SlideShare a Scribd company logo

Five Connectivity and Security Use Cases for Azure VNets

K
Khash Nakhostin

As you complete your plans for moving IT infrastructure and application workloads to Azure, it’s important to understand what connectivity and security services Microsoft includes by default – and what’s missing. Though Azure comes with baseline capabilities, it’s still up to you to choose judiciously among many Azure-native and third-party options to address unique requirements. This session explores use cases, such as encrypting traffic between VNets holding sensitive data, remote user access to VNets, multi-cloud connectivity, and filtering egress traffic to the Internet. We cover the questions you should be asking: what are the key issues that matter, what does Microsoft provide, and what’s missing? We address these questions for each of the five most common use cases: On-prem to VNet VNet to VNet VNet to Internet (Egress) User to VNet VNet to AWS VPC We then demonstrate how a software-defined approach can deliver simplified and unified control over cloud routing, embracing both Azure-native and third-party services.

Technology
1 of 12
Download to read offline
Five Connectivity and Security Use Cases for Azure VNets Cloud Bootcamp #9 From Aviatrix October 11, 2018 Sherry Wei, Founder & CTO Neel Kamal, Head of Field Operations Frank Cabri, VP Product Marketing
© 2017 AVIATRIX SYSTEMS, INC . | 2© 2018 AVIATRIX SYSTEMS, INC . | 2 • Overview: Azure Cloud Networking • Azure Networking Scenarios - On-Prem to VNet - VNet to VNet - VNet to Internet - VNet to VPC (Multicloud) - User to VNet • Demo • Live Q & A Welcome & Agenda SHERRY WEI Founder & CTO NEEL KAMAL Head of Field Operations FEATURED SPEAKERS
© 2017 AVIATRIX SYSTEMS, INC . | 3© 2017 AVIATRIX SYSTEMS, INC . | 3 SPOKE VNET SPOKE VNET SPOKE VNET SPOKE VNET SPOKE VNET SPOKE VNET Overview: Azure Cloud Networking DatacenterUsers Customers Internet GCP ExpressRoute Gateway
© 2017 AVIATRIX SYSTEMS, INC . | 4© 2018 AVIATRIX SYSTEMS, INC . | 4 Azure Networking Scenarios (Use Cases) 1. On-Prem to VNet 2. VNet to VNet 3. VNet to Internet (Egress) 4. VNet to VPC (Multi- Cloud) 5. User to VNet (Remote Access)
© 2017 AVIATRIX SYSTEMS, INC . | 5© 2018 AVIATRIX SYSTEMS, INC . | 5 Why Does It Matter? • Secure connectivity between on-prem to VNet is critical. Data-in-motion over the Internet must be encrypted • Data-in-motion over ExpressRoute might also require encryption What Does Azure Provide Natively? • Azure VPN Gateway • Acts as a termination point for IPsec tunnels or Azure ExpressRoute tunnels • Scales to 1.25 Gbps VPN • Has a transit property • Bandwidth based pricing What Is Missing? • Limitations on the type of connectivity • Static routes: supports only one tunnel • Dynamic routes: up to 30 ( has a performance limitation beyond 10 tunnels) • Limitation on a Transit Hub: does not support cross-region spoke VNets • Limitation on segmentation: does not support isolation 1. On-Prem to VNet SPOKE VNET SPOKE VNET SPOKE VNET Datacenter ExpressRoute Gateway TRANSIT HUB
© 2017 AVIATRIX SYSTEMS, INC . | 6© 2018 AVIATRIX SYSTEMS, INC . | 6 What Is Missing? • Requires a Transit HUB for every region • There is no way to connect the Transit HUB of one region to another • Same issue for Shared Services VNet, forces customer to divide their shared services architecture into multiple shared services VNet. 1. On-Prem to VNet | Transit Architecture SPOKE VNET SPOKE VNET SPOKE VNET Datacenter ExpressRoute Gateway TRANSIT HUB SPOKE VNET SPOKE VNET SPOKE VNET Datacenter ExpressRoute Gateway TRANSIT HUB X
© 2017 AVIATRIX SYSTEMS, INC . | 7© 2018 AVIATRIX SYSTEMS, INC . | 7 Why Does It Matter? • Must comply with data privacy, data security and compliance policies (ex: data always encrypted in motion) • You can’t assume applications are encrypted at the app layer • Because tools like Puppet and Chef are not natively encrypted, you may need encrypted tunnels from a shared service VNet to spoke VNets What Does Azure Provide Natively? • Azure VNet peering • Azure global VNet peering What Is Missing? • Encryption - peerings are not encrypted • Azure global VNet peering is available only in limited regions. • Security policy (limitation) • At the VNet level: cannot do things like L4 firewalling • At the instance level: policies are limited to 50 entries (extendable to 250 on demand) and they are IP address-based 2. VNet to VNet SPOKE VNET SPOKE VNET TRANSIT HUB
© 2017 AVIATRIX SYSTEMS, INC . | 8© 2018 AVIATRIX SYSTEMS, INC . | 8 Why Does It Matter? • Disallowing Internet access from VNets is not going to work • Access to unwanted Internet sites or programs makes the application vulnerable • Forcing packets to go on-prem to access the Internet introduces latency and cost What Does Azure Provide Natively? • Azure Firewall • For HTTP/HTTPs: Supports application rules for http/https traffic with FQDN tags; supports wildcard and source address filtering • For non HTTP/HTTPS: Supports IP address-based network rules What Is Missing? • No FQDN support for non http/https traffic • No FQDN discovery • No IDS/IPS 3. VNet to Internet (Egress) SPOKE VNET SPOKE VNET Internet
© 2017 AVIATRIX SYSTEMS, INC . | 9© 2018 AVIATRIX SYSTEMS, INC . | 9 Why Does It Matter? • More organizations are adopting a multicloud strategy for best-of-breed cloud services • Partners or acquisitions may not be offering their services on VNet • Pricing optimization leads to multicloud choices What Does Azure Provide Natively? • No real options What are the Challenges? • No native peering across VNet to VPC • Trying to route VNet traffic to VPCs via an on-prem datacenter makes connectivity very complex (and expensive) • Puts more burden on your cloud engineering team because the networking constructs on VNets are very different from those on AWS VPCs or Google Cloud • Many vRouters don’t work in a multicloud environment 4. VNet to AWS VPC (MultiCloud) SPOKE VNET TRANSIT HUB
© 2017 AVIATRIX SYSTEMS, INC . | 10© 2018 AVIATRIX SYSTEMS, INC . | 10 Why Does It Matter? • Allowing developers unsecure access to VNet instances leads to data breaches and significant business risk • Compliance and regulations that require tracking of data access activities What Does Azure Provide Natively? • Azure P2S service • Azure OpenVPN (preview version only) What Is Missing? • P2S works only on Windows clients • Support for general SSL VPN clients • Strong authentication: LDAP, SAML, Okta, Duo, MFA, etc. • Network-level authorization: profile-based authorization • Audit reporting to track who accessed what, from where, and at what time 5. User to VNet (Remote Access) SPOKE VNET SPOKE VNET TRANSIT HUB Users
© 2017 AVIATRIX SYSTEMS, INC . | 11© 2017 AVIATRIX SYSTEMS, INC . | 11 SPOKE VNET SPOKE VNET SPOKE VNET SPOKE VNET SPOKE VNET SPOKE VNET DEMO DatacenterUsers Customers Internet GCP ExpressRoute Gateway Aviatrix Controller Aviatrix Gateway
© 2017 AVIATRIX SYSTEMS, INC . | 12© 2018 AVIATRIX SYSTEMS, INC . | 12 • You’ll receive email w/ a link to a replay and slides • Take 5 minutes and start a free 14-day trial …. https://www.aviatrix.com/trial • To view other bootcamps: https://www.aviatrix.com/bootcamps Next Steps with Aviatrix Use the Chat widget to talk live with a Solution Architect

