SlideShare a Scribd company logo

Understanding the New Enterprise Multi-Cloud Backbone for DevOps Engineers

DevOps.com
DevOps.com

IT infrastructure and apps are moving en masse to public clouds – AWS, Azure, Google – understanding leveraging infrastructure as code to provision the network services, connectivity and security to maximize simplicity, security and performance is critical to DevOps success in building and managing the new Enterprise Multi-Cloud Backbone. In this webinar, you’ll learn more about critical use cases such as (1) Using Terraform to spin up transit networking services in AWS, (2) profile-based secure cloud access for developers, and (3) VPC secure egress filtering to meet compliance, including deeper dives into: Deploying the network as code using automation tools Addressing specific operational challenges for high availability, across multiple VPCs Isolating environments for dev and test easily Design pattern details and the pros and cons of each approach Understanding the limitation of native services and how to add value and capabilities with advanced services How to architect an Enterprise Multi-Cloud Backbone to support all your cloud use case

Technology
1 of 56
Download to read offline
Understanding the New Enterprise Multi-Cloud Backbone for DevOps Engineers
21 Years in Information Technology - Administration / Networking - Design / Development / Cloud 10 Years in the InfoSec Space - Application / Mobile Security - Infrastructure / SIEM / Risk Python Coder – PyCharmMark Cunningham Senior Solutions Architect markc@Aviatrix.com
In this webinar, you’ll learn more about critical use cases such as: 1. Using Terraform to spin up transit networking services in AWS 2. Profile-based secure cloud access for developers 3. VPC secure egress filtering to meet compliance including deeper dives into: • Deploying the network as code using automation tools [terraform • Addressing specific operational challenges for high availability, across multiple VPCs [HA peering, HA Egress] • Isolating environments for dev and test easily • Design pattern details and the pros and cons of each approach • Understanding the limitation of native services and how to add value and capabilities with advanced services • How to architect an Enterprise Cloud Backbone to support all your cloud use cases Webinar Brief – DevOps.com
Aviatrix – Building the Enterprise Multi-Cloud Backbone
Aviatrix Confidential Meet Michael… Michael is a developer. He has an idea for an application that will make use of his company’s data. An application that capitalizes upon the opportunity present in last minute cancellations of airline tickets and hotel rooms that haven’t sold yet. He gets sign off from his manager who approves a small budget for him and gives him read access to the company data lake. He designs a quick query and scoops up a few chunks of data for specific time periods and begins work on his application. All the while, he is wondering how he is going to access his application server in the cloud, so he googles ‘coolest AWS VPN solution ever’ and AVX is the top result. Quickly, he learns that he can deploy the entire solution as code after laying the groundwork for a few needed components in AWS. So he decides to go that route, and off he goes!
Aviatrix Confidential Installing Terraform + AVX provider In case you are new to Terraform…. Install Terraform NinjaMac:~ brew install terraform Install Go NinjaMac:~ brew install go Set the Go path: NinjaMac:~ ( ~/.bash_profile) export GOPATH=$HOME/go Clone the Provider Repo and build it NinjaMac:~ git clone https://github.com/AviatrixSystems/terraform-provider-aviatrix $ cd $GOPATH/src/github.com/terraform-providers/terraform-provider-aviatrix $ make fmt $ make build Create Terraform Configuration file with a provider entry for AVX NinjaMac:~ touch ~/.terraformrc providers { "aviatrix" = "$GOPATH/bin/terraform-provider-aviatrix" } https://docs.aviatrix.com/HowTos/tf_aviatrix_howto.html
Aviatrix Confidential Launch the Controller To get the controller launched, you need: • A centrally located VPC, usually Shared Services in a Prod, or Non-Prod account • A public subnet • An available EIP Two ways you can launch it: § Script Only https://github.com/AviatrixSystems/terraform-modules § AWS Markplace AMI
After Michael launches the controller and gets the AVX provider configured, he begins building his VPN Endpoint with Terraform provider "aviatrix" { controller_ip = ”XXX.XXX.XXX.XXX" username = "admin" password = “Open-Sesame” resource "aviatrix_gateway" "AVX-VPN-GW" { account_name = "MarksDemoAccount" cloud_type = 1 gw_name = "AVX-VPN-GW" vpc_id = "vpc-045d528779bd37a10" vpc_reg = "us-west-2" vpc_size = "t2.small" vpc_net = "10.21.150.0/24" vpn_access ="yes" vpn_cidr ="192.168.43.0/24" } <<aviatrix>> User VPN service + AWS cloud Seattle office AVX Controller VPC AVX User VPN Gateway
resource "aviatrix_gateway" "AVX-VPN-GW" { account_name = "MichaelsDemoAccount" cloud_type = 1 gw_name = ”Michaels-VPN-GW" vpc_id = "vpc-045d528779bd37a10" vpc_reg = "us-west-2" vpc_size = "t2.small" vpc_net = "10.21.150.0/24" vpn_access ="yes" vpn_cidr ="192.168.43.0/24" } <<aviatrix>> resource "aviatrix_vpn_user" "terraform_vpn_user" { vpc_id = "vpc-045d528779bd37a10" gw_name = "AVX-VPN-GW" user_name = "mark1" user_email = "superman@aviatrix.com" } <<aviatrix gateway AVX-VPN-GW>> User VPN service + AWS cloud Seattle office AVX Controller VPC AVX User VPN Gateway Now that he has the Controller up and running, he begins moving through the contents of the terraform provider and collects the required script syntax for deploying a VPN endpoint.
<<aviatrix>> resource "aviatrix_vpn_user" "terraform_vpn_user" { vpc_id = "vpc-045d528779bd37a10" gw_name = ”Michaels-VPN-GW" user_name = ”Michael-1" user_email = ”Michael.Baxter@SomeTravelCompany.com" } <<aviatrix gateway AVX-VPN-GW>> resource "aviatrix_vpn_profile" "test_profile1" { name = "Terraform_Profile" base_rule = "allow_all" users = ["mark1"] policy = [ { action = "deny" proto = "tcp" port = "443" target = "10.0.0.0/32" }, { action = "deny" proto = "tcp" port = "443" target = "10.0.0.1/32" } <<aviatrix vpn user terraform vpn user>> User VPN service + AWS cloud Seattle office AVX Controller VPC AVX User VPN Gateway Now that he has the Controller up and running, he begins moving through the contents of the terraform provider and collects the required script syntax for deploying a VPN endpoint.
