Turning IT Challenges into Business Wins

Hey welcome back, today we’re diving into a case study that saved one of my clients almost $500k and a ton of headaches.

This customer is a retail giant based out of the midwest and faced a massive challenge during their cloud infrastructure upgrade. They needed to migrate over 10,000 firewall rules from Google Cloud Platform to Net X, which at the time Google’s new VPN offering. The catch? The data formats for the firewall rules were incompatible, and manual conversion would have cost them hundreds of thousands of dollars in labor costs alone. Let’s see how I turned this potential disaster into a business win and I’ll also give you some details on how I landed this particular contract.

First let’s jump into our solution and discuss how it works from a high level. Keep in mind this type of walk through is not meant for beginners. My goal is to give you an idea of what kind of projects you can take on as a freelance cloud consultant and to provide some insight on how you can level up your own career. Maybe you’re looking to start your own LLC or you’re wanting to take on a side hustle to start building new revenue streams. Either way, we will not be discussing the basics of cloud or automation, you need to have some degree of familiarity with this content. With that said, lets get into it!

So this contract had a 2 month scope to deliver a solution that was capable of reformatting over 10k firewall rules from JSON into YAML with the intent to deploy these into production using pre-existing CI/CD pipelines. Basically, the customer would send me firewall dumps written in JSON for individual projects every day requesting to have them converted. My solution was to write a simple Python script that automated the entire conversion process while allowing the customer to iterate on it in the future. Let’s break down the business impact of each component:

  1. First, we developed a robust parser that could handle JSON files with over ten thousand lines of code. This eliminated the need for manual data entry and reduced the risk of human error. Let’s look at a key part of this code:
def main():
"""This is where you create/remove variables"""
with open("cmit-firewallRules.json", "r") as file:
data = json.load(file)
for item in data:
target_tags = item["targetTags"].split(",")
source_ranges = item["sourceRanges"].split(",")
source_tags = item["sourceTags"].split(",")
destination_ranges = item["destinationRanges"]
if destination_ranges == "":
destination_ranges = []
else:
destination_ranges = destination_ranges.split(",")
allowed_data = parse_allowed_values(item["allowed"])

The main function shows how we’re ingesting the JSON firewall rules by opening and then reading the file using the JSON library. We are then iterating through each of the key values and splitting the different source ranges, target tags, and so by delineating the commas in between each object.

  1. Second, we didn’t want this piece of automation to just convert data but optimized it, by ensuring the integrity and format of the client’s security policies. We want to make sure each rule is preserved as intended. This part of the script improved network performance and reduced ongoing maintenance costs when dealing with orphaned or forgotten firewall rules. Here’s a glimpse at how we processed the rules:
values = []
tcp_ports = {"protocol": "tcp", "ports": []}
udp_ports = {"protocol": "upd", "ports": []}
icmp = {"protocol": "icmp"}
# This loop iterates through all tcp, udp, and icmp values then appends the port numbers.
for item in new_data:
if item == "icmp":
values.append(icmp)
if ":" in item:
data = item.split(":")
protocol = data[0]
port = data[1]
if protocol == "tcp":
tcp_ports["ports"].append(port)
elif protocol == "udp":
udp_ports["ports"].append(port)
# If TCP port doesn't equal an empty list, we will append values for the tcp/udp port.
if tcp_ports["ports"] != []:
values.append(tcp_ports)
if udp_ports["ports"] != []:
values.append(udp_ports)
# Extract and return variables.
return values

This function intelligently categorizes and optimizes firewall rules by using a for loop to differentiate ports and protocols. This not only processes the data but also cleans it by creating a new list which will be used once we’re ready to structure our firewall rules according to the Net X requirements set by Google.

  1. The final step was converting the processed data into YAML format, compatible with NetX and ensuring the new files passed all linting and testing stages of the client’s CI/CD pipelines. This automation ensured seamless integration with their existing systems, minimizing downtime and maintaining business continuity. Here’s how we achieved this:
 structured_data = {
"vpcs": {
item["name"]: {
"firewallrules": {
item["Networks"]: {
"name": item["name"],
"priority": item["priority"],
"direction": item["direction"],
"description": "",
"disabled": item["disabled"],
"rule": {
"destinationRanges": destination_ranges,
"targettags": target_tags,
"sourceranges": source_ranges,
"sourcetags": source_tags,
"allow": allowed_data,
},
}
}
}
}
}
data = yaml.dump(structured_data, allow_unicode=True)
print(data)

This simple yet powerful function automates the final conversion and file creation by allowing us to directly structure our data as necessary. It’s the bridge between the old system and the new, and basically places our key values into a series of dictionaries that will consolidate each individual firewall rule into its parent VPC.

Lets do a quick recap. By leveraging this solution, our client was able to:

  1. Complete the migration in just 3 weeks compared to the estimated 3 months it would have taken to hire a team to manually format all of the rules.
  2. I saved this customer an estimated $490,000 in direct labor costs.
  3. Minimize security risks associated with manual data entry errors by creating a seamless automated solution that minimizes the risk of user error.
  4. Integrated the script with their existing CI/CD pipelines, maintaining DevOps efficiency.

This project wasn’t just about writing code; it was about creating a business solution that had a real, measurable impact. We’re talking nearly half a million dollars saved, a 75% reduction in project timeline, and a significant boost in security and efficiency.

But here’s the real kicker – this is just one example of the kind of value you can bring as a cloud consultant. Whether you’re looking to start your own LLC, pick up some high-impact side hustles, or level up your career, these are the kinds of projects that can get you there.

Remember, it’s not just about the technical skills – though those are crucial. It’s about understanding the business problem, communicating effectively with stakeholders, and delivering solutions that impact the bottom line. That’s how you turn a coding project into a half a million dollar win.

If you’re ready to take on these kinds of challenges and start making waves in the cloud consulting world, hit that subscribe button. I’ll be diving into more case studies, sharing insider tips on landing these high-value contracts, and breaking down the strategies that can take your career to the next level.

As always keep innovating and delivering value. See you in the next one!”

Leave a Reply