Author: Shahzad Ali

Following are two popular design choice Centralized VPC Sandwich LB Design Dedicated Ingress VPC Design Topology Credit: Rodrigo Loureiro

Recently I joined an expert panel and shared my opinion for Cloud Compliance and Governance in 2021. Take a listen What I talked about can be summarized in the following bullet points The role of…

Read More

Draft Introduction Aviatrix Firewall Network Services (FireNet) simplify the Next Generation Firewall Insertion and Operations. FireNet is the simplest, highest performance, best scale-out architecture for next generation firewalls in the cloud. Following are some of…

Read More

Kickstart deploys cloud and multi-cloud networks in minutes without any effort. Once the hub/spoke transit network is built in the cloud, it will act as a core networking layer on which one can add more…

Read More

Business Objective An important security requirement for GCP VPCs is to effectively control remote user access in a policy based manner. The cloud and the COVID-19 pandemic makes most users “remote.” Not only for employees…

Read More

Objective ACE Enterprise in GCP wants to connect to different partners to consume SaaS services. These partners could be present in physical DC or Branches; or in VPC/VNET in cloud such as GCP/AWS/Azure/etc. ACE cannot…

Read More

This lab will demonstrate how to provide Fully Qualified Domain Name (FQDN) based Egress Filtering security using Aviatrix. Only those FQDNs will be allowed which are permitted in the configured policy. Egress FQDN Filtering Overview…

Read More

It is important to provide security compliance and fulfill audit requirements by using various methods and network segmentation is one of them. Providing Network Security segmentation is a critical business requirement. Aviatrix MCNS is helping…

Read More

In this lab, we will build the hub and spoke network in GCP. All the GCP VPCs and their respective subnets are already created for you to save time. GCP Spoke-2 GW VPC Network/Subnet Creation…

Read More

Introduction This document is the lab guide for GCP Test Flight Project. Anyone with basic GCP knowledge is the audience. It is GCO focused with connection to AWS as optional component of the cloud. Topology…

Read More

In some situation it might be desired to send a subset of DNS traffic from on-prem to cloud. One example is sending the S3 bucket traffic from on-prem to Cloud if one has deployed Direct…

Read More

Introduction GCP shared VPC allows an organization to share or extend its vpc-network (you can also call it subnet) from one project (called host) to another project (called service/tenant). When you use Shared VPC in…

Read More

This pattern is more suited for small deployments, PoC or lab setup where the networking is kept very simple. The Aviatrix transit GW is deployed inside the host-project. The Aviatrix spokes are also deployed inside…

Read More

Problem Statement By default GCP Compute Service Account permissions are wide open with the Editor role. Here is how you can see the problem yourself. Create a new GCP Project Notice the “Service Accounts” area…

Read More

Aviatrix controller provides unified control and management plane for Google Cloud. Aviatrix allows enterprises to on-board hundreds of GCP projects/accounts into the controller. Once these projects are on-boarded, Aviatrix controller is intelligent to control and…

Read More

The requires only single VPC for testing purposes Aviatrix ingress filtering gateway (aka public subnet filter PSF) is deployed in the public subnet External ALB deployed in the same public subnet as AVX-PSF-GW WordPress App…

Read More

What is GCP Shared VPC? GCP shared VPC allows an organization to share or extend its vpc-network (you can also call it subnet) from one projects (called host) to another project (called service/tenant). When you…

Read More