Recommended

Containers Anywhere with OpenShift by Red Hat
Containers Anywhere with OpenShift by Red HatContainers Anywhere with OpenShift by Red Hat
Containers Anywhere with OpenShift by Red HatAmazon Web Services
 
Introduction to Microsoft Azure
Introduction to Microsoft AzureIntroduction to Microsoft Azure
Introduction to Microsoft AzureKasun Kodagoda
 
Microsoft Azure Technical Overview
Microsoft Azure Technical OverviewMicrosoft Azure Technical Overview
Microsoft Azure Technical Overviewgjuljo
 
Azure Introduction
Azure IntroductionAzure Introduction
Azure Introductionbrunoterkaly
 
Azure Arc Overview from Microsoft
Azure Arc Overview from MicrosoftAzure Arc Overview from Microsoft
Azure Arc Overview from MicrosoftDavid J Rosenthal
 
Azure Compute, Networking and Storage Overview
Azure Compute, Networking and Storage OverviewAzure Compute, Networking and Storage Overview
Azure Compute, Networking and Storage OverviewAzure Riyadh User Group
 
Using HashiCorp’s Terraform to build your infrastructure on AWS - Pop-up Loft...
Using HashiCorp’s Terraform to build your infrastructure on AWS - Pop-up Loft...Using HashiCorp’s Terraform to build your infrastructure on AWS - Pop-up Loft...
Using HashiCorp’s Terraform to build your infrastructure on AWS - Pop-up Loft...Amazon Web Services
 
Azure Networking (1).pptx
Azure Networking (1).pptxAzure Networking (1).pptx
Azure Networking (1).pptxRazith2
 

Recommended

Containers Anywhere with OpenShift by Red Hat
Containers Anywhere with OpenShift by Red HatContainers Anywhere with OpenShift by Red Hat
Containers Anywhere with OpenShift by Red HatAmazon Web Services
 
Introduction to Microsoft Azure
Introduction to Microsoft AzureIntroduction to Microsoft Azure
Introduction to Microsoft AzureKasun Kodagoda
 
Microsoft Azure Technical Overview
Microsoft Azure Technical OverviewMicrosoft Azure Technical Overview
Microsoft Azure Technical Overviewgjuljo
 
Azure Introduction
Azure IntroductionAzure Introduction
Azure Introductionbrunoterkaly
 
Azure Arc Overview from Microsoft
Azure Arc Overview from MicrosoftAzure Arc Overview from Microsoft
Azure Arc Overview from MicrosoftDavid J Rosenthal
 
