Network Security Transformation for Multi-Tenant Cloud Provider
A leading colocation and cloud hosting provider with data centers strategically located across the Mountain West region needed to redesign and replace end-of-life network security infrastructure without disrupting their multi-tenant environment.
A colocation and cloud hosting provider · client anonymized · Project · Enterprise engagement · 3 min read
Client Overview
A leading colocation and cloud hosting provider with data centers strategically located across the Mountain West region needed to redesign and replace end-of-life network security infrastructure without disrupting their multi-tenant environment. The provider delivers mission-critical infrastructure for businesses from their facilities in Cheyenne, Wyoming, Denver, Colorado, and additional locations in Kansas City, Las Vegas, and Phoenix. Their infrastructure powers everything from government services to healthcare systems, requiring 99.999% uptime and uncompromising security.
Business Challenge
The client faced several critical challenges:
- Aging Cisco ASA firewall infrastructure requiring complete replacement
across their flagship Cheyenne data center
- Complex multi-tenant environment with approximately 27 distinct
network interfaces serving hundreds of clients
- Need to migrate all associated firewall policies, network object
definitions, NAT rules, VPNs, and routing configurations without disruption
- Requirements for zero service disruption during migration for
customers relying on 24/7 availability
- Limited internal resources to execute the specialized migration while
maintaining focus on core operations
- Strict change management and documentation requirements for SOC 2 Type
II and HIPAA compliance
CONVX Solution Approach
CONVX deployed a team of senior network engineers with expertise in complex security migrations to design and implement a phased approach:
1. Deep Discovery & Assessment
- Conducted comprehensive network discovery of the Cheyenne data
center environment
- Documented all existing security policies and dependencies across
multi-tenant infrastructure
- Identified optimization opportunities during migration to improve
performance and security
- Collaborated with the client\'s network team to understand unique
requirements of their managed services platform
2. Strategic Migration Planning
- Developed detailed migration design per interface with specific
focus on each tenant\'s requirements
- Created thorough change management documentation following the
client\'s SMOP (Standard Method of Procedure) format
- Established rollback procedures for risk mitigation at each
migration stage
- Designed a migration sequence to minimize potential impact on
customer services
3. Seamless Implementation
- Executed after-hours migrations to minimize impact on the
client\'s business operations
- Performed rigorous testing at each migration phase to verify
tenant connectivity
- Integrated with client\'s existing change management systems and
approval workflows
- Presented migration plans to the client\'s change review board for
validation
4. Documentation & Knowledge Transfer
- Updated network documentation using client\'s tools including
SharePoint and Netbox
- Provided detailed configuration records for compliance and
operational purposes
- Ensured client team understood the new security architecture
through collaborative sessions
Technology Focus
The project involved specialized expertise with:
- Cisco ASA firewall platforms and migration to next-generation security
solutions
- Multi-tenant network segmentation for cloud and colocation
environments
- Complex VPN configuration and migration for customer connectivity
- Intricate NAT rule implementation for hosted services
- OSPF and BGP routing protocols for internal and external connectivity
- High-availability configurations for enhanced resilience
Results & Business Impact
- Successfully migrated all 27 network interfaces at the Cheyenne data
center without service disruption
- Enhanced security posture with modern firewall capabilities while
maintaining backward compatibility
- Improved performance and scalability of network security
infrastructure
- Streamlined security policy management for easier ongoing maintenance
- Reduced operational complexity while improving network visibility
- Strengthened compliance posture for regulatory requirements
Relationship Development
The success of the initial network security project established CONVX as a trusted technology partner. Based on the value delivered, the client extended the engagement for additional network and security infrastructure modernization projects:
1. Initial project: Cheyenne data center firewall migration (June 2021)
2. Extension: Additional security platform optimizations for Denver facilities
3. New project: BCU firewall migration (October 2022) for a major financial services customer
By functioning as a seamless extension of the client\'s team and adapting to their specific change management processes, CONVX demonstrated the flexibility and expertise that has been the foundation of this ongoing partnership across multiple data center locations.