This customer is Wellstreet Urgent Care based in Georgia with 18 locations throughout Georgia and up through Virginia. Wellstreet is part of a network of Urgent Care facilities with 54 locations in total. These UC facilities span the southeast US over to Minnesota.
I was first introduced to Wellstreet in late 2020 and started working with them because they were an existing customer of AT&T. They were having issues getting their ANIRA network to work with their MPLS network. ANIRA is another type of MPLS but functions more like a Metro Ethernet. They wanted to add a Cloud Based Firewall through AT&T to protect their sites at a centalized location and to centralize all internet access to go through the Cloud Based Firewall.
I was given a very basic network drawing by the sales team and asked to explain to the customer during a discovery call how this Cloud Based Firewall would function withh their existing network. As I was reviewing all the service they were using from AT&T I discovered that the assorted MPLS, ANIRA and Cloud Based Firewall products were not compatible. Essentially all three of them would not route through each other. As well the customer needed to routed a masked private IP address out through the Cloud Based Firewall and allow the hospital that required the masked IP address to route back to the customers network through CBFW. This would not work as AT&T did not allow routing into their CBFW product set.
This created a distinct set of problems and an interesting conversation that the sales team wanted to literally skin me alive for starting. What I had to discuss with the customer was akin to a full body off restoration of their entire wide area network some of their local area network. At the time the customer had a spend of roughly $45K per month. This meant the sales team would have to get approvals to cancel all of that service and rewrite it as whatever I proposed and the customer decided on.
I then created the network design as shown below (the was the 3rd version). The design encompassed essentially all the characteristics of a Managed SASE solution, except AT&T didn’t offer a SASE solution at the time so I was not allowed to call it SASE.
The solution is designed using an integration of Palo Alto Prisma Cloud Firewall with Cortex Data Loke, VeloCloud SDWAN, and Managed Threat Detection and Response for 24×7 monitoring for security issues. All of these services are monitored for uptime and functionality by the AT&T Managed SOC, AT&T NOC (for SDWAN) and MTDR SOC.
I can’t really go into all of the technical details as this solution is still active with the customer but what I will say is that the customer liked the solution. They signed new 3 year contracts on this digital transformation project and expanded the project from the original 18 locations to all 54 locations across the US. Their monthly spend with discounts upsized from $45K/month to about $95K/per month. The customer now meets compliance better than ever before and is able to have visibility throughout their environment that is 100x’s better than they could get with MPLS or Metro Ethernet.