provider "aviatrix" { controller_ip = ”XXX.XXX.XXX.XXX" username = "admin" password = “Open-Sesame” resource "aviatrix_gateway" "AVX-VPN-GW" { account_name = "MarksDemoAccount" cloud_type = 1 gw_name = "AVX-VPN-GW" vpc_id = "vpc-045d528779bd37a10" vpc_reg = "us-west-2" vpc_size = "t2.small" vpc_net = "10.21.150.0/24" vpn_access ="yes" vpn_cidr ="192.168.43.0/24" } <<aviatrix>> resource "aviatrix_vpn_user" "terraform_vpn_user" { vpc_id = "vpc-045d528779bd37a10" gw_name = "AVX-VPN-GW" user_name = "mark1" user_email = "superman@aviatrix.com" } <<aviatrix gateway AVX-VPN-GW>> resource "aviatrix_vpn_profile" "test_profile1" { name = "Terraform_Profile" base_rule = "allow_all" users = [”Michael-1"] policy = [ { action = "deny" proto = "tcp" port = "443" target = "10.1.0.0/24" }, { action = "deny" proto = "tcp" port = "443" target = "10.2.0.168/32" } ] } <<aviatrix vpn user terraform vpn user>> User VPN service + AWS cloud Seattle office AVX Controller VPC AVX User VPN Gateway Now that he has the Controller up and running, he begins moving through the contents of the terraform provider and collects the required script syntax for deploying a VPN endpoint.
A close up look at the way the AVX VPN endpoint enables profile based access – what is the profile, how does it work? resource "aviatrix_vpn_profile" "test_profile1" { name = "Terraform_Profile" base_rule = "allow_all" users = [”Michael-1"] policy = [ { action = "deny" proto = "tcp" port = "443" target = "10.1.0.0/24" }, { action = "deny" proto = "tcp" port = "443" target = "10.2.0.168/32" } ] } + AWS cloud Seattle office AVX Controller VPC AVX User VPN Gateway User VPN service
Integrates VPN access and VPC peering from a central console Access Control based upon policies + AWS cloud AVX Controller VPC AVX User VPN Gateway NLB VNet Azure cloud GCP cloud VPC Seattle office Partner EmployeeContractor Duo Okta Active Directory SAML Client MFA Authentication Authorization User VPN service
+ AWS cloud Seattle office AVX Controller VPC AVX User VPN Gateway Transit Michaels App is a Killer App !
+ AWS cloud Seattle office AVX Controller AVX User VPN Gateway Transit Michaels App is a Killer App ! resource "aviatrix_transit_vpc" ”transit_gw_1" { cloud_type = 1 account_name = " MichaelsDemoAccount" gw_name = "transit-vpc-gw" vpc_id = "vpc-abcd1234" vpc_reg = "us-east-1" vpc_size = "t2.micro" subnet = "10.1.0.0/24" ha_subnet = "10.2.0.0/24" tag_list = [ "name:value", "name1:value1", "name2:value2” ] } Transit VPC
© 2017 AVIATRIX SYSTEMS, INC. | 16 Aviatrix Confidential + AWS cloud Seattle office AVX Controller Transit VPC AVX User VPN Gateway Transit Interconnect them with AWS peering – Feature 2 Feature 3Feature 1 AWS peering resource "aws_vpc_peering_connection" ”feat_1" { peer_owner_id = "${var.peer_owner_id}" peer_vpc_id = "${aws_vpc.bar.id}" vpc_id = "${aws_vpc.foo.id}" }
© 2017 AVIATRIX SYSTEMS, INC. | 17 Aviatrix Confidential + AWS cloud Seattle office AVX Controller Transit VPC AVX User VPN Gateway Transit Base Hybrid Cloud Architecure Feature 2 Feature 3Feature 1 AWS peering AVX Encrypted peering
© 2017 AVIATRIX SYSTEMS, INC. | 18 Aviatrix Confidential + AWS cloud Seattle office AVX Controller Transit VPC AVX User VPN Gateway Transit Base Hybrid Cloud Architecure Feature 2 Feature 3Feature 1 AWS peering AVX Encrypted peering Seattle data center Site2Cloud connection
© 2017 AVIATRIX SYSTEMS, INC. | 19 Aviatrix Confidential + AWS cloud Seattle office AVX Controller Transit VPC AVX User VPN Gateway Transit Add additional User_VPN access Feature 2 Feature 3Feature 1 AWS peering AVX Encrypted peering Seattle data center Site2Cloud connection resource "aviatrix_vpn_profile" ”Avengers_Prof" { name = "Terraform_Profile" base_rule = ”deny_all" users = [”Iron_Man, Dr-Strange, Capt-A"] policy = [ { action = ”Allow" proto = "tcp" port = "443" target = "10.3.0.0/24" }, { action = ”Allow" proto = ”ssh" port = ”22" target = "10.3.0.0/24" } ] }
© 2017 AVIATRIX SYSTEMS, INC. | 20 Aviatrix Confidential + AWS cloud Seattle office AVX Controller Transit VPC AVX User VPN Gateway VPC Count Grows… Teams break up their environments into Dev/Stage/Prod Cloud Management Overhead begins to increase Strategic Planning for Long Term Success tell us to think simple about something big. Feature 2 Feature 3Feature 1 AWS peering AVX Encrypted peering Seattle data center Site2Cloud connection Feature 3Feature 2Feature 1 Feature 2 Feature 3
© 2017 AVIATRIX SYSTEMS, INC. | 21 Aviatrix Confidential + AWS cloud Seattle office AVX Controller Edge VPC AVX User VPN Gateway Implementing the Transit Gateway Implementing the Hybrid Transit Model with the TGW and the Edge VPC Feature 2 Feature 3Feature 1 TGW Attachments AVX Encrypted peering Seattle data center Site2Cloud connection Feature 3 Feature 2Feature 1 DEV STAGE PROD Feature 2 DEV STAGE PROD Shared Services Security SumoLogic PCI + PII Azure Cloud GCP Coud AWS Transit Gateway
© 2017 AVIATRIX SYSTEMS, INC. | 22 Aviatrix Confidential + AWS cloud AVX Controller Edge VPC Security Groups / Connection Policies resource "aviatrix_aws_tgw" ”Michaels_aws_TGW" { tgw_name = ”US-EAST-1-TGW" account_name = ”MichaelsDemoAccount" region = "us-east-1” aws_side_as_number = "64512" security_domains = [ { security_domain_name = "Aviatrix_Edge_Domain" connected_domains = ["Default_Domain", "Shared_Service_Domain”] }, { security_domain_name = "Default_Domain" connected_domains = ["Aviatrix_Edge_Domain", "Shared_Service_Domain"] attached_vpc = [] }, { security_domain_name = "Shared_Service_Domain" connected_domains = ["Aviatrix_Edge_Domain", "Default_Domain"] attached_vpc = [ { vpc_region = "us-east-1" vpc_account_name = ”MichaelsDemoAccount" vpc_id = "vpc-abcd1234” }, ] }, ] attached_aviatrix_transit_gateway = [" transit-vpc-gw"] } Feature 2Feature 1 TGW Attachments Feature 2Feature 1 DEV STAGE PROD Feature 2 DEV STAGE PROD Shared Services Security SumoLogic Security Domain: Feature 1 Team Security Domain: Feature 2 Team Security Domain: Shared Services Security Domain: Edge VPC Connected: Feature 1 Team Feature 2 Team Shared Services Not Connected: Aviatrix Edge AWS Transit Gateway
