SlideShare a Scribd company logo

Getting the Most Value from Your Aviatrix Controller & Gateways

Download as PPTX, PDF
K
Khash Nakhostin

The Aviatrix AVX Software-Defined Cloud Router establishes an abstraction layer between the public cloud provider’s networking primitives and the application to simplify the creation of logical cloud networks and services for hybrid connectivity, data security, multicloud connectivity, monitoring and troubleshooting. The solution consists of two components: Aviatrix Controller; and the Aviatrix Gateways, all of which are deployed in your VPCs or the on-premises environment.

Technology
1 of 13
Getting the Most Value from Your Aviatrix Controller & Gateways Gaurav Thakur Technical Customer Success Lead Customer Webinar: February 20, 2019
 Aviatrix User VPN  Logging for User Metrics  Multi VPC Design  Multi Region and Multi Cloud Design  What else can we do with Aviatrix Controller and Gateways  Use Case: Policy based Egress  Use Case: Transit  Live Q & A Agenda LOOK FOR THIS BUTTON
© 2017 AVIATRIX SYSTEMS, INC . | 3 • Why is Logging important? - Who accessed what at what time? - Compliance Reports: like PCI or HIPPA requirements - Audit Trail - Operational control - Troubleshooting - SIEM Integration User VPN – Supported Logging Platforms AWS VPC Contractor profile {accept to X, Z deny all} Employee profile {accept to all} Partner profile {accept to Z deny all} Profile Logging/Audit • Logstash • Splunk • SumoLogic • Remote Syslog • Datadog • NetFlow • CloudWatch
 Login / Logout time  VPN Sessions Details  Source and Destination details  Packet sizes  VPN User Connection History  Bandwidth Usage  Profile information  What IPs were accessed during the session Logging | What information is available? This is included with your existing license
© 2017 AVIATRIX SYSTEMS, INC . | 5 Additional consideration of this architecture: • Internet Access required • Might need policy based control so you can limit the access to certain sites/URLs (FQDN) • Ongoing enforcement • In case of SIEM integration or archival data dump, need policy control over ftp sites too Logging – setup and configuration AWS VPC Splunk Access to Internet Sumo Logic Logging Server 1 Logging Server 2
© 2017 AVIATRIX SYSTEMS, INC . | 6 • Why does it matter: - Control on what URLs are accessed by the workloads in the VPC - URL based filtering - Compliance requires policy based egress • Native Options - Security Groups - Network ACLs • What value does Aviatrix bring to the table - FQDN based Egress Control - Ability to enforce policies - Provides NATing capability Policy based Egress Control Internet Centralized Management AVX gateway …. VPC 1 VPC 2 VPC 3 VPC 4 VPC 100 ubuntu.com office365.com Mysftpserver.co myandrex.ru fakenews.ro Contractor profile {accept to X, Z deny all} Employee profile {accept to all} Partner profile {accept to Z deny all}
 Aviatrix User VPN  Logging for User Metric  Multi VPC Design  Multi Region and Multi Cloud Design  What else can we do with Aviatrix Controller and Gateway  Use Case: Policy based Egress  Use Case: Transit  Live Q & A Agenda LOOK FOR THIS BUTTON
© 2017 AVIATRIX SYSTEMS, INC . | 8 VPC 2VPC 1 VPC 3 VPC 4 Contractor profile {accept to X, Z deny all} Employee profile {accept to all} Partner profile {accept to Z deny all} Profile Having a VPN gateway in each VPC is not desirable, because: a) Users will have to deal with and switch between multiple VPN certificates b) Will have to provision users separately for each VPN gateway c) Not a scalable option Multi VPC/Multi Region/Multi Cloud Design
© 2017 AVIATRIX SYSTEMS, INC . | 9 Solution #1: Peering VPC 1 VPC 3 VPC 4 VPC 2 Peering Contractor profile {accept to X, Z deny all} Employee profile {accept to all} Partner profile {accept to Z deny all} Profile • Why does it matter: - Looking to connect multiple VPCs/VNETs together - Want to have a single VPN landing zone for all the remote users • Native Option - Peering • Problems/Disadvantages - Not a scalable option - Hard to manage network segregation: Dev vs Prod - May get expensive once the network starts growing: adding more VPCs
© 2017 AVIATRIX SYSTEMS, INC . | 10 • Why does it matter: - Looking for a scalable network design for your VPN needs - Multiple VPCs/Multiple Regions/Multi- cloud • Native Option - AWS Transit Gateway - Azure Transit VNET • What value does Aviatrix bring to the table - NativePlusTM Architecture (Native Options + Aviatrix Value Add) • AWS Transit Gateway + Aviatrix TGW Orchestrator • Aviatrix Azure Transit Solution - Enables cross/multi cloud connectivity - Consolidates edge connectivity - Encryption Solution #2: Next Gen Transit Network AVX Controller Spoke Spoke Spoke Spoke TGW Shared Service VPC Contractor profile {accept to X, Z deny all} Employee profile {accept to all} Partner profile {accept to Z deny all} Profile
 You’ll receive email with link to a replay and slides  Reach out to us on: Email: customersuccess@aviatrix.com  Use the chat widget on our website to talk live with a Solution Architect Next Steps with Aviatrix Use the Chat widget to talk live with a Solution Architect
Thank you.
© 2017 AVIATRIX SYSTEMS, INC . | 13 AVX Edge VPC Direct Connect / Internet Spoke Spoke Spoke Spoke Shared Service VPC Spoke VGW Spoke AVX gateway Spoke AVX Controller Security domain: Dev Security domain: Prod Security domain: Shared Service Security domain: Edge On Prem 1 Next-Gen Transit Solution All the Native TGW benefits plus: Full Automation TGW orchestration Routing orchestration Define and implement security domains Monitoring and visualization Consolidated Edge Consolidate all your edges to one Transit VPC Support DX Support Multicloud Support Transit DMZ Overcome 100 route limit On Prem 2 Aviatrix solution built using AWS TGW AWS TGW Contractor profile {accept to X, Z deny all} Employee profile {accept to all} Partner profile {accept to Z deny all} Profile