Azure Compute, Networking and Storage Overview
Azure Compute, Networking and Storage OverviewAzure Compute, Networking and Storage Overview
Azure Compute, Networking and Storage OverviewAzure Riyadh User Group
 
Using HashiCorp’s Terraform to build your infrastructure on AWS - Pop-up Loft...
Using HashiCorp’s Terraform to build your infrastructure on AWS - Pop-up Loft...Using HashiCorp’s Terraform to build your infrastructure on AWS - Pop-up Loft...
Using HashiCorp’s Terraform to build your infrastructure on AWS - Pop-up Loft...Amazon Web Services
 
Azure Networking (1).pptx
Azure Networking (1).pptxAzure Networking (1).pptx
Azure Networking (1).pptxRazith2
 
Migrate to Microsoft Azure with Confidence
Migrate to Microsoft Azure with ConfidenceMigrate to Microsoft Azure with Confidence
Migrate to Microsoft Azure with ConfidenceDavid J Rosenthal
 
Introduction to Azure
Introduction to AzureIntroduction to Azure
Introduction to AzureRobert Crane
 
Cloud Migration Cookbook: A Guide To Moving Your Apps To The Cloud
Cloud Migration Cookbook: A Guide To Moving Your Apps To The CloudCloud Migration Cookbook: A Guide To Moving Your Apps To The Cloud
Cloud Migration Cookbook: A Guide To Moving Your Apps To The CloudNew Relic
 
Migrating On-Premises Workloads with Azure Migrate
Migrating On-Premises Workloads with Azure MigrateMigrating On-Premises Workloads with Azure Migrate
Migrating On-Premises Workloads with Azure MigrateDinusha Kumarasiri
 
Azure App Modernization
Azure App ModernizationAzure App Modernization
Azure App ModernizationPhi Huynh
 
Terraform introduction
Terraform introductionTerraform introduction
Terraform introductionJason Vance
 
The Ideal Approach to Application Modernization; Which Way to the Cloud?
The Ideal Approach to Application Modernization; Which Way to the Cloud?The Ideal Approach to Application Modernization; Which Way to the Cloud?
The Ideal Approach to Application Modernization; Which Way to the Cloud?Codit
 
Monitoring With Prometheus
Monitoring With PrometheusMonitoring With Prometheus
Monitoring With PrometheusKnoldus Inc.
 
App Modernization with Microsoft Azure
App Modernization with Microsoft AzureApp Modernization with Microsoft Azure
App Modernization with Microsoft AzureMicrosoft Tech Community
 
Cloud Migration, Application Modernization and Security for Partners
Cloud Migration, Application Modernization and Security for PartnersCloud Migration, Application Modernization and Security for Partners
Cloud Migration, Application Modernization and Security for PartnersAmazon Web Services
 
Kubernetes Concepts And Architecture Powerpoint Presentation Slides
Kubernetes Concepts And Architecture Powerpoint Presentation SlidesKubernetes Concepts And Architecture Powerpoint Presentation Slides
Kubernetes Concepts And Architecture Powerpoint Presentation SlidesSlideTeam
 
Cloud Migration: A How-To Guide
Cloud Migration: A How-To GuideCloud Migration: A How-To Guide
Cloud Migration: A How-To GuideAmazon Web Services
 
Azure migration
Azure migrationAzure migration
Azure migrationArnon Rotem-Gal-Oz
 
AWS DevOps - Terraform, Docker, HashiCorp Vault
AWS DevOps - Terraform, Docker, HashiCorp VaultAWS DevOps - Terraform, Docker, HashiCorp Vault
AWS DevOps - Terraform, Docker, HashiCorp VaultGrzegorz Adamowicz
 
Why Kubernetes on Azure
Why Kubernetes on AzureWhy Kubernetes on Azure
Why Kubernetes on AzureMicrosoft Tech Community
 
Azure App Service
Azure App ServiceAzure App Service
Azure App ServiceBizTalk360
 
Microsoft Cloud Adoption Framework for Azure: Thru Partner Governance Workshop
Microsoft Cloud Adoption Framework for Azure: Thru Partner Governance WorkshopMicrosoft Cloud Adoption Framework for Azure: Thru Partner Governance Workshop
Microsoft Cloud Adoption Framework for Azure: Thru Partner Governance WorkshopNicholas Vossburg
 
Azure key vault
Azure key vaultAzure key vault
Azure key vaultRahul Nath
 
Data Center Migration to the AWS Cloud
Data Center Migration to the AWS CloudData Center Migration to the AWS Cloud
Data Center Migration to the AWS CloudTom Laszewski
 
An introduction to terraform
An introduction to terraformAn introduction to terraform
An introduction to terraformJulien Pivotto
 
Security Requirements and Tradeoffs for Controlling VPC-to-Internet Egress Tr...
Security Requirements and Tradeoffs for Controlling VPC-to-Internet Egress Tr...Security Requirements and Tradeoffs for Controlling VPC-to-Internet Egress Tr...
Security Requirements and Tradeoffs for Controlling VPC-to-Internet Egress Tr...Khash Nakhostin
 
Securing Your AWS Global Transit Network: Are You Asking the Right Questions?
Securing Your AWS Global Transit Network: Are You Asking the Right Questions?Securing Your AWS Global Transit Network: Are You Asking the Right Questions?
Securing Your AWS Global Transit Network: Are You Asking the Right Questions?Khash Nakhostin
 

