ENGIE’s “Cloud First” Strategy with Cisco and AWS

Executive Summary

Headquartered in France, ENGIE is a global reference in low-carbon energy and services with more than 170,000 employees worldwide. ENGIE works to accelerate the transition towards a carbon-neutral world through reduced energy consumption and the advancement of more environmentally-friendly solutions. With this global mission in its sights, ENGIE needed to build a network that embraced its strategy and vision to push toward digital solutions.

Confronting Challenges with a “Cloud First” Strategy

Launching a new “Cloud First” initiative, ENGIE’s strategy involved pushing all new applications to the cloud. In order to accomplish this goal, the company needed to create the shortest data path between users and applications. Placing a router in its data center would create an additional hop between users and applications.

Adrien Geniller, Lead Network Architect at ENGIE, had to evaluate where to place the routers. ENGIE had initially considered router installation in their data centers, using a direct connection via VPN to reach applications. However, keeping its “Cloud First” strategy in mind, the end solution involved using Cisco SD-WAN to put virtual routers in the cloud to link its domestic and partner networks to its applications on AWS and on-premises data centers. This solution allowed some applications to remain on-premises while utilizing Cisco on AWS for efficiency.

An additional challenge that ENGIE faced was the time it was taking to integrate new acquisitions into its network. Cisco SD-WAN on AWS made sense because deploying virtual SD-WAN routers was faster than using on-premises data centers. Cisco SD-WAN was an ideal choice given its capabilities around multi-tenancy, security, app visibility, and zero-touch provisioning.

The main challenge that ENGIE was looking to solve was to provide consistent performance to customers. The company needed to reduce the Internet segment they were using and AWS’ global backbone provided the opportunity to do just that. AWS Regions and POPs provided the proximity needed to the ENGIE sites.

Network Connectivity Needs

ENGIE approached its network connectivity by having different firewall standards for its own sites and for external users. Each specific domestic network at each ENGIE site was protected by a firewall before connecting to the ENGIE backbone. Additionally, ENGIE could only connect to a partner’s site by going through a specific partner firewall.

Primary Network Design

ENGIE’s primary network design focuses on its backbone network, called “ENGIE BB.” The network extends to AWS via DX and the TGW EBB. Standard firewalls are implemented around the TGW EBB. In this scenario, a dedicated AWS Transit Gateway acts as an underlay between Cisco’s virtual router and the firewall. Sites are connected to the ENGIE network via a central virtual router on AWS with a router in the data center.

“We have now connected ENGIE domestic networks with Regions globally via local hubs on AWS, offering easier integration and more control and flexibility in changes.” 

- Adrien Geniller, Lead Network Architect, ENGIE

Network Segmentation Use Cases

The segmentation provided by the Cisco SD-WAN fabric is kept along the path to the ENGIE firewall via VPNs between the Cisco SD-WAN routers and firewalls. The first use case is the security level between different ENGIE subsidiaries. The second use case is the use of another level of security for the connection with ENGIE partners.

In each use case, Cisco SD-WAN on AWS became the center for connectivity.

Standardized Network across AWS Regions

ENGIE is a worldwide company and required a solution that works globally. Cisco SD-WAN enabled ENGIE to securely leverage AWS as a worldwide transit network. To accomplish ENGIE's global goals, the design that was used in the Dublin ENGIE office was simplified and replicated in three other regions including the United States, Paris, and Singapore. Using Cisco SD-WAN on AWS, each of these sites was connected to its closest hub. 

Benefits and Key Outcomes

By implementing Cisco SD-WAN on AWS, ENGIE saw more control, flexibility, and support and could keep network management in-house. The company was able to reduce the amount of time it took to connect to European hubs from 15 days to less than one week. Visibility for IT managers also increased, allowing read access on the vManage console for their respective VPNs.

Overall, Cisco SD-WAN on AWS provided ENGIE with improved performance, increased visibility through vManage, and broadened underlay support capabilities across 4G, MPLS, and Internet connections along with the AWS backbone, benefiting customers while supporting ENGIE’s “Cloud First” strategic goals.

To Learn More about ENGIE’s Use of Cisco SD-WAN on AWS Please Visit:



ENGIE is a global reference in low-carbon energy and works to accelerate the transition towards a carbon-neutral world to create a more sustainable future.

About Cisco

Cisco (NASDAQ: CSCO) enables people to make powerful connections — whether in business, education, philanthropy, or creativity. Cisco hardware, software, and service offerings are used to create the Internet solutions that make networks possible — providing easy access to information.

Published February 2021