Recommended

Three Innovations that Define a “Next-Generation Global Transit Hub”
Three Innovations that Define a “Next-Generation Global Transit Hub”Three Innovations that Define a “Next-Generation Global Transit Hub”
Three Innovations that Define a “Next-Generation Global Transit Hub”Khash Nakhostin
 
Five Connectivity and Security Use Cases for Azure VNets
Five Connectivity and Security Use Cases for Azure VNetsFive Connectivity and Security Use Cases for Azure VNets
Five Connectivity and Security Use Cases for Azure VNetsKhash Nakhostin
 
What You Need to Know About Operationalizing Your AWS Transit Hub
What You Need to Know About Operationalizing Your AWS Transit HubWhat You Need to Know About Operationalizing Your AWS Transit Hub
What You Need to Know About Operationalizing Your AWS Transit HubKhash Nakhostin
 
Security Requirements and Tradeoffs for Controlling VPC-to-Internet Egress Tr...
Security Requirements and Tradeoffs for Controlling VPC-to-Internet Egress Tr...Security Requirements and Tradeoffs for Controlling VPC-to-Internet Egress Tr...
Security Requirements and Tradeoffs for Controlling VPC-to-Internet Egress Tr...Khash Nakhostin
 
Securing Your AWS Global Transit Network: Are You Asking the Right Questions?
Securing Your AWS Global Transit Network: Are You Asking the Right Questions?Securing Your AWS Global Transit Network: Are You Asking the Right Questions?
Securing Your AWS Global Transit Network: Are You Asking the Right Questions?Khash Nakhostin
 
Secure Remote Access to AWS: Why OpenVPN & Jump Hosts Aren’t Enough
Secure Remote Access to AWS: Why OpenVPN & Jump Hosts Aren’t EnoughSecure Remote Access to AWS: Why OpenVPN & Jump Hosts Aren’t Enough
Secure Remote Access to AWS: Why OpenVPN & Jump Hosts Aren’t EnoughKhash Nakhostin
 
Network Troubleshooting in the Cloud: Tools, Techniques and Gotchas
Network Troubleshooting in the Cloud: Tools, Techniques and GotchasNetwork Troubleshooting in the Cloud: Tools, Techniques and Gotchas
Network Troubleshooting in the Cloud: Tools, Techniques and GotchasKhash Nakhostin
 
Securely Connecting Your Customers to Their Cloud-Hosted App – In Minutes
Securely Connecting Your Customers to Their Cloud-Hosted App – In MinutesSecurely Connecting Your Customers to Their Cloud-Hosted App – In Minutes
Securely Connecting Your Customers to Their Cloud-Hosted App – In MinutesKhash Nakhostin
 

Recommended

Three Innovations that Define a “Next-Generation Global Transit Hub”
Three Innovations that Define a “Next-Generation Global Transit Hub”Three Innovations that Define a “Next-Generation Global Transit Hub”
Three Innovations that Define a “Next-Generation Global Transit Hub”Khash Nakhostin
 
Five Connectivity and Security Use Cases for Azure VNets
Five Connectivity and Security Use Cases for Azure VNetsFive Connectivity and Security Use Cases for Azure VNets
Five Connectivity and Security Use Cases for Azure VNetsKhash Nakhostin
 
What You Need to Know About Operationalizing Your AWS Transit Hub
What You Need to Know About Operationalizing Your AWS Transit HubWhat You Need to Know About Operationalizing Your AWS Transit Hub
What You Need to Know About Operationalizing Your AWS Transit HubKhash Nakhostin
 
Security Requirements and Tradeoffs for Controlling VPC-to-Internet Egress Tr...
Security Requirements and Tradeoffs for Controlling VPC-to-Internet Egress Tr...Security Requirements and Tradeoffs for Controlling VPC-to-Internet Egress Tr...
Security Requirements and Tradeoffs for Controlling VPC-to-Internet Egress Tr...Khash Nakhostin
 
Securing Your AWS Global Transit Network: Are You Asking the Right Questions?
Securing Your AWS Global Transit Network: Are You Asking the Right Questions?Securing Your AWS Global Transit Network: Are You Asking the Right Questions?
Securing Your AWS Global Transit Network: Are You Asking the Right Questions?Khash Nakhostin
 
