Author name: Shahzad Ali

AWS NWFW (Network Firewall) vs Aviatrix ThreatGuard Solution

AWS recently launched a new service called AWS Network Firewall (NWFW). The AWS NWFW will be positioned as L7 NGFW (Next-Generation Firewall) to compete with Palo Alto Network, Check Point, Fortinet, and other firewall vendor’s solutions.  It is a new service and it will take some time to steal market share from other established Firewall …

AWS NWFW (Network Firewall) vs Aviatrix ThreatGuard Solution Read More »

Protect Internet Facing Applications with Firewalls in Public Cloud – Ingress Traffic Design

Every public Cloud is drastically different. The networking and security are 180 degrees apart from each other. We need a normalizer. That normalizer is #Aviatrix. Google Cloud (GCP) The solution described below shows how to implement NLB based ingress in Google Cloud. For this design, credit goes to Adam Stipkovits for deploying and verifying in …

Protect Internet Facing Applications with Firewalls in Public Cloud – Ingress Traffic Design Read More »

Aviatrix GSI Mockup Landing Page

Aviatrix Introduction <Text here> Aviatrix Business Value Joint Solution Brief Next-generation solutions using Aviatrix Secure Cloud Network (SCN) Platform to realize the value of an ‘as-a-Service’ economy. Wipro is an innovation-led Cloud partner for clients through its Aviatrix Secure Cloud Network (SCN) Platform, helping them to accelerate their digital journey, unify insights and amplify workforce …

Aviatrix GSI Mockup Landing Page Read More »

DIY Automation Increases Complexity and Cost of Running Cloud Network

Some customers start their Cloud implementation or adoption with a single CSP (Cloud Service Providers such as GCP, Azure, AWS, etc.). Soon they realize that the world is already Multi-Cloud, and there is no going back.  The majority of the enterprises know for a fact that they must adopt a multi-cloud strategy, but due to …

DIY Automation Increases Complexity and Cost of Running Cloud Network Read More »

Cloud Network Well-Architected Framework Design Pillars

A well-architected framework is critical for enhanced application performance. Applications do not work in silos. The need for enterprise-class networking. A solid, robust, and highly-available networking platform is a must. Aviatrix platform provides enterprise-class networking for the CloudGen workloads. There are five design pillars to keep as a framework.  You must keep it handy so …

Cloud Network Well-Architected Framework Design Pillars Read More »

SAP S4/HANA Installation For LAB and Development Work

Log in to the following SAP website https://cal.sap.com/catalog#/applianceTemplates Logon using SAP Universal-ID After you login, you will see additional options in the left hand navigation bar TIP: Sometimes the login does not work, so what you should do is to log in to SAP PartnerEdge or Universal ID website and then click the Login button …

SAP S4/HANA Installation For LAB and Development Work Read More »

SAP S4/HANA AWS High Availability Challenges with AWS Overlay IP Limitations

Challenges https://docs.aws.amazon.com/sap/latest/sap-hana/sap-oip-architecture.html SAP AWS Overlay IP Address Concept – Normal State SAP AWS Overlay IP Address Concept – Failover Scenario How this works in a failover scenario, who is going to update the routing table to point to the secondary HANA server Script aka SAP Resource Agent “aws-vpc-move-ip” This script runs inside the HANA DB …

SAP S4/HANA AWS High Availability Challenges with AWS Overlay IP Limitations Read More »

SAP on Aviatrix

Business-critical applications require business-critical infrastructure. Aviatrix Intelligent Cloud Networking™ delivers business-critical cloud networking that supports business-critical applications such as SAP S/4HANA. This post enlightens you with everything you want to know about running a business-critical application on a business-critical infrastructure provided by Aviatrix. Aviatrix Solution Brief for SAP S4/HANA Enterprises https://aviatrix.com/resources/solution-briefs/aviatrix-cloudmigrations-sb2022010 https://aviatrix.com/resources/solution-briefs/upgrade-your-cloud-networking-for-sap-migrations Aviatrix Solution for …

SAP on Aviatrix Read More »

Google Private Service Connect (PSC) Configuration for Google APIs

Introduction Enterprises are demanding to connect to various public cloud services without using the public IP address. They are asking to provide connectivity using the private IP for the following services Every CSP has its offering to cater to this need. Azure Private Link is an example. Google PSC is similar to Azure Private link …

Google Private Service Connect (PSC) Configuration for Google APIs Read More »

GCP FireNet

Draft Introduction Aviatrix Firewall Network Services (FireNet) simplify the Next Generation Firewall Insertion and Operations. FireNet is the simplest, highest performance, best scale-out architecture for next generation firewalls in the cloud. Following are some of the highlights Simple deployment, autoroute propagation to firewalls Advanced egress, IDS, IPS, and ingress security Maximize performance, scale, and visibility …

GCP FireNet Read More »

Aviatrix Kickstart – Spin up Cloud Networks in Minutes – UI Mode

Kickstart deploys cloud and multi-cloud networks in minutes without any effort. Once the hub/spoke transit network is built in the cloud, it will act as a core networking layer on which one can add more use-cases as needed later. The lightweight automation script deploys an Aviatrix controller and an Aviatrix transit architecture in AWS (and …

Aviatrix Kickstart – Spin up Cloud Networks in Minutes – UI Mode Read More »

LAB5 – Bring Your Own IP/Subnet in GCP (Overlapping IP)

Objective ACE Enterprise in GCP wants to connect to different partners to consume SaaS services. These partners could be present in physical DC or Branches; or in VPC/VNET in cloud such as GCP/AWS/Azure/etc. ACE cannot dictate or control the IPs/Subnets/CIDR those partners have configured and must support “Bring Your own IP” which might overlap with …

LAB5 – Bring Your Own IP/Subnet in GCP (Overlapping IP) Read More »

LAB4 – GCP FQDN Based Egress Security

This lab will demonstrate how to provide Fully Qualified Domain Name (FQDN) based Egress Filtering security using Aviatrix. Only those FQDNs will be allowed which are permitted in the configured policy. Egress FQDN Filtering Overview Aviatrix FQDN Egress is a highly available security service specifically designed for workloads or applications inthe public clouds. Aviatrix Egress …

LAB4 – GCP FQDN Based Egress Security Read More »

LAB3 – GCP Multi-Cloud Network Segmentation (MCNS)

It is important to provide security compliance and fulfill audit requirements by using various methods and network segmentation is one of them. Providing Network Security segmentation is a critical business requirement. Aviatrix MCNS is helping many customers who achieved this requirement. So far we have built following topology Our objective in this lab to segment …

LAB3 – GCP Multi-Cloud Network Segmentation (MCNS) Read More »

GCP Shared VPC Transit Design and Deploy For Enterprises

Introduction GCP shared VPC allows an organization to share or extend its vpc-network (you can also call it subnet) from one project (called host) to another project (called service/tenant). When you use Shared VPC in a project call “X”, you are automatically designating this project “X” as a host project. Now you can attach one …

GCP Shared VPC Transit Design and Deploy For Enterprises Read More »

Aviatrix Spoke GW and Workload VMs in Same GCP Shared VPC Subnets

This pattern is more suited for small deployments, PoC or lab setup where the networking is kept very simple. The Aviatrix transit GW is deployed inside the host-project. The Aviatrix spokes are also deployed inside the host-project but the VPC network (or subnet) is shared with the service/tenant VPC. This same shared VPC network (subnet) …

Aviatrix Spoke GW and Workload VMs in Same GCP Shared VPC Subnets Read More »