© 2017 AVIATRIX SYSTEMS, INC. | 23 Aviatrix Confidential + AWS cloud AVX Controller Egress Security resource "aviatrix_fqdn" "fqdn_1" { gw_list = [ "Egress-NAT-gateway" ] fqdn_mode = "white" fqdn_status = "enabled" fqdn_tag = "Google_Policy" domain_names = [ { proto = "tcp" fqdn = "*.google.com" port = "443" }, { proto = "tcp" fqdn = "*.gstatic.com" port = "443" }, { proto = "tcp" fqdn = "*.yahoo.com" port = "443" }, { proto = "tcp" fqdn = "172.217.6.45" port = "443" }, ] } TGW Attachments Feature 2 Feature 3 Feature 1 Distributed AWS Transit Gateway
© 2017 AVIATRIX SYSTEMS, INC. | 24 Aviatrix Confidential + AWS cloud AVX Controller Egress Security TGW Attachments Feature 2 Feature 3 Feature 1 Centralized AWS Transit Gateway resource "aviatrix_fqdn" "fqdn_1" { gw_list = [ "Egress-NAT-gateway" ] fqdn_mode = "white" fqdn_status = "enabled" fqdn_tag = "Google_Policy" domain_names = [ { proto = "tcp" fqdn = "*.google.com" port = "443" }, { proto = "tcp" fqdn = "*.gstatic.com" port = "443" }, { proto = "tcp" fqdn = "*.yahoo.com" port = "443" }, { proto = "tcp" fqdn = "172.217.6.45" port = "443" }, ] }
Don’t forget the UI….
Aviatrix – Building the Enterprise Multi-Cloud Backbone
© 2017 AVIATRIX SYSTEMS, INC. | 29 Aviatrix Confidential
© 2017 AVIATRIX SYSTEMS, INC. | 30 Aviatrix Confidential
© 2017 AVIATRIX SYSTEMS, INC. | 31 Aviatrix Confidential + AWS cloud Seattle office AVX Controller Edge VPC AVX User VPN Gateway High Availability Feature 2 Feature 3Feature 1 TGW Attachments AVX Encrypted peering Seattle data center Site2Cloud connection Feature 3 Feature 2Feature 1 DEV STAGE PROD Feature 2 DEV STAGE PROD Shared Services Security SumoLogic PCI + PII Azure Cloud GCP Coud Aviatrix HA Answers Article AWS Transit Gateway resource "aviatrix_spoke_vpc" ”feat3_spoke" { cloud_type = 1 account_name = ”Michaels" gw_name = "myspoke" vpc_id = "vpc-defg3456" vpc_reg = "us-east-1" vpc_size = "t2.micro" subnet = "10.20.0.0/24" ha_subnet = "10.20.1.0/24" transit_gw = " transit-vpc-gw" tag_list = [ "name:value", "name1:value1", "name2:value2” ] }
© 2017 AVIATRIX SYSTEMS, INC. | 32 Aviatrix Confidential + AWS cloud Seattle office AVX Controller Transit VPC AVX User VPN Gateway Transit Create data center connection through VGW – Site2Cloud [AWS terraform – Create VGW Site2Cloud connection Feature 3Feature 2 AWS peering AVX Encrypted peering Seattle data center Site2Cloud connection Feature 1 Feature 2 Feature 3
© 2017 AVIATRIX SYSTEMS, INC. | 33 Aviatrix Confidential + Egress Security Interconnect them with AWS peering – resource "aws_vpc_peering_connection" "foo" { peer_owner_id = "${var.peer_owner_id}" peer_vpc_id = "${aws_vpc.bar.id}" vpc_id = "${aws_vpc.foo.id}" }
© 2017 AVIATRIX SYSTEMS, INC. | 34 Aviatrix Confidential + AWS cloud Seattle office AVX Controller Shared Services AVX User VPN Gateway Transit resource "aviatrix_transit_vpc" "test_transit_gw" { cloud_type = 1 account_name = "devops" gw_name = "transit" vpc_id = "vpc-abcd1234" vpc_reg = "us- east-1" vpc_size = "t2.micro" subnet = "10.1.0.0/24" ha_subnet = "10.1.0.0/24" tag_list = ["name:value", "name1:value1", "name2:value2"] } Feature 2 Feature 3Feature 1 Seattle data center AWS peering Site2Cloud connection
© 2017 AVIATRIX SYSTEMS, INC. | 35 Aviatrix Confidential + AWS cloud Seattle office AVX Controller Shared Services AVX User VPN Gateway Transit Needs Grow resource "aviatrix_transit_vpc" "test_transit_gw" { cloud_type = 1 account_name = "devops" gw_name = "transit" vpc_id = "vpc-abcd1234" vpc_reg = "us- east-1" vpc_size = "t2.micro" subnet = "10.1.0.0/24" ha_subnet = "10.1.0.0/24" tag_list = ["name:value", "name1:value1", "name2:value2"] } Feature 2 Feature 3Feature 1 Seattle data center AWS peering Site2Cloud connection
Shared Services Seattle – Office Aviatrix Controller Aviatrix User_VPN Gateway Feature 2Feature 1 Feature 3 Seattle Data Center + AWS Peering Terraform Adding VPCs Peering those VPCs Modifying the VPN users and profiles script for the new dev teams Creating the site2cloud connection from the gateway to the datacenter Transit Begins Site2Cloud Connection
AWS Cloud Seattle – Office Aviatrix Controller Aviatrix User_VPN Gateway Seattle Data Center + AWS Peering Complexity suffers a massive increase Site2Cloud Connection Transit Complexity Grows Feature 3Feature 2Feature 1
Shared Services AWS Cloud Seattle – Office Aviatrix Controller Aviatrix User_VPN Gateway Seattle Data Center + AWS Peering Complexity suffers a massive increase Site2Cloud Connection Transit Complexity Grows Feature 3Feature 2Feature 1
Shared Services AWS Cloud Seattle – Office Aviatrix Controller Aviatrix User_VPN Gateway Seattle Data Center + AWS Peering Basic Routing Constructs Give Way to the AWS Transit Gateway Site2Cloud Connection Transit Complexity Grows Feature 3Feature 2Feature 1
Shared Services AWS Cloud Seattle – Office Aviatrix Controller Aviatrix User_VPN Gateway Seattle Data Center + AWS Peering Basic Routing Constructs Give Way to the AWS Transit Gateway Direct Connect Transit Complexity Grows Feature 3Feature 2Feature 1
Shared Services AWS Cloud Seattle – Office Aviatrix Controller Aviatrix User_VPN Gateway Seattle Data Center + AWS Peering Basic Routing Constructs Give Way to the AWS Transit Gateway Direct Connect Transit Complexity Solved Feature 3Feature 2Feature 1
+ Egress Security • Distributed Egress • Centralized Egress • Hypergress Model Egress Security Feature 3 Feature 2 Feature 1 • Egress Security is in place to give your development and production servers access to the internet in a controlled, policy driven manner that builds on the NAT gateway concept but offers rules based off of FQDNs as opposed to IP addresses • There are several different operational models that you can use to deploy our Egress Filtering Gateways from an operational perspective – Distributed is one gateway per VPC, giving each of the private subnets in that VPC an automatic route to the ENI of the Egress Gateway