More Related Content

What's hot

Migrate to Microsoft Azure with Confidence
Migrate to Microsoft Azure with ConfidenceMigrate to Microsoft Azure with Confidence
Migrate to Microsoft Azure with ConfidenceDavid J Rosenthal
 
Introduction to Azure
Introduction to AzureIntroduction to Azure
Introduction to AzureRobert Crane
 
Cloud Migration Cookbook: A Guide To Moving Your Apps To The Cloud
Cloud Migration Cookbook: A Guide To Moving Your Apps To The CloudCloud Migration Cookbook: A Guide To Moving Your Apps To The Cloud
Cloud Migration Cookbook: A Guide To Moving Your Apps To The CloudNew Relic
 
Migrating On-Premises Workloads with Azure Migrate
Migrating On-Premises Workloads with Azure MigrateMigrating On-Premises Workloads with Azure Migrate
Migrating On-Premises Workloads with Azure MigrateDinusha Kumarasiri
 
Azure App Modernization
Azure App ModernizationAzure App Modernization
Azure App ModernizationPhi Huynh
 
Terraform introduction
Terraform introductionTerraform introduction
Terraform introductionJason Vance
 
The Ideal Approach to Application Modernization; Which Way to the Cloud?
The Ideal Approach to Application Modernization; Which Way to the Cloud?The Ideal Approach to Application Modernization; Which Way to the Cloud?
The Ideal Approach to Application Modernization; Which Way to the Cloud?Codit
 
Monitoring With Prometheus
Monitoring With PrometheusMonitoring With Prometheus
Monitoring With PrometheusKnoldus Inc.
 
Cloud Migration, Application Modernization and Security for Partners
Cloud Migration, Application Modernization and Security for PartnersCloud Migration, Application Modernization and Security for Partners
Cloud Migration, Application Modernization and Security for PartnersAmazon Web Services
 
Kubernetes Concepts And Architecture Powerpoint Presentation Slides
Kubernetes Concepts And Architecture Powerpoint Presentation SlidesKubernetes Concepts And Architecture Powerpoint Presentation Slides
Kubernetes Concepts And Architecture Powerpoint Presentation SlidesSlideTeam
 
AWS DevOps - Terraform, Docker, HashiCorp Vault
AWS DevOps - Terraform, Docker, HashiCorp VaultAWS DevOps - Terraform, Docker, HashiCorp Vault
AWS DevOps - Terraform, Docker, HashiCorp VaultGrzegorz Adamowicz
 
Azure App Service
Azure App ServiceAzure App Service
Azure App ServiceBizTalk360
 
Microsoft Cloud Adoption Framework for Azure: Thru Partner Governance Workshop
Microsoft Cloud Adoption Framework for Azure: Thru Partner Governance WorkshopMicrosoft Cloud Adoption Framework for Azure: Thru Partner Governance Workshop
Microsoft Cloud Adoption Framework for Azure: Thru Partner Governance WorkshopNicholas Vossburg
 
Azure key vault
Azure key vaultAzure key vault
Azure key vaultRahul Nath
 
Data Center Migration to the AWS Cloud
Data Center Migration to the AWS CloudData Center Migration to the AWS Cloud
Data Center Migration to the AWS CloudTom Laszewski
 
An introduction to terraform
An introduction to terraformAn introduction to terraform
An introduction to terraformJulien Pivotto
 

What's hot (20)

Migrate to Microsoft Azure with Confidence
Migrate to Microsoft Azure with ConfidenceMigrate to Microsoft Azure with Confidence
Migrate to Microsoft Azure with Confidence
 
Introduction to Azure
Introduction to AzureIntroduction to Azure
Introduction to Azure
 
Cloud Migration Cookbook: A Guide To Moving Your Apps To The Cloud
Cloud Migration Cookbook: A Guide To Moving Your Apps To The CloudCloud Migration Cookbook: A Guide To Moving Your Apps To The Cloud
Cloud Migration Cookbook: A Guide To Moving Your Apps To The Cloud
 
Migrating On-Premises Workloads with Azure Migrate
Migrating On-Premises Workloads with Azure MigrateMigrating On-Premises Workloads with Azure Migrate
Migrating On-Premises Workloads with Azure Migrate
 
Azure App Modernization
Azure App ModernizationAzure App Modernization
Azure App Modernization
 
Terraform introduction
Terraform introductionTerraform introduction
Terraform introduction
 
The Ideal Approach to Application Modernization; Which Way to the Cloud?
The Ideal Approach to Application Modernization; Which Way to the Cloud?The Ideal Approach to Application Modernization; Which Way to the Cloud?
The Ideal Approach to Application Modernization; Which Way to the Cloud?
 