Secure Remote Access to AWS: Why OpenVPN & Jump Hosts Aren’t Enough
Secure Remote Access to AWS: Why OpenVPN & Jump Hosts Aren’t EnoughSecure Remote Access to AWS: Why OpenVPN & Jump Hosts Aren’t Enough
Secure Remote Access to AWS: Why OpenVPN & Jump Hosts Aren’t EnoughKhash Nakhostin
 
Network Troubleshooting in the Cloud: Tools, Techniques and Gotchas
Network Troubleshooting in the Cloud: Tools, Techniques and GotchasNetwork Troubleshooting in the Cloud: Tools, Techniques and Gotchas
Network Troubleshooting in the Cloud: Tools, Techniques and GotchasKhash Nakhostin
 
Securely Connecting Your Customers to Their Cloud-Hosted App – In Minutes
Securely Connecting Your Customers to Their Cloud-Hosted App – In MinutesSecurely Connecting Your Customers to Their Cloud-Hosted App – In Minutes
Securely Connecting Your Customers to Their Cloud-Hosted App – In MinutesKhash Nakhostin
 
Seven Criteria for Building an AWS Global Transit Network
Seven Criteria for Building an AWS Global Transit NetworkSeven Criteria for Building an AWS Global Transit Network
Seven Criteria for Building an AWS Global Transit NetworkKhash Nakhostin
 
Understanding the New Enterprise Multi-Cloud Backbone for DevOps Engineers
Understanding the New Enterprise Multi-Cloud Backbone for DevOps EngineersUnderstanding the New Enterprise Multi-Cloud Backbone for DevOps Engineers
Understanding the New Enterprise Multi-Cloud Backbone for DevOps EngineersDevOps.com
 
How Intuit Monitors Connectivity to AWS
How Intuit Monitors Connectivity to AWS How Intuit Monitors Connectivity to AWS
How Intuit Monitors Connectivity to AWS ThousandEyes
 
Demystifying Service Mesh
Demystifying Service MeshDemystifying Service Mesh
Demystifying Service MeshMitchell Pronschinske
 
CDN Performance at eBay from Thousandeyes Connect
CDN Performance at eBay from Thousandeyes ConnectCDN Performance at eBay from Thousandeyes Connect
CDN Performance at eBay from Thousandeyes ConnectThousandEyes
 
The Internet of things for integration people - UKCSUG - public version
The Internet of things for integration people - UKCSUG - public versionThe Internet of things for integration people - UKCSUG - public version
The Internet of things for integration people - UKCSUG - public versionSam Vanhoutte
 
Istio Service Mesh
Istio Service MeshIstio Service Mesh
Istio Service MeshLew Tucker
 
Cisco IT and ThousandEyes
Cisco IT and ThousandEyesCisco IT and ThousandEyes
Cisco IT and ThousandEyesThousandEyes
 
WWT: NFV Solutions Presentation from Cisco Live 2017
WWT: NFV Solutions Presentation from Cisco Live 2017WWT: NFV Solutions Presentation from Cisco Live 2017
WWT: NFV Solutions Presentation from Cisco Live 2017World Wide Technology
 
Network monitoring for the modern wan webinar
Network monitoring for the modern wan webinarNetwork monitoring for the modern wan webinar
Network monitoring for the modern wan webinarThousandEyes
 
VPC and Datacenter Connectivity Options
VPC and Datacenter Connectivity OptionsVPC and Datacenter Connectivity Options
VPC and Datacenter Connectivity Optionsjohn homer alvero
 
Layer 7 Observability and Centralized Configuration with Consul Service Mesh
Layer 7 Observability and Centralized Configuration with Consul Service MeshLayer 7 Observability and Centralized Configuration with Consul Service Mesh
Layer 7 Observability and Centralized Configuration with Consul Service MeshMitchell Pronschinske
 
Microsoft DirectAccess Remote Access (VPN) with Windows 10 and Server 2012
Microsoft DirectAccess Remote Access (VPN) with Windows 10 and Server 2012Microsoft DirectAccess Remote Access (VPN) with Windows 10 and Server 2012
Microsoft DirectAccess Remote Access (VPN) with Windows 10 and Server 2012Kemp
 
How ThousandEyes Helps Atlassian Operate in the Public Cloud
How ThousandEyes Helps Atlassian Operate in the Public Cloud How ThousandEyes Helps Atlassian Operate in the Public Cloud
How ThousandEyes Helps Atlassian Operate in the Public Cloud ThousandEyes
 
Introduction to Istio on Kubernetes
Introduction to Istio on KubernetesIntroduction to Istio on Kubernetes
Introduction to Istio on KubernetesJonh Wendell
 
ISTIO Deep Dive
ISTIO Deep DiveISTIO Deep Dive
ISTIO Deep DiveYong Feng
 
NGINX DevSecOps Workshop
NGINX DevSecOps WorkshopNGINX DevSecOps Workshop
NGINX DevSecOps WorkshopNGINX, Inc.
 