+ Egress Security • Distributed Egress • Centralized Egress • Hypergress Model Egress Security • Egress Security is in place to give your development and production servers access to the internet in a controlled, policy driven manner that builds on the NAT gateway concept but offers rules based off of FQDNs as opposed to IP addresses • There are several different operational models that you can use to deploy our Egress Filtering Gateways from an operational perspective – Distributed is one gateway per VPC, giving each of the private subnets in that VPC an automatic route to the ENI of the Egress Gateway
AWS Cloud Seattle – Office Aviatrix Controller Aviatrix User_VPN Gateway Feature 2Feature 1 Feature 3 Seattle Data Center + AWS Peering Complexity suffers a massive increase Site2Cloud Connection Transit Begins
User_VPN Service AWS Cloud Seattle – Office Stuff Aviatrix Controller Aviatrix User_VPN Gateway
The necessity of Transit evolves… AWS Cloud Seattle – Office Aviatrix User_VPN Gateway AVX Encrypted Peering Feature 2Feature 1 Feature 3 Change structure in first transition slide: 1. Transit? 2. More User VPN configs? 3. Site2Cloud connection to on-prem Michael now needs to create a few VPCs in his account and give the other teams access to them such they can begin development on the new features for his app. He will also need to provide VPN access to those teams such that they can login to their respective workspaces and be able to commit their code to his production server while following the encryption mandate.
Enabling HA AWS Cloud Seattle – Office Aviatrix User_VPN Gateway AVX Encrypted Peering Feature 2Feature 1 Feature 3 HA story 1. How it came about – someone from the cloud infra team 2. What he needed to do to modify his template to enable HA 3. The differences between the HA in the different components 4. The expected failover behavior model The scripts that we are adding to the
Transit Continues to evolve…. AWS Cloud Seattle – Office Aviatrix User_VPN Gateway AVX Encrypted Peering Feature 2Feature 1 Feature 3 Story of how Michaels transit solution evolves into a TGW based transit solution More VPCs, security domains, etc.
Egress Filtering Part AWS Cloud Seattle – Office Aviatrix User_VPN Gateway AVX Encrypted Peering Feature 2Feature 1 Feature 3 Story of how Michaels transit solution evolves into a TGW based transit solution More VPCs, security domains, etc.
App/Web VPC Bank 1 Application Component Subnets Aviatrix Controller AWS Peering VPC 1 Bank 2 Bank N The Summit Group AVX Implementation 10.0.0.0/16 • Discreet Site2Cloud VPN Connections can be created from within the App/Web VPC Gateways • A Mapped S2C Connection with SNAT/DNAT will need to be employed to manage the overlapping CIDR ranges ( More details will be needed for final configuration ) • No intermediary Transit VPC or Gateways are needed between the App/Web VPC and the banking locations. • Prescriptive guidance can be found in the listed articles: • https://docs.aviatrix.com/HowTos/s2c_o verlapping_subnets.html • https://www.aviatrix.com/answers/how- do-i-resolve-conflicts-with-data-center- ip-and-public-cloud-ip-address-ranges- using-aviatrix/ • https://www.aviatrix.com/answers/how- to-test-aviatrix-transit-vpc-for-aws- without-requiring-a-connection-to-your- data-center/
RajTestVPC TGW N Virginia TGW Egress Gateway VPC 1 VPC 1 VPC ISS_Sandbox Account 3 Account 2 Account 4 Your egress gateways
Proposed Solution - Aviatrix Software-Defined Cloud Router 1. Advanced Mode Transit Gateway • Support transitive routing from on-prem to AWS environment • Segmentation through Zero-trust architecture by design. Spoke VPCs cannot talk with each other through the transit. • Support a fully encrypted network in the hub and spoke architecture 1. Insane Mode: • Integrated into the Transit Network to provide 10Gbps performance between On-Premises and Transit VPC with encryption • Encryption over Direct Connect • For Transit VPC Peerings (VPC to VPC), Insane mode can achieve 20Gbps • Overcome VGW performance limits and 100 route limit 2. Transit DMZ: • Transit VPC running in Transit DMZ Mode to enable scalable cloud firewall deployment for Ingress/Egress inspection. Security and Networking functions decoupled to allow independent scalability. 3. Automation performed through Terraform: • Aviatrix Controller and Gateways can be automated through the use Terraform.
WIZARDS OF THE COAST – AWS Multi-Region VPC 1 Transit VPC (Aviatrix Edge) On-Premise US-WEST-1 Region VPC 2 AWS Transit Gateway VPC N VPC 1 Transit VPC (Aviatrix Edge) On-Premise VPC 2 AWS Transit Gateway VPC 3 US-EAST-1 Region Backup VPN Backup VPN Aviatrix Controller Shared Services VPC Build list 1 egress filters 1 tgw attachments 1 region
Potential Capabilities 1. Egress Filtering • Replace AWS NAT Gateway with policy based NAT Gateway. Aviatrix goes beyond IP-based filtering to include FQDN filtering across TCP and UDP traffic including HTTP, HTTPS and SFTP traffic. 2. User VPN • Aviatrix provides a cloud native and feature rich client VPN solution. The solution is based on OpenVPN® and is compatible with all OpenVPN® clients. In addition, Aviatrix provides its own client that supports SAML authentication directly from the client. • The Aviatrix VPN solution is the only VPN solution that provides SAML authentication from the client itself. The solution is built on OpenVPN. The Aviatrix VPN Client provides a seamless user experience when authenticating a VPN user through a SAML IDP. The client also supports password based authentication methods as well.
Documentation and Guides: 1. Advanced Mode Transit Gateway 2. Transit Gateway Peering 3. Insane Mode • High Performance Transit Network - Insane Mode • Insane Mode Encryption Performance • 10Gbps Transit VPC Design 4. Transit DMZ and Workflow 5. Terraform: 1. Requirements 2. Tutorial 3. Export tgw
Understanding the New Enterprise Multi-Cloud Backbone for DevOps Engineers

