Episode 5: FortiCloud

Ben Wilson and Philip Keeley discuss the key features of FortiCloud, our cloud-based management platform for FortiGate and FortiAP.

Transcript

Download the Transcript PDF

EPISODE 5 – FORTICLOUD
Dated: January 5th, 2017
Host: Victoria Martin
Participant (P1): Ben Wilson
Participant (P2): Philip Keeley

Host: This is FortiCast, the podcast about Fortinet technology. I’m your host, Victoria Martin.

Welcome to FortiCast. Today’s episode is about FortiCloud, our cloud-based
management platform. But before that discussion starts, there is some podcast news.

FortiCast’s schedule is going to change to two episodes a month, starting right away, so keep an eye out for more episodes coming soon!

Now, on to today’s topic, FortiCloud. You can use FortiCloud to store and view logs from FortiGate, to manage FortiAPs, and to send files for sandbox inspection. The
latest version of FortiCloud, 3.1, was released at the beginning of December.

With us today to talk about FortiCloud are Ben Wilson, FortiCloud’s product
manager, and Philip Keeley, FortiCloud’s product marketing manager.

Just a quick note, this discussion was recorded just before FortiCloud 3.1’s release.

P1: Hi, and welcome to this episode of FortiCast. Today, we’re going to be talking about FortiCloud. My name’s Ben Wilson and I’m the product manager for FortiCloud.

P2: And I’m Philip Keeley, and I’m the product marketing manager for FortiCloud.

P1: So let’s start by talking about what FortiCloud actually is. Phil, you’re the marketing dude, why don’t you start with that.

P2: Excellent, well I’ve been here all of about four weeks, so I’ll rely on Ben to correct any mistakes that I come up with, but my understanding of FortiCloud is it’s a conglomeration of a number of services under a single heading.

The concept of ‘cloud’ is a variable one. People talk about cloud all the time and they mean different things by it. So, often, cloud is just a management interface to a piece of hardware that exists onsite, and that’s certainly the case, uh, in parts of FortiCloud.

Equally, there are occasions where the cloud replaces hardware onsite. And there are parts of that within FortiCloud as well.

So if we start off with the simple part of FortiCloud, or perhaps where FortiCloud
started, initially it was a logging and analysis engine for the FortiGate firewall
services. I believe it started as something called FAMS, is that right?

P1: Yep, that’s right. That’s what I was told. Obviously, that was, uh—I was just a young boy then myself, back in 2007. I don’t recall that personally, but I’m told that’s the history of it, yeah.

P2: So, we’ve been in the cloud since 2007. That’s quite a long time isn’t it. We should know what we’re doing by now.

P1: Absolutely. In the act—In actual fact, that’s an interesting point because a lot of competitors out there often—and I’m thinking of one in particular who shall remain nameless—who always say, “Well, we’ve been in the cloud for a long time because we’ve been there since 2008”.

Well, I’m sorry to burst a bubble on your party but we were there first, in 2007, for this particular type of network management service.

P2: So this original FAMS solution has now been massively developed into what we now know as FortiCloud. And that’s to say there are a number of elements to FortiCloud. It also then managed some FortiAPs, and that’s exactly still the case today.

The three tier is not going away. It is exactly as it was, in providing the ability to zero-touch deploy access points, simplify the management of those access points and the deployment of those access points, and provide reporting and information on those devices. By default, you get seven days of information. I think that’s changed in the more recent past, hasn’t it Ben, it’s—

P1: Yeah, absolutely, absolutely. So, what we used to do was—I mean if we think of it in three separate entities like this, if we think about it as services for the FortiGate, and then we can think of it as services for FortiAP—in the recent past, with the FortiGates, it used to be that you got a gigabit [sic] of storage free inside a FortiCloud, and the logs were stored as long you kept within that limit.
Now, what we looked at was the fact that customers don’t generally think about log storage in terms of size. They tend to think, “I want to keep my logs for x period of time”. So, six months, a year, whatever that may be.

So, instead of having the three tier based on size, and instead of having the device contracts based on size, because the device contract was 200 Gig, no matter what size of FortiGate that you had, we decided to move to a time model.