Monitoring With Prometheus
Monitoring With PrometheusMonitoring With Prometheus
Monitoring With Prometheus
 
App Modernization with Microsoft Azure
App Modernization with Microsoft AzureApp Modernization with Microsoft Azure
App Modernization with Microsoft Azure
 
Cloud Migration, Application Modernization and Security for Partners
Cloud Migration, Application Modernization and Security for PartnersCloud Migration, Application Modernization and Security for Partners
Cloud Migration, Application Modernization and Security for Partners
 
Kubernetes Concepts And Architecture Powerpoint Presentation Slides
Kubernetes Concepts And Architecture Powerpoint Presentation SlidesKubernetes Concepts And Architecture Powerpoint Presentation Slides
Kubernetes Concepts And Architecture Powerpoint Presentation Slides
 
Cloud Migration: A How-To Guide
Cloud Migration: A How-To GuideCloud Migration: A How-To Guide
Cloud Migration: A How-To Guide
 
Azure migration
Azure migrationAzure migration
Azure migration
 
AWS DevOps - Terraform, Docker, HashiCorp Vault
AWS DevOps - Terraform, Docker, HashiCorp VaultAWS DevOps - Terraform, Docker, HashiCorp Vault
AWS DevOps - Terraform, Docker, HashiCorp Vault
 
Why Kubernetes on Azure
Why Kubernetes on AzureWhy Kubernetes on Azure
Why Kubernetes on Azure
 
Azure App Service
Azure App ServiceAzure App Service
Azure App Service
 
Microsoft Cloud Adoption Framework for Azure: Thru Partner Governance Workshop
Microsoft Cloud Adoption Framework for Azure: Thru Partner Governance WorkshopMicrosoft Cloud Adoption Framework for Azure: Thru Partner Governance Workshop
Microsoft Cloud Adoption Framework for Azure: Thru Partner Governance Workshop
 
Azure key vault
Azure key vaultAzure key vault
Azure key vault
 
Data Center Migration to the AWS Cloud
Data Center Migration to the AWS CloudData Center Migration to the AWS Cloud
Data Center Migration to the AWS Cloud
 
An introduction to terraform
An introduction to terraformAn introduction to terraform
An introduction to terraform
 

Similar to Five Connectivity and Security Use Cases for Azure VNets

Security Requirements and Tradeoffs for Controlling VPC-to-Internet Egress Tr...
Security Requirements and Tradeoffs for Controlling VPC-to-Internet Egress Tr...Security Requirements and Tradeoffs for Controlling VPC-to-Internet Egress Tr...
Security Requirements and Tradeoffs for Controlling VPC-to-Internet Egress Tr...Khash Nakhostin
 
Securing Your AWS Global Transit Network: Are You Asking the Right Questions?
Securing Your AWS Global Transit Network: Are You Asking the Right Questions?Securing Your AWS Global Transit Network: Are You Asking the Right Questions?
Securing Your AWS Global Transit Network: Are You Asking the Right Questions?Khash Nakhostin
 
Three Innovations that Define a “Next-Generation Global Transit Hub”
Three Innovations that Define a “Next-Generation Global Transit Hub”Three Innovations that Define a “Next-Generation Global Transit Hub”
Three Innovations that Define a “Next-Generation Global Transit Hub”Khash Nakhostin
 
Seven Criteria for Building an AWS Global Transit Network
Seven Criteria for Building an AWS Global Transit NetworkSeven Criteria for Building an AWS Global Transit Network
Seven Criteria for Building an AWS Global Transit NetworkKhash Nakhostin
 
Network Troubleshooting in the Cloud: Tools, Techniques and Gotchas
Network Troubleshooting in the Cloud: Tools, Techniques and GotchasNetwork Troubleshooting in the Cloud: Tools, Techniques and Gotchas
Network Troubleshooting in the Cloud: Tools, Techniques and GotchasKhash Nakhostin
 
Securely Connecting Your Customers to Their Cloud-Hosted App – In Minutes
Securely Connecting Your Customers to Their Cloud-Hosted App – In MinutesSecurely Connecting Your Customers to Their Cloud-Hosted App – In Minutes
Securely Connecting Your Customers to Their Cloud-Hosted App – In MinutesKhash Nakhostin
 
Getting the Most Value from Your Aviatrix Controller & Gateways
Getting the Most Value from Your Aviatrix Controller & GatewaysGetting the Most Value from Your Aviatrix Controller & Gateways
Getting the Most Value from Your Aviatrix Controller & GatewaysKhash Nakhostin
 
Secure Remote Access to AWS: Why OpenVPN & Jump Hosts Aren’t Enough
Secure Remote Access to AWS: Why OpenVPN & Jump Hosts Aren’t EnoughSecure Remote Access to AWS: Why OpenVPN & Jump Hosts Aren’t Enough
Secure Remote Access to AWS: Why OpenVPN & Jump Hosts Aren’t EnoughKhash Nakhostin
 
Next Generation DDoS Services – can we do this with NFV? - CF Chui
Next Generation DDoS Services – can we do this with NFV? - CF ChuiNext Generation DDoS Services – can we do this with NFV? - CF Chui
Next Generation DDoS Services – can we do this with NFV? - CF ChuiMyNOG
 
Service-mesh options with Linkerd, Consul, Istio and AWS AppMesh
Service-mesh options with Linkerd, Consul, Istio and AWS AppMeshService-mesh options with Linkerd, Consul, Istio and AWS AppMesh
Service-mesh options with Linkerd, Consul, Istio and AWS AppMeshChristian Posta
 
What You Need to Know About Operationalizing Your AWS Transit Hub
What You Need to Know About Operationalizing Your AWS Transit HubWhat You Need to Know About Operationalizing Your AWS Transit Hub
What You Need to Know About Operationalizing Your AWS Transit HubKhash Nakhostin
 