Getting Started with Kubernetes and Consul
Getting Started with Kubernetes and ConsulGetting Started with Kubernetes and Consul
Getting Started with Kubernetes and ConsulMitchell Pronschinske
 
Automating Performance Monitoring at Microsoft
Automating Performance Monitoring at MicrosoftAutomating Performance Monitoring at Microsoft
Automating Performance Monitoring at MicrosoftThousandEyes
 
Container Networking
Container NetworkingContainer Networking
Container NetworkingOpen Networking Summit
 
Citirx Day 2013: Citrix Enterprise Mobility
Citirx Day 2013: Citrix Enterprise MobilityCitirx Day 2013: Citrix Enterprise Mobility
Citirx Day 2013: Citrix Enterprise MobilityDigicomp Academy AG
 
DEVNET-1124 Cisco pxGrid: A New Architecture for Security Platform Integration
DEVNET-1124 Cisco pxGrid: A New Architecture for Security Platform IntegrationDEVNET-1124 Cisco pxGrid: A New Architecture for Security Platform Integration
DEVNET-1124 Cisco pxGrid: A New Architecture for Security Platform IntegrationCisco DevNet
 

More Related Content

What's hot

Seven Criteria for Building an AWS Global Transit Network
Seven Criteria for Building an AWS Global Transit NetworkSeven Criteria for Building an AWS Global Transit Network
Seven Criteria for Building an AWS Global Transit NetworkKhash Nakhostin
 
Understanding the New Enterprise Multi-Cloud Backbone for DevOps Engineers
Understanding the New Enterprise Multi-Cloud Backbone for DevOps EngineersUnderstanding the New Enterprise Multi-Cloud Backbone for DevOps Engineers
Understanding the New Enterprise Multi-Cloud Backbone for DevOps EngineersDevOps.com
 
How Intuit Monitors Connectivity to AWS
How Intuit Monitors Connectivity to AWS How Intuit Monitors Connectivity to AWS
How Intuit Monitors Connectivity to AWS ThousandEyes
 
CDN Performance at eBay from Thousandeyes Connect
CDN Performance at eBay from Thousandeyes ConnectCDN Performance at eBay from Thousandeyes Connect
CDN Performance at eBay from Thousandeyes ConnectThousandEyes
 
The Internet of things for integration people - UKCSUG - public version
The Internet of things for integration people - UKCSUG - public versionThe Internet of things for integration people - UKCSUG - public version
The Internet of things for integration people - UKCSUG - public versionSam Vanhoutte
 
Istio Service Mesh
Istio Service MeshIstio Service Mesh
Istio Service MeshLew Tucker
 
Cisco IT and ThousandEyes
Cisco IT and ThousandEyesCisco IT and ThousandEyes
Cisco IT and ThousandEyesThousandEyes
 
WWT: NFV Solutions Presentation from Cisco Live 2017
WWT: NFV Solutions Presentation from Cisco Live 2017WWT: NFV Solutions Presentation from Cisco Live 2017
WWT: NFV Solutions Presentation from Cisco Live 2017World Wide Technology
 
Network monitoring for the modern wan webinar
Network monitoring for the modern wan webinarNetwork monitoring for the modern wan webinar
Network monitoring for the modern wan webinarThousandEyes
 
VPC and Datacenter Connectivity Options
VPC and Datacenter Connectivity OptionsVPC and Datacenter Connectivity Options
VPC and Datacenter Connectivity Optionsjohn homer alvero
 
Layer 7 Observability and Centralized Configuration with Consul Service Mesh
Layer 7 Observability and Centralized Configuration with Consul Service MeshLayer 7 Observability and Centralized Configuration with Consul Service Mesh
Layer 7 Observability and Centralized Configuration with Consul Service MeshMitchell Pronschinske
 
Microsoft DirectAccess Remote Access (VPN) with Windows 10 and Server 2012
Microsoft DirectAccess Remote Access (VPN) with Windows 10 and Server 2012Microsoft DirectAccess Remote Access (VPN) with Windows 10 and Server 2012
Microsoft DirectAccess Remote Access (VPN) with Windows 10 and Server 2012Kemp
 
How ThousandEyes Helps Atlassian Operate in the Public Cloud
How ThousandEyes Helps Atlassian Operate in the Public Cloud How ThousandEyes Helps Atlassian Operate in the Public Cloud
How ThousandEyes Helps Atlassian Operate in the Public Cloud ThousandEyes
 
Introduction to Istio on Kubernetes
Introduction to Istio on KubernetesIntroduction to Istio on Kubernetes
Introduction to Istio on KubernetesJonh Wendell
 
ISTIO Deep Dive
ISTIO Deep DiveISTIO Deep Dive
ISTIO Deep DiveYong Feng
 
NGINX DevSecOps Workshop
NGINX DevSecOps WorkshopNGINX DevSecOps Workshop
NGINX DevSecOps WorkshopNGINX, Inc.
 