We also decided to scale it with the size of the device. So for example, the old system used to be a 200 gigabyte storage skew, and that was, I think, $300 list price for no matter what size FortiGate you had. Now, if you had one of the smaller FortiGate units, you know, like a 30 or a 60, $300 represented a large proportion of the list price of that device, whereas if you had a 900, for example, it represented quite a small percentage of that.

So, what we did was we moved from a size-based storage to a time-based storage. So now you get one year unlimited log storage and analysis, and anything above a 60 and above is 20% of the list price of the device. Now that’s important because it scales up, because the larger the device, the more logs it’s going to store. With a 60 and below, the US list price on that is about $120. So it means that we’ve really addressed the relevance to the size of unit that you have, so that the service scales, and that really is a lot about what cloud is about, is about making it simple and scalable.

P2: Well, that’s—I mean that’s excellent news. I don’t know for sure the competition even give you the option of storing a full year of logs online; that’s quite a lot of data to be handling.

We’ve obviously got the experience and the data centers to cope with that.

P1: Absolutely. That’s for sure. I mean, if we take some headline figures around FortiCloud which people may not be familiar with, we manage over 200,000 devices globally on FortiCloud. That’s a lot of devices to manage. We handle upwards of 4.7 million+ file submissions a day to the FortiCloud Sandbox. And we manage many thousands of FortiAPs worldwide as well.

So, we’re not talking about a small operation. We’re not talking about a immature [sic] operation. We’re talking about something people are using everyday to provide and add services on to their FortiGates, to manage their FortiAPs, and to submit files to FortiCloud Sandbox as well.

P2: So, I mean that’s interesting because there’s more to FortiCloud than just the—the management and the log analysis, isn’t there? There are more services coming online on FortiSandbox as well as services that’s been migrated into the cloud, where there is no hardware at all onsite other than the FortiGate itself. All of the requirement for processing power is dealt with in the cloud. And again, I think there’s a free part of that as well; you get 100 files a day, is it?

P1: Yeah, that’s right. In 5.4, if you’re running 5.4 on your FortiGate, you get up to 100 file submissions free of charge into the FortiCloud Sandbox. And then you can buy a year’s premium Sandbox access if you like, where it scales up to, I believe it’s 144,000 file submissions a day for some of the larger units. And that is a really, really, really popular service that goes on. And like you say, interesting that that is where the application is in the cloud, whereas with the log analysis and the management of the FortiAPs—that’s more to do with managing the hardware that’s onsite itself.

P2: Yeah, so in that scenario, you still have to have decent hardware onsite, you’re not replacing the security of the device onsite, you’re replacing the configuration, er, management of that device onsite.

P1: Yeah, absolutely. And it’s important to say that actually in FortiCloud 3.0, which is the production version which is running right now, we have got FortiGate management in beta on that, and in actual fact in 3.1 which is due to come out late in 2016, then we should have even more development on that side. For example, a feature that I’m testing in the beta at the moment is the ability to import a config from a, uh, from a FortiGate.

These are things that we’re working on all of the time to improve, to make more relevant to what customers want to use.

P2: Of course, this doesn’t remove any of the capability to locally manage and configure your FortiGate onsite if that’s what you need to do.

P1: Oh, absolutely not. No, I mean, it’s probably essential that we think and talk about what drives people to FortiCloud. In fact, it’s been one of the driving factors for cloud across the industry is elasticity, sim—and simplicity.

It’s the simplicity of deployment with zero touch; simplicity of management; simplicity of user experience. So, the FortiCloud GUI is built from the ground up to make workflows as simple and as intuitive as humanly possible.

So if you take, for example, the FortiAP management, there’s a step-by-step walkthrough. It’s very easy to configure the security services if you have a S-series [sic] FortiAP—it’s very simple all the way through that entire process. In fact, in 3.1 we have some new features coming in because we have FortiAP FortiCloud management licenses. So that means that you’ll get an extra tier of log storage, but you will also get an extra tier of functionality based on the FortiAPs that you’re managing from FortiCloud.

P2: So that would include the licenses to other Fortinet services, yeah?