Recommended

Seven Criteria for Building an AWS Global Transit Network
Seven Criteria for Building an AWS Global Transit NetworkSeven Criteria for Building an AWS Global Transit Network
Seven Criteria for Building an AWS Global Transit NetworkKhash Nakhostin
 
Securing Your AWS Global Transit Network: Are You Asking the Right Questions?
Securing Your AWS Global Transit Network: Are You Asking the Right Questions?Securing Your AWS Global Transit Network: Are You Asking the Right Questions?
Securing Your AWS Global Transit Network: Are You Asking the Right Questions?Khash Nakhostin
 
Getting the Most Value from Your Aviatrix Controller & Gateways
Getting the Most Value from Your Aviatrix Controller & GatewaysGetting the Most Value from Your Aviatrix Controller & Gateways
Getting the Most Value from Your Aviatrix Controller & GatewaysKhash Nakhostin
 
What You Need to Know About Operationalizing Your AWS Transit Hub
What You Need to Know About Operationalizing Your AWS Transit HubWhat You Need to Know About Operationalizing Your AWS Transit Hub
What You Need to Know About Operationalizing Your AWS Transit HubKhash Nakhostin
 
Securely Connecting Your Customers to Their Cloud-Hosted App – In Minutes
Securely Connecting Your Customers to Their Cloud-Hosted App – In MinutesSecurely Connecting Your Customers to Their Cloud-Hosted App – In Minutes
Securely Connecting Your Customers to Their Cloud-Hosted App – In MinutesKhash Nakhostin
 
Three Innovations that Define a “Next-Generation Global Transit Hub”
Three Innovations that Define a “Next-Generation Global Transit Hub”Three Innovations that Define a “Next-Generation Global Transit Hub”
Three Innovations that Define a “Next-Generation Global Transit Hub”Khash Nakhostin
 
Secure Remote Access to AWS: Why OpenVPN & Jump Hosts Aren’t Enough
Secure Remote Access to AWS: Why OpenVPN & Jump Hosts Aren’t EnoughSecure Remote Access to AWS: Why OpenVPN & Jump Hosts Aren’t Enough
Secure Remote Access to AWS: Why OpenVPN & Jump Hosts Aren’t EnoughKhash Nakhostin
 
Five Connectivity and Security Use Cases for Azure VNets
Five Connectivity and Security Use Cases for Azure VNetsFive Connectivity and Security Use Cases for Azure VNets
Five Connectivity and Security Use Cases for Azure VNetsKhash Nakhostin
 

Recommended

Seven Criteria for Building an AWS Global Transit Network
Seven Criteria for Building an AWS Global Transit NetworkSeven Criteria for Building an AWS Global Transit Network
Seven Criteria for Building an AWS Global Transit NetworkKhash Nakhostin
 
Securing Your AWS Global Transit Network: Are You Asking the Right Questions?
Securing Your AWS Global Transit Network: Are You Asking the Right Questions?Securing Your AWS Global Transit Network: Are You Asking the Right Questions?
Securing Your AWS Global Transit Network: Are You Asking the Right Questions?Khash Nakhostin
 
Getting the Most Value from Your Aviatrix Controller & Gateways
Getting the Most Value from Your Aviatrix Controller & GatewaysGetting the Most Value from Your Aviatrix Controller & Gateways
Getting the Most Value from Your Aviatrix Controller & GatewaysKhash Nakhostin
 
