proactively capturing and defining all project risks and developing the corresponding mitigation and contingency plans to ensure effective risk management.
Resolved Escalations
Graphiant maintains active communication channels with [Partner] which they can communicate matters that require prompt attention and immediate actions.
Integrated Suppliers
Graphiant has an integrated network of suppliers and partners to serve the different requirements and needs of [Partner] and work together under Graphiant supervision to ensure proper delivery of project scope and objectives
6. Project Implementation Plan
This section expands the high-level design and activation approach into a practical delivery plan. The baseline schedule assumes a 12-week Service Design phase followed by a 14-week Service Activation phase. The exact timeline is finalized during Phase 0 based on [Partner] readiness, procurement lead times, and integration complexity.
6.1 Implementation Approach and Phases
Delivery is organized into four phases with formal exit gates. Each gate includes defined deliverables, acceptance criteria, and joint sign-off by Graphiant and [Partner].
Phase | Duration (baseline) | Primary Outcomes | Key Deliverables | Exit Gate |
|---|---|---|---|---|
0. Initiation & mobilization | Weeks 0-2 | Governance, access, discovery | Project charter; Governance & cadence; Validated RACI; Environment/access checklist; Initial RAID log | Gate 0: Kickoff complete |
1. Service design | Weeks 1-12 | Target architecture and operating model | Requirements workshops; HLD/LLD; Security/compliance reviews; Validated designs and acceptance criteria design; OSS/BSS integration design; Lab plan & PoV test plan; BOM & procurement plan | Gate 1: Design sign-off |
2. Build & integrate | Weeks 13-20 | Environments and infrastructure ready | Cloud services environment; Core PoP build; Gateway integrations; Monitoring/alerting; Ticketing integration; Staging validation | Gate 2: Build complete |
3. Pilot & launch | Weeks 21-26 | Operational readiness and first customers | Pilot onboarding; Runbooks finalized; Training; Operational readiness review; Go-live checklist; Handover | Gate 3: Service launch |
6.2 Workstreams and Deliverables
The program is delivered through the workstreams below. Each workstream produces tangible outputs that feed the exit gates.
Workstream | Scope | Primary Deliverables | Owner (R/A) | Dependencies / Notes |
|---|---|---|---|---|
Governance & PMO | Program management, cadence, reporting | Integrated plan; RAID log; Status reporting; Change control; Stakeholder comms | Graphiant PM (R), [Partner] PM (A) | Requires named stakeholders and escalation path |
Architecture & Design | End-to-end service design | Requirements; HLD; LLD; Security design; Addressing/VRF design; Routing/BGP plan | Graphiant Arch (R), [Partner] Network (A) | Access to existing network diagrams and standards |
Cloud Services (GCS) | Control/management plane deployment | Cloud landing zone; Kubernetes/service mesh; IAM; | Graphiant SRE (R), [Partner] Cloud (A) | Cloud account readiness; Network |
Core & PoP Build | Deploy stateless core nodes in PoPs | BOM; Rack/stack; Underlay circuits/VLANs; Core bring-up; Capacity plan | [Partner] DC Ops (R), Graphiant (C) | Hardware lead times; Cross-connects/circuits |
Gateway & Cloud On-Ramps | Connect to cloud providers / SaaS / SSE | Gateway instances; BGP/static peering; Cloud provider interconnect configuration; Testing | Graphiant (R), [Partner] Cloud Connectivity (A) | Cloud provider ordering lead times |
OSS/BSS & Tooling | Integration with [Partner] systems | API integration spec; CRM/ordering; Ticketing integration; Monitoring/alerting integration | [Partner] IT/OSS (R), Graphiant (C) | Access to APIs; Security reviews |
Lab & PoV | Virtual lab build and validation | Lab topology; Test plan; Test reports; Issue list and remediation plan | Graphiant (R), [Partner] Engineering (A) | ESXi/KVM resources; Test traffic tools |
Operations Readiness | Support model and runbooks | Runbooks; L1/L2/L3 process; Escalation; Spare/MA; Patching and upgrades; ORR | [Partner] Ops (R), Graphiant Support (A) | Aligned SLAs; Tooling access; Training completion |
6.3 Milestones and Timeline (baseline)
The milestones below provide a baseline view. Week numbers are indicative; the detailed integrated schedule is maintained by the joint PMO.