P1: What that includes is, with the S-series, it will include your FortiGuard subscription to keep those services, for example the antivirus, the application control, all of those things, keeps all of those up-to-date on the S-series, but it also gives you access to new features that we’re developing. So, for example, for the S-series we’ve got Bonjour Relay, which is the ability to proxy advertisements between VLANs for Bonjour devices.

P2: So, Apple TVs, printers, those sort of things, yeah?

P1: Yeah, exactly. It’s something that we’ve seen have quite an effect in the marketplace. For example, it makes it very easy to make an Apple TV in a meeting room available to both employees and guests that turn up.

P2: Right. There’s normally considerable isolation between those two networks, whereas the Bonjour Relay will allow you to copy those advertisements between networks. So, I mean, that is quite a critical feature in—in modern offices.

P1: Yeah, absolutely. To do it without that involves some quite in-depth multicast DNS routing, or ‘routing’ if you’re, uh, from that side of the pond, and it can be quite difficult to deploy. With this, it’s very, very easy. You simply turn it on, say what advertisement you want to go from the VLAN to the VLAN and, boom, you’re done. Deploy it and it’s done. And that’s part of something that is going to be in the (inaudible, 11:11).

On the normal FortiAPs, and let’s make it clear that you can actually manage any FortiAP from FortiCloud, you also have some other advanced features like, for example, data rate selection. You have dynamic VLAN, which is where if you have a RADIUS client, it comes along with a RADIUS class attribute and you can automatically assign it to a VLAN dependent on the type of authentication group that it’s a member of.

P2: That’s a critical point is that these APs that we’re deploying are still very much part of the Fortinet Security Fabric.

P1: So, you know, we’re talking about FortiGate log analysis and storage. Okay, so we’re having the ability to do the FortiViews [sic], we’re having the ability to do the drilldowns, and analyze the logs that you’ve stored inside FortiCloud. Also, for the FortiGate, we have the management beta, or management ‘beta’, going on. For the FortiAP, we’ve got the config management. We’ve got the new FortiCloud Enterprise licenses, which will become valid in 3.1. And we’ve also got FortiSandbox happening in FortiCloud as well.

Now, you imagine we are not stopping there. We’re planning to add more services. We’re planning to add more management capability. And keep developing this onwards. So, it’s going to become the go-to cloud network management system.

Host: I hope you’re enjoying the discussion so far. As always, there’s even more information about FortiCloud available in our show notes, which you can find at forticast.fortinet.com.

As per our new schedule, the next episode will be out in two weeks. That episode is about testing hardware. Here’s a sneak peek:

Sneak peek: Are you comfortable with these questions?

Well, let’s see. What have we got up here? Yes, testing. Testing questions.

So, why test, after all we have the data sheet?

Mhm.

Who tests? What are the common tests for our customers? Uh, what are the solutions today? Where does our own tester fit in? And then a little look at our—the test that we have, what it does, its capability, and some of the numbers.

Yeah, all very good questions—big questions. Um, why test, as you say, after all we have the data sheet, and everyone believes data sheets, don’t they?

Host: And now, back to our FortiCloud discussion.

P2: So do—the FortiMail is also in the cloud and that can use the FortiSandbox in the cloud?

P1: Yeah. FortiMail devices, FortiMail appliances can submit files to FortiCloud Sandbox as well, and actually, in order to scale upwards and address some of the concerns that customers have raised around where files go and how data is moved around, we’ve just opened the EMEA data center in Frankfurt.

P2: Alright, cool, so all of these services are completely duplicated at that data center.

P1: Absolutely. You’ve got the FortiCloud Sandbox there, you’ve got the FortiAPs being managed from there when 3.1 gets released, and FortiGates today, based on their geographic IP, get assigned and managed from the EMEA data center as well.
The logs and the reporting, they all stay inside of the EMEA data center, er, for the Sandbox as well, that’s all processed in there, and doesn’t get shared outside of that as well.

So, we’re really very mature as a cloud solution now, as an interface, and with functionality as well, and we’re just getting better and better, and the revenues are driving upwards.

P2: The growth figures that we’re seeing for FortiCloud are quite insane, really, aren’t they? They’re just huge.

P1: Absolutely, I mean, not to go into specifics, but we’re seeing huge, huge growth on FortiCloud at the moment in terms of both device numbers and in terms of revenue as well. It really is something that is extremely relevant to today’s market is that people want to be able to manage their devices from the cloud.

