AWS recently launched a new service called AWS Network Firewall (NWFW). The AWS NWFW will be positioned as L7 NGFW (Next-Generation Firewall) to compete with Palo Alto Network, Check Point, Fortinet, and other firewall vendor’s solutions. It is a new service and it will take some time to steal market share from other established Firewall …
AWS NWFW (Network Firewall) vs Aviatrix ThreatGuard Solution Read More »
GCP Design with Global VPC in Transit and Spoke with same AZ spoke GW distribution GCP Global VPC in Transit and Spoek with different spoke GW AZ distribution GCP Global Spoke VPC Design with Standalone GWs
Every public Cloud is drastically different. The networking and security are 180 degrees apart from each other. We need a normalizer. That normalizer is #Aviatrix. Google Cloud (GCP) The solution described below shows how to implement NLB based ingress in Google Cloud. For this design, credit goes to Adam Stipkovits for deploying and verifying in …
Aviatrix Introduction <Text here> Aviatrix Business Value Joint Solution Brief Next-generation solutions using Aviatrix Secure Cloud Network (SCN) Platform to realize the value of an ‘as-a-Service’ economy. Wipro is an innovation-led Cloud partner for clients through its Aviatrix Secure Cloud Network (SCN) Platform, helping them to accelerate their digital journey, unify insights and amplify workforce …
Software as a Service (SaaS), or as some call it NaaS (Network as a Service) is a trap, 10 steps backward and even worse than the on-prem data center model. Enterprise cannot afford to have another black box, and the SaaS for Cloud Networking is exactly like that. No control, no visibility, and no customization. …
SaaS for Cloud Networking (aka NaaS) is not for Enterprises Read More »
You would assume that the Cloud Application migration should accelerate your digital transformation but it is not true. The reality is that these Cloud Migration are causing lot of headache for enterprise IT, CTO and CISO.
Aviatrix ThreatIQ/ThreatGuard is enabled by default on all Aviatrix gateways. These gateways can front-end the Load Balancers to protect AWS/Azure/GCP/etc. infrastructure. They provide visibility and control as well as a repeatable ingress design. Azure Design #1 Design Notes
Some customers start their Cloud implementation or adoption with a single CSP (Cloud Service Providers such as GCP, Azure, AWS, etc.). Soon they realize that the world is already Multi-Cloud, and there is no going back. The majority of the enterprises know for a fact that they must adopt a multi-cloud strategy, but due to …
DIY Automation Increases Complexity and Cost of Running Cloud Network Read More »
A well-architected framework is critical for enhanced application performance. Applications do not work in silos. The need for enterprise-class networking. A solid, robust, and highly-available networking platform is a must. Aviatrix platform provides enterprise-class networking for the CloudGen workloads. There are five design pillars to keep as a framework. You must keep it handy so …
Cloud Network Well-Architected Framework Design Pillars Read More »
The majority of the content for this blog is taken from the Aviatrix website. Single Site over Single Private Network Circuit Details Single Site over Public Internet Single Site with Redundant Edges over Single Private Network Circuit Single Site Redundant Edges over Redundant Private Network Circuits Single Site connected to Multiple Cloud over Redundant Private …
Log in to the following SAP website https://cal.sap.com/catalog#/applianceTemplates Logon using SAP Universal-ID After you login, you will see additional options in the left hand navigation bar TIP: Sometimes the login does not work, so what you should do is to log in to SAP PartnerEdge or Universal ID website and then click the Login button …
SAP S4/HANA Installation For LAB and Development Work Read More »
Challenges https://docs.aws.amazon.com/sap/latest/sap-hana/sap-oip-architecture.html SAP AWS Overlay IP Address Concept – Normal State SAP AWS Overlay IP Address Concept – Failover Scenario How this works in a failover scenario, who is going to update the routing table to point to the secondary HANA server Script aka SAP Resource Agent “aws-vpc-move-ip” This script runs inside the HANA DB …
SAP S4/HANA AWS High Availability Challenges with AWS Overlay IP Limitations Read More »
SAP S4/HANA supports the integration with other SAP and 3rd party products. Few examples
Business-critical applications require business-critical infrastructure. Aviatrix Intelligent Cloud Networking™ delivers business-critical cloud networking that supports business-critical applications such as SAP S/4HANA. This post enlightens you with everything you want to know about running a business-critical application on a business-critical infrastructure provided by Aviatrix. Aviatrix Solution Brief for SAP S4/HANA Enterprises https://aviatrix.com/resources/solution-briefs/aviatrix-cloudmigrations-sb2022010 https://aviatrix.com/resources/solution-briefs/upgrade-your-cloud-networking-for-sap-migrations Aviatrix Solution for …
Aviatrix is modern born in the cloud for the cloud security platform. Unlike legacy vendors, Aviatrix Security is bolted on the platform itself. It is a pervasive security platform that also provides a framework for other vendors to integrate. This in turn provides the best possible security posture for the enterprises. This post highlights some …