Getting Started with Kubernetes and Consul
Getting Started with Kubernetes and ConsulGetting Started with Kubernetes and Consul
Getting Started with Kubernetes and ConsulMitchell Pronschinske
 
Automating Performance Monitoring at Microsoft
Automating Performance Monitoring at MicrosoftAutomating Performance Monitoring at Microsoft
Automating Performance Monitoring at MicrosoftThousandEyes
 

What's hot (20)

Seven Criteria for Building an AWS Global Transit Network
Seven Criteria for Building an AWS Global Transit NetworkSeven Criteria for Building an AWS Global Transit Network
Seven Criteria for Building an AWS Global Transit Network
 
Understanding the New Enterprise Multi-Cloud Backbone for DevOps Engineers
Understanding the New Enterprise Multi-Cloud Backbone for DevOps EngineersUnderstanding the New Enterprise Multi-Cloud Backbone for DevOps Engineers
Understanding the New Enterprise Multi-Cloud Backbone for DevOps Engineers
 
How Intuit Monitors Connectivity to AWS
How Intuit Monitors Connectivity to AWS How Intuit Monitors Connectivity to AWS
How Intuit Monitors Connectivity to AWS
 
Demystifying Service Mesh
Demystifying Service MeshDemystifying Service Mesh
Demystifying Service Mesh
 
CDN Performance at eBay from Thousandeyes Connect
CDN Performance at eBay from Thousandeyes ConnectCDN Performance at eBay from Thousandeyes Connect
CDN Performance at eBay from Thousandeyes Connect
 
The Internet of things for integration people - UKCSUG - public version
The Internet of things for integration people - UKCSUG - public versionThe Internet of things for integration people - UKCSUG - public version
The Internet of things for integration people - UKCSUG - public version
 
Istio Service Mesh
Istio Service MeshIstio Service Mesh
Istio Service Mesh
 
Cisco IT and ThousandEyes
Cisco IT and ThousandEyesCisco IT and ThousandEyes
Cisco IT and ThousandEyes
 
WWT: NFV Solutions Presentation from Cisco Live 2017
WWT: NFV Solutions Presentation from Cisco Live 2017WWT: NFV Solutions Presentation from Cisco Live 2017
WWT: NFV Solutions Presentation from Cisco Live 2017
 
Network monitoring for the modern wan webinar
Network monitoring for the modern wan webinarNetwork monitoring for the modern wan webinar
Network monitoring for the modern wan webinar
 
VPC and Datacenter Connectivity Options
VPC and Datacenter Connectivity OptionsVPC and Datacenter Connectivity Options
VPC and Datacenter Connectivity Options
 
Layer 7 Observability and Centralized Configuration with Consul Service Mesh
Layer 7 Observability and Centralized Configuration with Consul Service MeshLayer 7 Observability and Centralized Configuration with Consul Service Mesh
Layer 7 Observability and Centralized Configuration with Consul Service Mesh
 
Microsoft DirectAccess Remote Access (VPN) with Windows 10 and Server 2012
Microsoft DirectAccess Remote Access (VPN) with Windows 10 and Server 2012Microsoft DirectAccess Remote Access (VPN) with Windows 10 and Server 2012
Microsoft DirectAccess Remote Access (VPN) with Windows 10 and Server 2012
 
How ThousandEyes Helps Atlassian Operate in the Public Cloud
How ThousandEyes Helps Atlassian Operate in the Public Cloud How ThousandEyes Helps Atlassian Operate in the Public Cloud
How ThousandEyes Helps Atlassian Operate in the Public Cloud
 
Introduction to Istio on Kubernetes
Introduction to Istio on KubernetesIntroduction to Istio on Kubernetes
Introduction to Istio on Kubernetes
 
ISTIO Deep Dive
ISTIO Deep DiveISTIO Deep Dive
ISTIO Deep Dive
 
NGINX DevSecOps Workshop
NGINX DevSecOps WorkshopNGINX DevSecOps Workshop
NGINX DevSecOps Workshop
 
Getting Started with Kubernetes and Consul
Getting Started with Kubernetes and ConsulGetting Started with Kubernetes and Consul
Getting Started with Kubernetes and Consul
 
Automating Performance Monitoring at Microsoft
Automating Performance Monitoring at MicrosoftAutomating Performance Monitoring at Microsoft
Automating Performance Monitoring at Microsoft
 
Container Networking
Container NetworkingContainer Networking
Container Networking
 

Similar to Getting the Most Value from Your Aviatrix Controller & Gateways

Citirx Day 2013: Citrix Enterprise Mobility
Citirx Day 2013: Citrix Enterprise MobilityCitirx Day 2013: Citrix Enterprise Mobility
Citirx Day 2013: Citrix Enterprise MobilityDigicomp Academy AG
 
DEVNET-1124 Cisco pxGrid: A New Architecture for Security Platform Integration
DEVNET-1124 Cisco pxGrid: A New Architecture for Security Platform IntegrationDEVNET-1124 Cisco pxGrid: A New Architecture for Security Platform Integration
DEVNET-1124 Cisco pxGrid: A New Architecture for Security Platform IntegrationCisco DevNet
 
Citrix with Microsoft EMS
Citrix with Microsoft EMSCitrix with Microsoft EMS
Citrix with Microsoft EMSMarius Sandbu
 
AzureConf 2014 - Azure hybrid connections (Sam Vanhoutte)
AzureConf 2014 - Azure hybrid connections (Sam Vanhoutte)AzureConf 2014 - Azure hybrid connections (Sam Vanhoutte)
AzureConf 2014 - Azure hybrid connections (Sam Vanhoutte)Sam Vanhoutte
 