What You Need to Know About Operationalizing Your AWS Transit Hub
What You Need to Know About Operationalizing Your AWS Transit HubWhat You Need to Know About Operationalizing Your AWS Transit Hub
What You Need to Know About Operationalizing Your AWS Transit HubKhash Nakhostin
 
Securely Connecting Your Customers to Their Cloud-Hosted App – In Minutes
Securely Connecting Your Customers to Their Cloud-Hosted App – In MinutesSecurely Connecting Your Customers to Their Cloud-Hosted App – In Minutes
Securely Connecting Your Customers to Their Cloud-Hosted App – In MinutesKhash Nakhostin
 
Three Innovations that Define a “Next-Generation Global Transit Hub”
Three Innovations that Define a “Next-Generation Global Transit Hub”Three Innovations that Define a “Next-Generation Global Transit Hub”
Three Innovations that Define a “Next-Generation Global Transit Hub”Khash Nakhostin
 
Secure Remote Access to AWS: Why OpenVPN & Jump Hosts Aren’t Enough
Secure Remote Access to AWS: Why OpenVPN & Jump Hosts Aren’t EnoughSecure Remote Access to AWS: Why OpenVPN & Jump Hosts Aren’t Enough
Secure Remote Access to AWS: Why OpenVPN & Jump Hosts Aren’t EnoughKhash Nakhostin
 
Five Connectivity and Security Use Cases for Azure VNets
Five Connectivity and Security Use Cases for Azure VNetsFive Connectivity and Security Use Cases for Azure VNets
Five Connectivity and Security Use Cases for Azure VNetsKhash Nakhostin
 
Security Requirements and Tradeoffs for Controlling VPC-to-Internet Egress Tr...
Security Requirements and Tradeoffs for Controlling VPC-to-Internet Egress Tr...Security Requirements and Tradeoffs for Controlling VPC-to-Internet Egress Tr...
Security Requirements and Tradeoffs for Controlling VPC-to-Internet Egress Tr...Khash Nakhostin
 
Network Troubleshooting in the Cloud: Tools, Techniques and Gotchas
Network Troubleshooting in the Cloud: Tools, Techniques and GotchasNetwork Troubleshooting in the Cloud: Tools, Techniques and Gotchas
Network Troubleshooting in the Cloud: Tools, Techniques and GotchasKhash Nakhostin
 
(ENT401) Hybrid Infrastructure Integration | AWS re:Invent 2014
(ENT401) Hybrid Infrastructure Integration | AWS re:Invent 2014(ENT401) Hybrid Infrastructure Integration | AWS re:Invent 2014
(ENT401) Hybrid Infrastructure Integration | AWS re:Invent 2014Amazon Web Services
 
Demystifying Service Mesh
Demystifying Service MeshDemystifying Service Mesh
Demystifying Service MeshMitchell Pronschinske
 
Getting Started with Kubernetes and Consul
Getting Started with Kubernetes and ConsulGetting Started with Kubernetes and Consul
Getting Started with Kubernetes and ConsulMitchell Pronschinske
 
Securing your cloud perimeter with azure network security brk3185
Securing your cloud perimeter with azure network security brk3185Securing your cloud perimeter with azure network security brk3185
Securing your cloud perimeter with azure network security brk3185jtaylor707
 
Hybrid Infrastructure Integration
Hybrid Infrastructure IntegrationHybrid Infrastructure Integration
Hybrid Infrastructure IntegrationAmazon Web Services
 
Modernizing Application Deployments with HashiCorp Consul on Microsoft Azure
Modernizing Application Deployments with HashiCorp Consul on Microsoft AzureModernizing Application Deployments with HashiCorp Consul on Microsoft Azure
Modernizing Application Deployments with HashiCorp Consul on Microsoft AzureMitchell Pronschinske
 
Smart networking with service meshes
Smart networking with service meshes Smart networking with service meshes
Smart networking with service meshes Mitchell Pronschinske
 
CompTIA Cloud Plus Certification Bootcamp June 2017
CompTIA Cloud Plus Certification Bootcamp June 2017CompTIA Cloud Plus Certification Bootcamp June 2017
CompTIA Cloud Plus Certification Bootcamp June 2017Joseph Holbrook, Chief Learning Officer (CLO)
 
Consul 1.6: Layer 7 Traffic Management and Mesh Gateways
Consul 1.6: Layer 7 Traffic Management and Mesh GatewaysConsul 1.6: Layer 7 Traffic Management and Mesh Gateways
Consul 1.6: Layer 7 Traffic Management and Mesh GatewaysMitchell Pronschinske
 
The Best of Both Worlds: Implementing Hybrid IT with AWS (ENT218) | AWS re:In...
The Best of Both Worlds: Implementing Hybrid IT with AWS (ENT218) | AWS re:In...The Best of Both Worlds: Implementing Hybrid IT with AWS (ENT218) | AWS re:In...
The Best of Both Worlds: Implementing Hybrid IT with AWS (ENT218) | AWS re:In...Amazon Web Services
 
(NET303) Optimizing Your Cloud Architecture With Network Strategy
(NET303) Optimizing Your Cloud Architecture With Network Strategy(NET303) Optimizing Your Cloud Architecture With Network Strategy
(NET303) Optimizing Your Cloud Architecture With Network StrategyAmazon Web Services
 
Eucalyptus-AWS Hybrid Using RightScale myCloud
Eucalyptus-AWS Hybrid Using RightScale myCloudEucalyptus-AWS Hybrid Using RightScale myCloud
Eucalyptus-AWS Hybrid Using RightScale myCloudRightScale
 
Hybrid Infrastructure Integration
Hybrid Infrastructure IntegrationHybrid Infrastructure Integration
Hybrid Infrastructure IntegrationAmazon Web Services
 
Architecting Multi-Cloud Environments
Architecting Multi-Cloud EnvironmentsArchitecting Multi-Cloud Environments
Architecting Multi-Cloud EnvironmentsRightScale
 
Securing AWS Accounts with Hashi Vault
Securing AWS Accounts with Hashi VaultSecuring AWS Accounts with Hashi Vault
Securing AWS Accounts with Hashi VaultShrivatsa Upadhye
 
