Joining the networks together!
Cloud Security – High Performance Encryption (HPE) Aviatrix builds high-performance encrypted networks by default. The solution is called Aviatrix HPE or Aviatrix Insane mode. GCP HPE across Google Cloud Interconnect The Google Cloud Interconnect (GCI)…
Cloud Security – Service Insertion and Chaining Automated and Policy-based service insertion and chaining have always been a real pain point for enterprise GCP customers. Native solutions are not adequate and 3rd party vendors’ solutions…
Following are two popular design choice The topology shows the Palo Alto VM-Series as example but exact design works with Check Point, FortiNet and other firewalls as well. Centralized VPC Sandwich LB Design Dedicated Ingress…
AWS VPC Ingress Routing allows customers to insert (or service chain) a security appliance/gateway or firewall for the traffic flows coming from the Internet and going towards the public-facing applications such as a web server.…
Recently I joined an expert panel and shared my opinion for Cloud Compliance and Governance in 2021. Take a listen What I talked about can be summarized in the following bullet points The role of…
Draft Introduction Aviatrix Firewall Network Services (FireNet) simplify the Next Generation Firewall Insertion and Operations. FireNet is the simplest, highest performance, best scale-out architecture for next generation firewalls in the cloud. Following are some of…
Kickstart deploys cloud and multi-cloud networks in minutes without any effort. Once the hub/spoke transit network is built in the cloud, it will act as a core networking layer on which one can add more…
Business Objective An important security requirement for GCP VPCs is to effectively control remote user access in a policy based manner. The cloud and the COVID-19 pandemic makes most users “remote.” Not only for employees…
Objective ACE Enterprise in GCP wants to connect to different partners to consume SaaS services. These partners could be present in physical DC or Branches; or in VPC/VNET in cloud such as GCP/AWS/Azure/etc. ACE cannot…
This lab will demonstrate how to provide Fully Qualified Domain Name (FQDN) based Egress Filtering security using Aviatrix. Only those FQDNs will be allowed which are permitted in the configured policy. Egress FQDN Filtering Overview…
It is important to provide security compliance and fulfill audit requirements by using various methods and network segmentation is one of them. Providing Network Security segmentation is a critical business requirement. Aviatrix MCNS is helping…
In this lab, we will build the hub and spoke network in GCP. All the GCP VPCs and their respective subnets are already created for you to save time. GCP Spoke-2 GW VPC Network/Subnet Creation…
Introduction This document is the lab guide for GCP Test Flight Project. Anyone with basic GCP knowledge is the audience. It is GCO focused with connection to AWS as optional component of the cloud. Topology…
In some situation it might be desired to send a subset of DNS traffic from on-prem to cloud. One example is sending the S3 bucket traffic from on-prem to Cloud if one has deployed Direct…
Introduction GCP shared VPC allows an organization to share or extend its vpc-network (you can also call it subnet) from one project (called host) to another project (called service/tenant). When you use Shared VPC in…
This pattern is more suited for small deployments, PoC or lab setup where the networking is kept very simple. The Aviatrix transit GW is deployed inside the host-project. The Aviatrix spokes are also deployed inside…
Problem Statement By default GCP Compute Service Account permissions are wide open with the Editor role. Here is how you can see the problem yourself. Create a new GCP Project Notice the “Service Accounts” area…
Aviatrix controller provides unified control and management plane for Google Cloud. Aviatrix allows enterprises to on-board hundreds of GCP projects/accounts into the controller. Once these projects are on-boarded, Aviatrix controller is intelligent to control and…