Hyperledger Fabric update Meetup 20181101
Hyperledger Fabric update Meetup 20181101Hyperledger Fabric update Meetup 20181101
Hyperledger Fabric update Meetup 20181101Arnaud Le Hors
 
VMware vCloud Air: Networking
VMware vCloud Air: NetworkingVMware vCloud Air: Networking
VMware vCloud Air: NetworkingVMware
 
Hybrid Infrastructure Integration
Hybrid Infrastructure IntegrationHybrid Infrastructure Integration
Hybrid Infrastructure IntegrationAmazon Web Services
 
Citrix adc technical overview
Citrix adc technical overviewCitrix adc technical overview
Citrix adc technical overviewRoshan Dias
 
End to End Application Visibility and Troubleshooting Across the Virtual Clou...
End to End Application Visibility and Troubleshooting Across the Virtual Clou...End to End Application Visibility and Troubleshooting Across the Virtual Clou...
End to End Application Visibility and Troubleshooting Across the Virtual Clou...NETSCOUT
 
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...CA Technologies
 
Getting Started With AWS Security
Getting Started With AWS SecurityGetting Started With AWS Security
Getting Started With AWS SecurityAmazon Web Services
 
Hybrid Infrastructure Integration
Hybrid Infrastructure IntegrationHybrid Infrastructure Integration
Hybrid Infrastructure IntegrationAmazon Web Services
 
Cohesive Networks Support Docs: VNS3 Configuration for CenturyLink Cloud
Cohesive Networks Support Docs: VNS3 Configuration for CenturyLink Cloud Cohesive Networks Support Docs: VNS3 Configuration for CenturyLink Cloud
Cohesive Networks Support Docs: VNS3 Configuration for CenturyLink Cloud Cohesive Networks
 
Hybrid Infrastructure Integration
Hybrid Infrastructure IntegrationHybrid Infrastructure Integration
Hybrid Infrastructure IntegrationAmazon Web Services
 
Deep Dive - Hybrid Architectures
Deep Dive - Hybrid ArchitecturesDeep Dive - Hybrid Architectures
Deep Dive - Hybrid ArchitecturesAmazon Web Services
 
Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...
Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...
Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...Cisco Canada
 
Cloud-Based Licensing in Offline Scenarios
Cloud-Based Licensing in Offline ScenariosCloud-Based Licensing in Offline Scenarios
Cloud-Based Licensing in Offline Scenariosteam-WIBU
 
Wise paa s-sales_kit_and_roadmap_2017h1 (003)
Wise paa s-sales_kit_and_roadmap_2017h1 (003)Wise paa s-sales_kit_and_roadmap_2017h1 (003)
Wise paa s-sales_kit_and_roadmap_2017h1 (003)Hem Infotech
 
AWS Transit Gateway-Benefits and Best Practices
AWS Transit Gateway-Benefits and Best PracticesAWS Transit Gateway-Benefits and Best Practices
AWS Transit Gateway-Benefits and Best PracticesJohn Varghese
 

Similar to Getting the Most Value from Your Aviatrix Controller & Gateways (20)

Citirx Day 2013: Citrix Enterprise Mobility
Citirx Day 2013: Citrix Enterprise MobilityCitirx Day 2013: Citrix Enterprise Mobility
Citirx Day 2013: Citrix Enterprise Mobility
 
DEVNET-1124 Cisco pxGrid: A New Architecture for Security Platform Integration
DEVNET-1124 Cisco pxGrid: A New Architecture for Security Platform IntegrationDEVNET-1124 Cisco pxGrid: A New Architecture for Security Platform Integration
DEVNET-1124 Cisco pxGrid: A New Architecture for Security Platform Integration
 
Citrix with Microsoft EMS
Citrix with Microsoft EMSCitrix with Microsoft EMS
Citrix with Microsoft EMS
 
AzureConf 2014 - Azure hybrid connections (Sam Vanhoutte)
AzureConf 2014 - Azure hybrid connections (Sam Vanhoutte)AzureConf 2014 - Azure hybrid connections (Sam Vanhoutte)
AzureConf 2014 - Azure hybrid connections (Sam Vanhoutte)
 
Hyperledger Fabric update Meetup 20181101
Hyperledger Fabric update Meetup 20181101Hyperledger Fabric update Meetup 20181101
Hyperledger Fabric update Meetup 20181101
 
F5 TMOS v13.0
F5 TMOS v13.0F5 TMOS v13.0
F5 TMOS v13.0
 
VMware vCloud Air: Networking
VMware vCloud Air: NetworkingVMware vCloud Air: Networking
VMware vCloud Air: Networking
 
Hybrid Infrastructure Integration
Hybrid Infrastructure IntegrationHybrid Infrastructure Integration
Hybrid Infrastructure Integration
 
Citrix adc technical overview
Citrix adc technical overviewCitrix adc technical overview
Citrix adc technical overview
 
End to End Application Visibility and Troubleshooting Across the Virtual Clou...
End to End Application Visibility and Troubleshooting Across the Virtual Clou...End to End Application Visibility and Troubleshooting Across the Virtual Clou...
End to End Application Visibility and Troubleshooting Across the Virtual Clou...
 