And it’s interesting, actually, just to make that point, maybe it’s a point we should have made at the beginning rather than at the end, but to dispel a couple of things around FortiCloud, I sometimes get asked whether FortiCloud is Fortinet’s version of, you know, AWS, or whether someone can spin an appliance up in FortiCloud. That’s really not what this is. You know, FortiCloud is a cloud network management system and log storage system for FortiGates, FortiAP, and offers applications like FortiSandbox in the cloud as well.

I want to make that distinction clear because it has been asked a couple of times.

P2: I think that’s pretty clear now.

So, we can expect to see other Fortinet applications appearing in the cloud over the next few years.

P1: Yes, absolutely. I’m not going to go into details because, being in product management, that’s not what we do. We are subject to change without notice, as ever.

P2: That’s part of Martin’s job, yeah. [laughter]

P1: Yeah—yes, that’s right. [laughter]

And so, yeah, there is ongoing development, ongoing expansion, ongoing investment, and I would encourage everybody to sign up to beta.forticloud.com so that they can see the latest stuff when we’re—when it moves into beta, or ‘beta’, and test it and sign up. You know, contact us, we can get your devices redirected there, and we can help this all run very smoothly. So I really encourage everyone to do that.

P2: So that’s just, uh, beta, or beta.forticloud.com, yeah?

P1: Yeah, absolutely.

So let’s talk about some headline figures, as well, for FortiCloud, as a way to, kind of, ‘wrap this up’ I think is an industry term for this type of production?

  • 200,000 devices+ managed worldwide
  • We deal with 4.7 million+ file submissions a day into the FortiSandbox that’s in the cloud.
  • We manage thousands of FortiAPs and FortiAP networks across the world.

So we are talking about a solution which is relevant, which is mature, which is highly functional, and if you’re a Fortinet partner, or you’re a Fortinet sales guy, can generate excellent recurring revenue as well.

P2: That is an interesting point, I mean—and we’re running out of time, but just very, very briefly, one of the features of the 3.1 release is the ability to manage multiple accounts from a single login. So, as a partner, we provide you effectively the services to run your own managed service practice. So you can deploy wireless access points at a customer’s site and maintain the management of those as part of your portfolio. You know, we can talk about this in more detail for anyone who’s interested in that, but we’ve really only had a chance to scratch the surface in what this product can do today.

P1: Maybe we should do that as the topic of our next FortiCast, fellas.

P2: Coming soon!

P1: But, we’ll put that in about the MSSP license that we have—but you’re right, absolutely, the multi-tenancy is cake.

So, well, thanks ever so much for your time, Phil. Really appreciate it.

P2: Yeah, it’s been cool.

P1: And thank you, everybody, for listening. If you’ve got any questions, please feel free to, uh, e-mail myself or Phil. I’m benwilson@fortinet.com.

P2: I’m pkeeley@fortinet.com.

P1: Thanks very much for listening. Thanks, bye bye.

P2: Thanks, bye.

Host: Special thanks to our guests, Ben Wilson and Philip Keeley.

FortiCast is hosted and edited by me, Victoria Martin. Our show is produced by Michael Strickland and Bill Dickie. Our executive producer is Darren Turnbull. Our music is from bensound.com.

You can listen and subscribe to FortiCast in iTunes or any other podcast app. If you have any questions about the podcast, our e-mail is forticast@fortinet.com.

More FortiCloud resources

Subscribe to FortiCast

     

Victoria Martin

Victoria Martin

Technical Writer & Head Cookbook Chef at Fortinet
Victoria Martin works in Ottawa as part of the FortiOS technical documentation team. She graduated with a Bachelor's degree from Mount Allison University, after which she attended Humber College's book publishing program, followed by the more practical technical writing program at Algonquin College. She does need glasses but also likes wearing them, since glasses make you look smarter.
Victoria Martin

Latest posts by Victoria Martin (see all)

Share this recipe:

Facebooktwittergoogle_pluslinkedin

Leave a comment:

Before commenting, please read the site's comment policy. Only questions related to documentation will be answered. For other concerns, please contact Fortinet support.