Kubernetes Ingress to Service Mesh (and beyond!)
Kubernetes Ingress to Service Mesh (and beyond!)Kubernetes Ingress to Service Mesh (and beyond!)
Kubernetes Ingress to Service Mesh (and beyond!)Christian Posta
 
End to End Application Visibility and Troubleshooting Across the Virtual Clou...
End to End Application Visibility and Troubleshooting Across the Virtual Clou...End to End Application Visibility and Troubleshooting Across the Virtual Clou...
End to End Application Visibility and Troubleshooting Across the Virtual Clou...NETSCOUT
 
Navigating the service mesh landscape with Istio, Consul Connect, and Linkerd
Navigating the service mesh landscape with Istio, Consul Connect, and LinkerdNavigating the service mesh landscape with Istio, Consul Connect, and Linkerd
Navigating the service mesh landscape with Istio, Consul Connect, and LinkerdChristian Posta
 
PLNOG14: The benefits of "OPEN" in networking for operators - Joerg Ammon, Br...
PLNOG14: The benefits of "OPEN" in networking for operators - Joerg Ammon, Br...PLNOG14: The benefits of "OPEN" in networking for operators - Joerg Ammon, Br...
PLNOG14: The benefits of "OPEN" in networking for operators - Joerg Ammon, Br...PROIDEA
 
AzureConf 2014 - Azure hybrid connections (Sam Vanhoutte)
AzureConf 2014 - Azure hybrid connections (Sam Vanhoutte)AzureConf 2014 - Azure hybrid connections (Sam Vanhoutte)
AzureConf 2014 - Azure hybrid connections (Sam Vanhoutte)Sam Vanhoutte
 
Putting the M in MANO: Major new Ensemble release delivers NFV management and...
Putting the M in MANO: Major new Ensemble release delivers NFV management and...Putting the M in MANO: Major new Ensemble release delivers NFV management and...
Putting the M in MANO: Major new Ensemble release delivers NFV management and...ADVA
 
Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?DevOps.com
 
Building a Paper Trail: Let OVH show you how to secure and audit a Public Cloud
Building a Paper Trail: Let OVH show you how to secure and audit a Public Cloud Building a Paper Trail: Let OVH show you how to secure and audit a Public Cloud
Building a Paper Trail: Let OVH show you how to secure and audit a Public Cloud OVH US
 
Data Plane Matters! A Deep Dive and Demo on NGINX Service Mesh
Data Plane Matters! A Deep Dive and Demo on NGINX Service MeshData Plane Matters! A Deep Dive and Demo on NGINX Service Mesh
Data Plane Matters! A Deep Dive and Demo on NGINX Service MeshNGINX, Inc.
 

Similar to Five Connectivity and Security Use Cases for Azure VNets (20)

Security Requirements and Tradeoffs for Controlling VPC-to-Internet Egress Tr...
Security Requirements and Tradeoffs for Controlling VPC-to-Internet Egress Tr...Security Requirements and Tradeoffs for Controlling VPC-to-Internet Egress Tr...
Security Requirements and Tradeoffs for Controlling VPC-to-Internet Egress Tr...
 
Securing Your AWS Global Transit Network: Are You Asking the Right Questions?
Securing Your AWS Global Transit Network: Are You Asking the Right Questions?Securing Your AWS Global Transit Network: Are You Asking the Right Questions?
Securing Your AWS Global Transit Network: Are You Asking the Right Questions?
 
Three Innovations that Define a “Next-Generation Global Transit Hub”
Three Innovations that Define a “Next-Generation Global Transit Hub”Three Innovations that Define a “Next-Generation Global Transit Hub”
Three Innovations that Define a “Next-Generation Global Transit Hub”
 
Seven Criteria for Building an AWS Global Transit Network
Seven Criteria for Building an AWS Global Transit NetworkSeven Criteria for Building an AWS Global Transit Network
Seven Criteria for Building an AWS Global Transit Network
 
Network Troubleshooting in the Cloud: Tools, Techniques and Gotchas
Network Troubleshooting in the Cloud: Tools, Techniques and GotchasNetwork Troubleshooting in the Cloud: Tools, Techniques and Gotchas
Network Troubleshooting in the Cloud: Tools, Techniques and Gotchas
 
Securely Connecting Your Customers to Their Cloud-Hosted App – In Minutes
Securely Connecting Your Customers to Their Cloud-Hosted App – In MinutesSecurely Connecting Your Customers to Their Cloud-Hosted App – In Minutes
Securely Connecting Your Customers to Their Cloud-Hosted App – In Minutes
 
Getting the Most Value from Your Aviatrix Controller & Gateways
Getting the Most Value from Your Aviatrix Controller & GatewaysGetting the Most Value from Your Aviatrix Controller & Gateways
Getting the Most Value from Your Aviatrix Controller & Gateways
 
Secure Remote Access to AWS: Why OpenVPN & Jump Hosts Aren’t Enough
Secure Remote Access to AWS: Why OpenVPN & Jump Hosts Aren’t EnoughSecure Remote Access to AWS: Why OpenVPN & Jump Hosts Aren’t Enough
Secure Remote Access to AWS: Why OpenVPN & Jump Hosts Aren’t Enough
 