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...
 
Getting Started With AWS Security
Getting Started With AWS SecurityGetting Started With AWS Security
Getting Started With AWS Security
 
Hybrid Infrastructure Integration
Hybrid Infrastructure IntegrationHybrid Infrastructure Integration
Hybrid Infrastructure Integration
 
Cohesive Networks Support Docs: VNS3 Configuration for CenturyLink Cloud
Cohesive Networks Support Docs: VNS3 Configuration for CenturyLink Cloud Cohesive Networks Support Docs: VNS3 Configuration for CenturyLink Cloud
Cohesive Networks Support Docs: VNS3 Configuration for CenturyLink Cloud
 
Hybrid Infrastructure Integration
Hybrid Infrastructure IntegrationHybrid Infrastructure Integration
Hybrid Infrastructure Integration
 
Deep Dive - Hybrid Architectures
Deep Dive - Hybrid ArchitecturesDeep Dive - Hybrid Architectures
Deep Dive - Hybrid Architectures
 
Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...
Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...
Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...
 
Cloud-Based Licensing in Offline Scenarios
Cloud-Based Licensing in Offline ScenariosCloud-Based Licensing in Offline Scenarios
Cloud-Based Licensing in Offline Scenarios
 
Wise paa s-sales_kit_and_roadmap_2017h1 (003)
Wise paa s-sales_kit_and_roadmap_2017h1 (003)Wise paa s-sales_kit_and_roadmap_2017h1 (003)
Wise paa s-sales_kit_and_roadmap_2017h1 (003)
 
AWS Transit Gateway-Benefits and Best Practices
AWS Transit Gateway-Benefits and Best PracticesAWS Transit Gateway-Benefits and Best Practices
AWS Transit Gateway-Benefits and Best Practices
 

Recently uploaded

TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....
TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....
TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....rightmanforbloodline
 
Choreo: Empowering the Future of Enterprise Software Engineering
Choreo: Empowering the Future of Enterprise Software EngineeringChoreo: Empowering the Future of Enterprise Software Engineering
Choreo: Empowering the Future of Enterprise Software EngineeringWSO2
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Bhuvaneswari Subramani
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusZilliz
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxRemote DBA Services
 
Introduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMIntroduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMKumar Satyam
 
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data PlatformLess Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data PlatformWSO2
 
ChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps ProductivityChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps ProductivityVictorSzoltysek
 
Design and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data ScienceDesign and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data SciencePaolo Missier
 
Decarbonising Commercial Real Estate: The Role of Operational Performance
Decarbonising Commercial Real Estate: The Role of Operational PerformanceDecarbonising Commercial Real Estate: The Role of Operational Performance
Decarbonising Commercial Real Estate: The Role of Operational PerformanceIES VE
 
Quantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation ComputingQuantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation ComputingWSO2
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Orbitshub
 
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)Samir Dash
 
JavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate GuideJavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate GuidePixlogix Infotech
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
Navigating Identity and Access Management in the Modern Enterprise
Navigating Identity and Access Management in the Modern EnterpriseNavigating Identity and Access Management in the Modern Enterprise
Navigating Identity and Access Management in the Modern EnterpriseWSO2
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightSafe Software
 

Recently uploaded (20)

TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....
TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....
TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....
 
Choreo: Empowering the Future of Enterprise Software Engineering
Choreo: Empowering the Future of Enterprise Software EngineeringChoreo: Empowering the Future of Enterprise Software Engineering
Choreo: Empowering the Future of Enterprise Software Engineering
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
Introduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMIntroduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDM
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data PlatformLess Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
 
ChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps ProductivityChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps Productivity
 
Design and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data ScienceDesign and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data Science
 
Decarbonising Commercial Real Estate: The Role of Operational Performance
Decarbonising Commercial Real Estate: The Role of Operational PerformanceDecarbonising Commercial Real Estate: The Role of Operational Performance
Decarbonising Commercial Real Estate: The Role of Operational Performance
 
Quantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation ComputingQuantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation Computing
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
 
JavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate GuideJavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate Guide
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Navigating Identity and Access Management in the Modern Enterprise
Navigating Identity and Access Management in the Modern EnterpriseNavigating Identity and Access Management in the Modern Enterprise
Navigating Identity and Access Management in the Modern Enterprise
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and Insight
 