Every CSP (Cloud Service Provider) has certain networking and security limits, restrictions, and considerations. CSPs do their best to publish those limits but oftentimes they are buried under complex documentation structures. It is important for Cloud Network Architect to know about those so he/she can propose a future proof and successful design In this article, …
Introduction Enterprises are demanding to connect to various public cloud services without using the public IP address. They are asking to provide connectivity using the private IP for the following services Every CSP has its offering to cater to this need. Azure Private Link is an example. Google PSC is similar to Azure Private link …
Google Private Service Connect (PSC) Configuration for Google APIs Read More »
Recently I joined an expert panel and shared my opinion for Cloud Compliance and Governance in 2021. Take a listen
Draft Introduction Aviatrix Firewall Network Services (FireNet) simplify the Next Generation Firewall Insertion and Operations. FireNet is the simplest, highest performance, best scale-out architecture for next generation firewalls in the cloud. Following are some of the highlights Simple deployment, autoroute propagation to firewalls Advanced egress, IDS, IPS, and ingress security Maximize performance, scale, and visibility …
Kickstart deploys cloud and multi-cloud networks in minutes without any effort. Once the hub/spoke transit network is built in the cloud, it will act as a core networking layer on which one can add more use-cases as needed later. The lightweight automation script deploys an Aviatrix controller and an Aviatrix transit architecture in AWS (and …
Aviatrix Kickstart – Spin up Cloud Networks in Minutes – UI Mode Read More »
Business Objective An important security requirement for GCP VPCs is to effectively control remote user access in a policy based manner. The cloud and the COVID-19 pandemic makes most users “remote.” Not only for employees who are out of the office, the “remote” label can be applied to developers, contractors, and partners whether they’re in …
Objective ACE Enterprise in GCP wants to connect to different partners to consume SaaS services. These partners could be present in physical DC or Branches; or in VPC/VNET in cloud such as GCP/AWS/Azure/etc. ACE cannot dictate or control the IPs/Subnets/CIDR those partners have configured and must support “Bring Your own IP” which might overlap with …
LAB5 – Bring Your Own IP/Subnet in GCP (Overlapping IP) Read More »
This lab will demonstrate how to provide Fully Qualified Domain Name (FQDN) based Egress Filtering security using Aviatrix. Only those FQDNs will be allowed which are permitted in the configured policy. Egress FQDN Filtering Overview Aviatrix FQDN Egress is a highly available security service specifically designed for workloads or applications inthe public clouds. Aviatrix Egress …
It is important to provide security compliance and fulfill audit requirements by using various methods and network segmentation is one of them. Providing Network Security segmentation is a critical business requirement. Aviatrix MCNS is helping many customers who achieved this requirement. So far we have built following topology Our objective in this lab to segment …
LAB3 – GCP Multi-Cloud Network Segmentation (MCNS) Read More »
In this lab, we will build the hub and spoke network in GCP. All the GCP VPCs and their respective subnets are already created for you to save time. GCP Spoke-2 GW VPC Network/Subnet Creation This step is already done for you so please do not attempt. Controller can create those subnets using API/Terraform as …
LAB2 – GCP Multi-Cloud Network Transit / Hub-Spoke Read More »
Introduction This document is the lab guide for GCP Test Flight Project. Anyone with basic GCP knowledge is the audience. It is GCO focused with connection to AWS as optional component of the cloud. Topology Following is the starting topology. Some components are pre-built to save time. Once you finish all lab steps, following is …
LAB1 – Google Cloud and Aviatrix Testing/POC LAB Guide Read More »
In some situation it might be desired to send a subset of DNS traffic from on-prem to cloud. One example is sending the S3 bucket traffic from on-prem to Cloud if one has deployed Direct Connect circuit without needing to use public VIF. The most important aspect is that your orginization should not become the …
Selective DNS Traffic Forwarding From On-Prem to Cloud Read More »
Introduction GCP shared VPC allows an organization to share or extend its vpc-network (you can also call it subnet) from one project (called host) to another project (called service/tenant). When you use Shared VPC in a project call “X”, you are automatically designating this project “X” as a host project. Now you can attach one …
GCP Shared VPC Transit Design and Deploy For Enterprises Read More »
This pattern is more suited for small deployments, PoC or lab setup where the networking is kept very simple. The Aviatrix transit GW is deployed inside the host-project. The Aviatrix spokes are also deployed inside the host-project but the VPC network (or subnet) is shared with the service/tenant VPC. This same shared VPC network (subnet) …
Aviatrix Spoke GW and Workload VMs in Same GCP Shared VPC Subnets Read More »