Vault 1.4 launch webinar
Vault 1.4 launch webinar Vault 1.4 launch webinar
Vault 1.4 launch webinar Mitchell Pronschinske
 
(ENT205) AWS and VMware: How to Architect and Manage Hybrid Environments | AW...
(ENT205) AWS and VMware: How to Architect and Manage Hybrid Environments | AW...(ENT205) AWS and VMware: How to Architect and Manage Hybrid Environments | AW...
(ENT205) AWS and VMware: How to Architect and Manage Hybrid Environments | AW...Amazon Web Services
 
Resilient Microservices with Spring Cloud
Resilient Microservices with Spring CloudResilient Microservices with Spring Cloud
Resilient Microservices with Spring CloudVMware Tanzu
 
(ARC401) Cloud First: New Architecture for New Infrastructure
(ARC401) Cloud First: New Architecture for New Infrastructure(ARC401) Cloud First: New Architecture for New Infrastructure
(ARC401) Cloud First: New Architecture for New InfrastructureAmazon Web Services
 
Stups.io - an Open Source Cloud Framework for AWS
Stups.io - an Open Source Cloud Framework for AWSStups.io - an Open Source Cloud Framework for AWS
Stups.io - an Open Source Cloud Framework for AWSJan Löffler
 

More Related Content

What's hot

Security Requirements and Tradeoffs for Controlling VPC-to-Internet Egress Tr...
Security Requirements and Tradeoffs for Controlling VPC-to-Internet Egress Tr...Security Requirements and Tradeoffs for Controlling VPC-to-Internet Egress Tr...
Security Requirements and Tradeoffs for Controlling VPC-to-Internet Egress Tr...Khash Nakhostin
 
Network Troubleshooting in the Cloud: Tools, Techniques and Gotchas
Network Troubleshooting in the Cloud: Tools, Techniques and GotchasNetwork Troubleshooting in the Cloud: Tools, Techniques and Gotchas
Network Troubleshooting in the Cloud: Tools, Techniques and GotchasKhash Nakhostin
 
(ENT401) Hybrid Infrastructure Integration | AWS re:Invent 2014
(ENT401) Hybrid Infrastructure Integration | AWS re:Invent 2014(ENT401) Hybrid Infrastructure Integration | AWS re:Invent 2014
(ENT401) Hybrid Infrastructure Integration | AWS re:Invent 2014Amazon Web Services
 
Getting Started with Kubernetes and Consul
Getting Started with Kubernetes and ConsulGetting Started with Kubernetes and Consul
Getting Started with Kubernetes and ConsulMitchell Pronschinske
 
Securing your cloud perimeter with azure network security brk3185
Securing your cloud perimeter with azure network security brk3185Securing your cloud perimeter with azure network security brk3185
Securing your cloud perimeter with azure network security brk3185jtaylor707
 
Hybrid Infrastructure Integration
Hybrid Infrastructure IntegrationHybrid Infrastructure Integration
Hybrid Infrastructure IntegrationAmazon Web Services
 
Modernizing Application Deployments with HashiCorp Consul on Microsoft Azure
Modernizing Application Deployments with HashiCorp Consul on Microsoft AzureModernizing Application Deployments with HashiCorp Consul on Microsoft Azure
Modernizing Application Deployments with HashiCorp Consul on Microsoft AzureMitchell Pronschinske
 
Smart networking with service meshes
Smart networking with service meshes Smart networking with service meshes
Smart networking with service meshes Mitchell Pronschinske
 
Consul 1.6: Layer 7 Traffic Management and Mesh Gateways
Consul 1.6: Layer 7 Traffic Management and Mesh GatewaysConsul 1.6: Layer 7 Traffic Management and Mesh Gateways
Consul 1.6: Layer 7 Traffic Management and Mesh GatewaysMitchell Pronschinske
 
The Best of Both Worlds: Implementing Hybrid IT with AWS (ENT218) | AWS re:In...
The Best of Both Worlds: Implementing Hybrid IT with AWS (ENT218) | AWS re:In...The Best of Both Worlds: Implementing Hybrid IT with AWS (ENT218) | AWS re:In...
The Best of Both Worlds: Implementing Hybrid IT with AWS (ENT218) | AWS re:In...Amazon Web Services
 
(NET303) Optimizing Your Cloud Architecture With Network Strategy
(NET303) Optimizing Your Cloud Architecture With Network Strategy(NET303) Optimizing Your Cloud Architecture With Network Strategy
(NET303) Optimizing Your Cloud Architecture With Network StrategyAmazon Web Services
 
Eucalyptus-AWS Hybrid Using RightScale myCloud
Eucalyptus-AWS Hybrid Using RightScale myCloudEucalyptus-AWS Hybrid Using RightScale myCloud
Eucalyptus-AWS Hybrid Using RightScale myCloudRightScale
 
Hybrid Infrastructure Integration
Hybrid Infrastructure IntegrationHybrid Infrastructure Integration
Hybrid Infrastructure IntegrationAmazon Web Services
 
Architecting Multi-Cloud Environments
Architecting Multi-Cloud EnvironmentsArchitecting Multi-Cloud Environments
Architecting Multi-Cloud EnvironmentsRightScale
 
Securing AWS Accounts with Hashi Vault
Securing AWS Accounts with Hashi VaultSecuring AWS Accounts with Hashi Vault
Securing AWS Accounts with Hashi VaultShrivatsa Upadhye
 
(ENT205) AWS and VMware: How to Architect and Manage Hybrid Environments | AW...
(ENT205) AWS and VMware: How to Architect and Manage Hybrid Environments | AW...(ENT205) AWS and VMware: How to Architect and Manage Hybrid Environments | AW...
(ENT205) AWS and VMware: How to Architect and Manage Hybrid Environments | AW...Amazon Web Services
 
Resilient Microservices with Spring Cloud
Resilient Microservices with Spring CloudResilient Microservices with Spring Cloud
Resilient Microservices with Spring CloudVMware Tanzu
 

What's hot (20)

Security Requirements and Tradeoffs for Controlling VPC-to-Internet Egress Tr...
Security Requirements and Tradeoffs for Controlling VPC-to-Internet Egress Tr...Security Requirements and Tradeoffs for Controlling VPC-to-Internet Egress Tr...
Security Requirements and Tradeoffs for Controlling VPC-to-Internet Egress Tr...
 