Getting the Most Value from Your Aviatrix Controller & Gateways

  • 1. Getting the Most Value from Your Aviatrix Controller & Gateways Gaurav Thakur Technical Customer Success Lead Customer Webinar: February 20, 2019
  • 2.  Aviatrix User VPN  Logging for User Metrics  Multi VPC Design  Multi Region and Multi Cloud Design  What else can we do with Aviatrix Controller and Gateways  Use Case: Policy based Egress  Use Case: Transit  Live Q & A Agenda LOOK FOR THIS BUTTON
  • 3. © 2017 AVIATRIX SYSTEMS, INC . | 3 • Why is Logging important? - Who accessed what at what time? - Compliance Reports: like PCI or HIPPA requirements - Audit Trail - Operational control - Troubleshooting - SIEM Integration User VPN – Supported Logging Platforms AWS VPC Contractor profile {accept to X, Z deny all} Employee profile {accept to all} Partner profile {accept to Z deny all} Profile Logging/Audit • Logstash • Splunk • SumoLogic • Remote Syslog • Datadog • NetFlow • CloudWatch
  • 4.  Login / Logout time  VPN Sessions Details  Source and Destination details  Packet sizes  VPN User Connection History  Bandwidth Usage  Profile information  What IPs were accessed during the session Logging | What information is available? This is included with your existing license
  • 5. © 2017 AVIATRIX SYSTEMS, INC . | 5 Additional consideration of this architecture: • Internet Access required • Might need policy based control so you can limit the access to certain sites/URLs (FQDN) • Ongoing enforcement • In case of SIEM integration or archival data dump, need policy control over ftp sites too Logging – setup and configuration AWS VPC Splunk Access to Internet Sumo Logic Logging Server 1 Logging Server 2
  • 6. © 2017 AVIATRIX SYSTEMS, INC . | 6 • Why does it matter: - Control on what URLs are accessed by the workloads in the VPC - URL based filtering - Compliance requires policy based egress • Native Options - Security Groups - Network ACLs • What value does Aviatrix bring to the table - FQDN based Egress Control - Ability to enforce policies - Provides NATing capability Policy based Egress Control Internet Centralized Management AVX gateway …. VPC 1 VPC 2 VPC 3 VPC 4 VPC 100 ubuntu.com office365.com Mysftpserver.co myandrex.ru fakenews.ro Contractor profile {accept to X, Z deny all} Employee profile {accept to all} Partner profile {accept to Z deny all}
  • 7.  Aviatrix User VPN  Logging for User Metric  Multi VPC Design  Multi Region and Multi Cloud Design  What else can we do with Aviatrix Controller and Gateway  Use Case: Policy based Egress  Use Case: Transit  Live Q & A Agenda LOOK FOR THIS BUTTON
  • 8. © 2017 AVIATRIX SYSTEMS, INC . | 8 VPC 2VPC 1 VPC 3 VPC 4 Contractor profile {accept to X, Z deny all} Employee profile {accept to all} Partner profile {accept to Z deny all} Profile Having a VPN gateway in each VPC is not desirable, because: a) Users will have to deal with and switch between multiple VPN certificates b) Will have to provision users separately for each VPN gateway c) Not a scalable option Multi VPC/Multi Region/Multi Cloud Design
  • 9. © 2017 AVIATRIX SYSTEMS, INC . | 9 Solution #1: Peering VPC 1 VPC 3 VPC 4 VPC 2 Peering Contractor profile {accept to X, Z deny all} Employee profile {accept to all} Partner profile {accept to Z deny all} Profile • Why does it matter: - Looking to connect multiple VPCs/VNETs together - Want to have a single VPN landing zone for all the remote users • Native Option - Peering • Problems/Disadvantages - Not a scalable option - Hard to manage network segregation: Dev vs Prod - May get expensive once the network starts growing: adding more VPCs
  • 10. © 2017 AVIATRIX SYSTEMS, INC . | 10 • Why does it matter: - Looking for a scalable network design for your VPN needs - Multiple VPCs/Multiple Regions/Multi- cloud • Native Option - AWS Transit Gateway - Azure Transit VNET • What value does Aviatrix bring to the table - NativePlusTM Architecture (Native Options + Aviatrix Value Add) • AWS Transit Gateway + Aviatrix TGW Orchestrator • Aviatrix Azure Transit Solution - Enables cross/multi cloud connectivity - Consolidates edge connectivity - Encryption Solution #2: Next Gen Transit Network AVX Controller Spoke Spoke Spoke Spoke TGW Shared Service VPC Contractor profile {accept to X, Z deny all} Employee profile {accept to all} Partner profile {accept to Z deny all} Profile
  • 11.  You’ll receive email with link to a replay and slides  Reach out to us on: Email: customersuccess@aviatrix.com  Use the chat widget on our website to talk live with a Solution Architect Next Steps with Aviatrix Use the Chat widget to talk live with a Solution Architect
  • 13. © 2017 AVIATRIX SYSTEMS, INC . | 13 AVX Edge VPC Direct Connect / Internet Spoke Spoke Spoke Spoke Shared Service VPC Spoke VGW Spoke AVX gateway Spoke AVX Controller Security domain: Dev Security domain: Prod Security domain: Shared Service Security domain: Edge On Prem 1 Next-Gen Transit Solution All the Native TGW benefits plus: Full Automation TGW orchestration Routing orchestration Define and implement security domains Monitoring and visualization Consolidated Edge Consolidate all your edges to one Transit VPC Support DX Support Multicloud Support Transit DMZ Overcome 100 route limit On Prem 2 Aviatrix solution built using AWS TGW AWS TGW Contractor profile {accept to X, Z deny all} Employee profile {accept to all} Partner profile {accept to Z deny all} Profile

Editor's Notes

  1. your Architecture evolves in AWS Chat (ask question … in line or at the end..) Surveys