Next Generation DDoS Services – can we do this with NFV? - CF Chui
Next Generation DDoS Services – can we do this with NFV? - CF ChuiNext Generation DDoS Services – can we do this with NFV? - CF Chui
Next Generation DDoS Services – can we do this with NFV? - CF Chui
 
Service-mesh options with Linkerd, Consul, Istio and AWS AppMesh
Service-mesh options with Linkerd, Consul, Istio and AWS AppMeshService-mesh options with Linkerd, Consul, Istio and AWS AppMesh
Service-mesh options with Linkerd, Consul, Istio and AWS AppMesh
 
What You Need to Know About Operationalizing Your AWS Transit Hub
What You Need to Know About Operationalizing Your AWS Transit HubWhat You Need to Know About Operationalizing Your AWS Transit Hub
What You Need to Know About Operationalizing Your AWS Transit Hub
 
Kubernetes Ingress to Service Mesh (and beyond!)
Kubernetes Ingress to Service Mesh (and beyond!)Kubernetes Ingress to Service Mesh (and beyond!)
Kubernetes Ingress to Service Mesh (and beyond!)
 
End to End Application Visibility and Troubleshooting Across the Virtual Clou...
End to End Application Visibility and Troubleshooting Across the Virtual Clou...End to End Application Visibility and Troubleshooting Across the Virtual Clou...
End to End Application Visibility and Troubleshooting Across the Virtual Clou...
 
Navigating the service mesh landscape with Istio, Consul Connect, and Linkerd
Navigating the service mesh landscape with Istio, Consul Connect, and LinkerdNavigating the service mesh landscape with Istio, Consul Connect, and Linkerd
Navigating the service mesh landscape with Istio, Consul Connect, and Linkerd
 
PLNOG14: The benefits of "OPEN" in networking for operators - Joerg Ammon, Br...
PLNOG14: The benefits of "OPEN" in networking for operators - Joerg Ammon, Br...PLNOG14: The benefits of "OPEN" in networking for operators - Joerg Ammon, Br...
PLNOG14: The benefits of "OPEN" in networking for operators - Joerg Ammon, Br...
 
AzureConf 2014 - Azure hybrid connections (Sam Vanhoutte)
AzureConf 2014 - Azure hybrid connections (Sam Vanhoutte)AzureConf 2014 - Azure hybrid connections (Sam Vanhoutte)
AzureConf 2014 - Azure hybrid connections (Sam Vanhoutte)
 
Putting the M in MANO: Major new Ensemble release delivers NFV management and...
Putting the M in MANO: Major new Ensemble release delivers NFV management and...Putting the M in MANO: Major new Ensemble release delivers NFV management and...
Putting the M in MANO: Major new Ensemble release delivers NFV management and...
 
Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?
 
Building a Paper Trail: Let OVH show you how to secure and audit a Public Cloud
Building a Paper Trail: Let OVH show you how to secure and audit a Public Cloud Building a Paper Trail: Let OVH show you how to secure and audit a Public Cloud
Building a Paper Trail: Let OVH show you how to secure and audit a Public Cloud
 
Data Plane Matters! A Deep Dive and Demo on NGINX Service Mesh
Data Plane Matters! A Deep Dive and Demo on NGINX Service MeshData Plane Matters! A Deep Dive and Demo on NGINX Service Mesh
Data Plane Matters! A Deep Dive and Demo on NGINX Service Mesh
 

Recently uploaded

Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGSujit Pal
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 

Recently uploaded (20)

Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAG
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 