Milestone | Target week | Definition of done | Owner | Sign-off |
|---|---|---|---|---|
Kickoff complete | Wk 1 | Project charter approved; Roles confirmed; Access and tooling requests submitted | Graphiant & [Partner] PMO | Joint |
Requirements baseline | Wk 3 | Workshops completed; Requirements and assumptions documented | Graphiant Architecture | [Partner] Network/Cloud |
HLD sign-off | Wk 6 | HLD reviewed; Architecture decisions captured; Risks logged | Graphiant Architecture | Joint |
LLD sign-off | Wk 10 | LLD complete (PoP, VRF, routing, security, ops); BOM finalized | Graphiant & [Partner] SMEs | Joint |
Lab/PoV complete | Wk 12 | PoV tests executed; Success criteria met; Defects triaged | Graphiant QA | [Partner] Engineering |
Cloud services ready | Wk 15 | GCS environment deployed; Logging/monitoring baseline; Security controls in place | Graphiant SRE | [Partner] Cloud |
Core PoPs online | Wk 16 | Initial core nodes live in target PoPs; Underlay connectivity validated | [Partner] DC Ops | Graphiant (C) |
OSS/BSS integration ready | Wk 18 | Ordering, ticketing, and monitoring integrations tested end-to-end | [Partner] OSS/IT | Graphiant (C) |
Operational readiness review (ORR) | Wk 24 | Runbooks approved; Training complete; Support model validated; Go-live checklist green | [Partner] Ops | Graphiant Support |
Service launch / first customer onboarded | Wk 26 | Pilot customer live; SLA reporting enabled; Handover complete | [Partner] Business + Ops | Joint |
6.4 Governance, cadence, and reporting
A joint delivery team with clear decision rights and an escalation path is essential. The cadence below is the default and can be tuned during mobilization.
Forum | Cadence | Attendees | Outputs |
|---|---|---|---|
Steering committee | Bi-weekly | Executive sponsor(s), PMO leads, architecture lead | Decisions, escalations, and program health |
Program status | Weekly | Graphiant PM + [Partner] PM + workstream leads | Status report, risks/issues, action items |
Technical design review | Weekly (during design) | Graphiant architecture/engineering + [Partner] network/cloud/security | Design decisions, open items, approvals |
Integration working session | 2x weekly (during build) | OSS/BSS, SRE, monitoring, ticketing teams | Integration progress, defect triage |
Operations readiness review | As needed; at least 2 sessions pre-launch | Support leaders, SRE, NOC, Graphiant support | Runbook review, training completion, go-live readiness |
Change advisory | Per [Partner] CAB | Change managers, implementation teams | Planned changes, maintenance windows |
6.5 Acceptance criteria and exit gates
Each phase ends with a formal review. The criteria below are typical and can be expanded for partner-specific requirements.
Design sign-off: HLD/LLD approved; security/compliance controls defined; BOM and PoP plan finalized; integration specifications agreed.
Build complete: Cloud services deployed; core nodes reachable; monitoring and logging validated; baseline connectivity tests passed.
Pilot ready: Runbooks and escalation paths validated; L1/L2 training complete; ticketing integration functional; pilot customer onboarding plan approved.
Launch: First customer live; SLA reporting enabled; operational KPIs agreed; handover completed and acceptance documented.
6.6 RAID log template
The joint PMO should maintain a living RAID log. The table below can be copied into the program tracker.
ID | Type | Description | Impact | Owner | Mitigation / action | Status / due date |
|---|---|---|---|---|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
The core components of the program plan are split into a design and activation phase.
The service design is about ensuring that Graphiant align and integrate with existing [Partner] policy and processes, working across the network design and integration, service development and service operations. This will be a 12-week sprint which provides the following deliverables:
Program Plan
Core and Edge Design (HLD/LLD)
Operating Model
Support Model
Service Description
Release Plan
The service activation phase enables the transitioning of the service planning into operations and formally launching the service. This will cover activities such as sales training and enablement, service operations and integration, physical implementation and into-production handover.
It is estimated that this will take a further 14 weeks to launch and onboard customers. The service activation plan will be developed in more detail after the service design phase is complete.
The proposed program plan is depicted below:
7. MSP Pilot Test Plans
Click here for detailed MSP Pilot test plans.
Tables for Your Convenience Throughout the Process
Document Control History:
VER | AUTHORS | ROLE | DATE | DESCRIPTION |
Review:
VER | AUTHORS | ROLE | DATE | DESCRIPTION |
Contact Information:
NAME | DESIGNATION | MOBILE | |