Five Connectivity and Security Use Cases for Azure VNets

  • 1. Five Connectivity and Security Use Cases for Azure VNets Cloud Bootcamp #9 From Aviatrix October 11, 2018 Sherry Wei, Founder & CTO Neel Kamal, Head of Field Operations Frank Cabri, VP Product Marketing
  • 2. © 2017 AVIATRIX SYSTEMS, INC . | 2© 2018 AVIATRIX SYSTEMS, INC . | 2 • Overview: Azure Cloud Networking • Azure Networking Scenarios - On-Prem to VNet - VNet to VNet - VNet to Internet - VNet to VPC (Multicloud) - User to VNet • Demo • Live Q & A Welcome & Agenda SHERRY WEI Founder & CTO NEEL KAMAL Head of Field Operations FEATURED SPEAKERS
  • 3. © 2017 AVIATRIX SYSTEMS, INC . | 3© 2017 AVIATRIX SYSTEMS, INC . | 3 SPOKE VNET SPOKE VNET SPOKE VNET SPOKE VNET SPOKE VNET SPOKE VNET Overview: Azure Cloud Networking DatacenterUsers Customers Internet GCP ExpressRoute Gateway
  • 4. © 2017 AVIATRIX SYSTEMS, INC . | 4© 2018 AVIATRIX SYSTEMS, INC . | 4 Azure Networking Scenarios (Use Cases) 1. On-Prem to VNet 2. VNet to VNet 3. VNet to Internet (Egress) 4. VNet to VPC (Multi- Cloud) 5. User to VNet (Remote Access)
  • 5. © 2017 AVIATRIX SYSTEMS, INC . | 5© 2018 AVIATRIX SYSTEMS, INC . | 5 Why Does It Matter? • Secure connectivity between on-prem to VNet is critical. Data-in-motion over the Internet must be encrypted • Data-in-motion over ExpressRoute might also require encryption What Does Azure Provide Natively? • Azure VPN Gateway • Acts as a termination point for IPsec tunnels or Azure ExpressRoute tunnels • Scales to 1.25 Gbps VPN • Has a transit property • Bandwidth based pricing What Is Missing? • Limitations on the type of connectivity • Static routes: supports only one tunnel • Dynamic routes: up to 30 ( has a performance limitation beyond 10 tunnels) • Limitation on a Transit Hub: does not support cross-region spoke VNets • Limitation on segmentation: does not support isolation 1. On-Prem to VNet SPOKE VNET SPOKE VNET SPOKE VNET Datacenter ExpressRoute Gateway TRANSIT HUB
  • 6. © 2017 AVIATRIX SYSTEMS, INC . | 6© 2018 AVIATRIX SYSTEMS, INC . | 6 What Is Missing? • Requires a Transit HUB for every region • There is no way to connect the Transit HUB of one region to another • Same issue for Shared Services VNet, forces customer to divide their shared services architecture into multiple shared services VNet. 1. On-Prem to VNet | Transit Architecture SPOKE VNET SPOKE VNET SPOKE VNET Datacenter ExpressRoute Gateway TRANSIT HUB SPOKE VNET SPOKE VNET SPOKE VNET Datacenter ExpressRoute Gateway TRANSIT HUB X
  • 7. © 2017 AVIATRIX SYSTEMS, INC . | 7© 2018 AVIATRIX SYSTEMS, INC . | 7 Why Does It Matter? • Must comply with data privacy, data security and compliance policies (ex: data always encrypted in motion) • You can’t assume applications are encrypted at the app layer • Because tools like Puppet and Chef are not natively encrypted, you may need encrypted tunnels from a shared service VNet to spoke VNets What Does Azure Provide Natively? • Azure VNet peering • Azure global VNet peering What Is Missing? • Encryption - peerings are not encrypted • Azure global VNet peering is available only in limited regions. • Security policy (limitation) • At the VNet level: cannot do things like L4 firewalling • At the instance level: policies are limited to 50 entries (extendable to 250 on demand) and they are IP address-based 2. VNet to VNet SPOKE VNET SPOKE VNET TRANSIT HUB
  • 8. © 2017 AVIATRIX SYSTEMS, INC . | 8© 2018 AVIATRIX SYSTEMS, INC . | 8 Why Does It Matter? • Disallowing Internet access from VNets is not going to work • Access to unwanted Internet sites or programs makes the application vulnerable • Forcing packets to go on-prem to access the Internet introduces latency and cost What Does Azure Provide Natively? • Azure Firewall • For HTTP/HTTPs: Supports application rules for http/https traffic with FQDN tags; supports wildcard and source address filtering • For non HTTP/HTTPS: Supports IP address-based network rules What Is Missing? • No FQDN support for non http/https traffic • No FQDN discovery • No IDS/IPS 3. VNet to Internet (Egress) SPOKE VNET SPOKE VNET Internet
  • 9. © 2017 AVIATRIX SYSTEMS, INC . | 9© 2018 AVIATRIX SYSTEMS, INC . | 9 Why Does It Matter? • More organizations are adopting a multicloud strategy for best-of-breed cloud services • Partners or acquisitions may not be offering their services on VNet • Pricing optimization leads to multicloud choices What Does Azure Provide Natively? • No real options What are the Challenges? • No native peering across VNet to VPC • Trying to route VNet traffic to VPCs via an on-prem datacenter makes connectivity very complex (and expensive) • Puts more burden on your cloud engineering team because the networking constructs on VNets are very different from those on AWS VPCs or Google Cloud • Many vRouters don’t work in a multicloud environment 4. VNet to AWS VPC (MultiCloud) SPOKE VNET TRANSIT HUB
  • 10. © 2017 AVIATRIX SYSTEMS, INC . | 10© 2018 AVIATRIX SYSTEMS, INC . | 10 Why Does It Matter? • Allowing developers unsecure access to VNet instances leads to data breaches and significant business risk • Compliance and regulations that require tracking of data access activities What Does Azure Provide Natively? • Azure P2S service • Azure OpenVPN (preview version only) What Is Missing? • P2S works only on Windows clients • Support for general SSL VPN clients • Strong authentication: LDAP, SAML, Okta, Duo, MFA, etc. • Network-level authorization: profile-based authorization • Audit reporting to track who accessed what, from where, and at what time 5. User to VNet (Remote Access) SPOKE VNET SPOKE VNET TRANSIT HUB Users
  • 11. © 2017 AVIATRIX SYSTEMS, INC . | 11© 2017 AVIATRIX SYSTEMS, INC . | 11 SPOKE VNET SPOKE VNET SPOKE VNET SPOKE VNET SPOKE VNET SPOKE VNET DEMO DatacenterUsers Customers Internet GCP ExpressRoute Gateway Aviatrix Controller Aviatrix Gateway
  • 12. © 2017 AVIATRIX SYSTEMS, INC . | 12© 2018 AVIATRIX SYSTEMS, INC . | 12 • You’ll receive email w/ a link to a replay and slides • Take 5 minutes and start a free 14-day trial …. https://www.aviatrix.com/trial • To view other bootcamps: https://www.aviatrix.com/bootcamps Next Steps with Aviatrix Use the Chat widget to talk live with a Solution Architect