Network Troubleshooting in the Cloud: Tools, Techniques and Gotchas
Network Troubleshooting in the Cloud: Tools, Techniques and GotchasNetwork Troubleshooting in the Cloud: Tools, Techniques and Gotchas
Network Troubleshooting in the Cloud: Tools, Techniques and Gotchas
 
(ENT401) Hybrid Infrastructure Integration | AWS re:Invent 2014
(ENT401) Hybrid Infrastructure Integration | AWS re:Invent 2014(ENT401) Hybrid Infrastructure Integration | AWS re:Invent 2014
(ENT401) Hybrid Infrastructure Integration | AWS re:Invent 2014
 
Demystifying Service Mesh
Demystifying Service MeshDemystifying Service Mesh
Demystifying Service Mesh
 
Getting Started with Kubernetes and Consul
Getting Started with Kubernetes and ConsulGetting Started with Kubernetes and Consul
Getting Started with Kubernetes and Consul
 
Securing your cloud perimeter with azure network security brk3185
Securing your cloud perimeter with azure network security brk3185Securing your cloud perimeter with azure network security brk3185
Securing your cloud perimeter with azure network security brk3185
 
Hybrid Infrastructure Integration
Hybrid Infrastructure IntegrationHybrid Infrastructure Integration
Hybrid Infrastructure Integration
 
Modernizing Application Deployments with HashiCorp Consul on Microsoft Azure
Modernizing Application Deployments with HashiCorp Consul on Microsoft AzureModernizing Application Deployments with HashiCorp Consul on Microsoft Azure
Modernizing Application Deployments with HashiCorp Consul on Microsoft Azure
 
Smart networking with service meshes
Smart networking with service meshes Smart networking with service meshes
Smart networking with service meshes
 
CompTIA Cloud Plus Certification Bootcamp June 2017
CompTIA Cloud Plus Certification Bootcamp June 2017CompTIA Cloud Plus Certification Bootcamp June 2017
CompTIA Cloud Plus Certification Bootcamp June 2017
 
Consul 1.6: Layer 7 Traffic Management and Mesh Gateways
Consul 1.6: Layer 7 Traffic Management and Mesh GatewaysConsul 1.6: Layer 7 Traffic Management and Mesh Gateways
Consul 1.6: Layer 7 Traffic Management and Mesh Gateways
 
The Best of Both Worlds: Implementing Hybrid IT with AWS (ENT218) | AWS re:In...
The Best of Both Worlds: Implementing Hybrid IT with AWS (ENT218) | AWS re:In...The Best of Both Worlds: Implementing Hybrid IT with AWS (ENT218) | AWS re:In...
The Best of Both Worlds: Implementing Hybrid IT with AWS (ENT218) | AWS re:In...
 
(NET303) Optimizing Your Cloud Architecture With Network Strategy
(NET303) Optimizing Your Cloud Architecture With Network Strategy(NET303) Optimizing Your Cloud Architecture With Network Strategy
(NET303) Optimizing Your Cloud Architecture With Network Strategy
 
Eucalyptus-AWS Hybrid Using RightScale myCloud
Eucalyptus-AWS Hybrid Using RightScale myCloudEucalyptus-AWS Hybrid Using RightScale myCloud
Eucalyptus-AWS Hybrid Using RightScale myCloud
 
Hybrid Infrastructure Integration
Hybrid Infrastructure IntegrationHybrid Infrastructure Integration
Hybrid Infrastructure Integration
 
Architecting Multi-Cloud Environments
Architecting Multi-Cloud EnvironmentsArchitecting Multi-Cloud Environments
Architecting Multi-Cloud Environments
 
Securing AWS Accounts with Hashi Vault
Securing AWS Accounts with Hashi VaultSecuring AWS Accounts with Hashi Vault
Securing AWS Accounts with Hashi Vault
 
Vault 1.4 launch webinar
Vault 1.4 launch webinar Vault 1.4 launch webinar
Vault 1.4 launch webinar
 
(ENT205) AWS and VMware: How to Architect and Manage Hybrid Environments | AW...
(ENT205) AWS and VMware: How to Architect and Manage Hybrid Environments | AW...(ENT205) AWS and VMware: How to Architect and Manage Hybrid Environments | AW...
(ENT205) AWS and VMware: How to Architect and Manage Hybrid Environments | AW...
 
Resilient Microservices with Spring Cloud
Resilient Microservices with Spring CloudResilient Microservices with Spring Cloud
Resilient Microservices with Spring Cloud
 

Similar to Understanding the New Enterprise Multi-Cloud Backbone for DevOps Engineers

(ARC401) Cloud First: New Architecture for New Infrastructure
(ARC401) Cloud First: New Architecture for New Infrastructure(ARC401) Cloud First: New Architecture for New Infrastructure
(ARC401) Cloud First: New Architecture for New InfrastructureAmazon Web Services
 
Stups.io - an Open Source Cloud Framework for AWS
Stups.io - an Open Source Cloud Framework for AWSStups.io - an Open Source Cloud Framework for AWS
Stups.io - an Open Source Cloud Framework for AWSJan Löffler
 
Running Serverless at The Edge (CTD302) - AWS re:Invent 2018
Running Serverless at The Edge (CTD302) - AWS re:Invent 2018Running Serverless at The Edge (CTD302) - AWS re:Invent 2018
Running Serverless at The Edge (CTD302) - AWS re:Invent 2018Amazon Web Services
 
Integrating Jira Software Cloud With the AWS Code Suite
Integrating Jira Software Cloud With the AWS Code SuiteIntegrating Jira Software Cloud With the AWS Code Suite
Integrating Jira Software Cloud With the AWS Code SuiteAtlassian
 
GE Predix 新手入门 赵锴 物联网_IoT
GE Predix 新手入门 赵锴 物联网_IoTGE Predix 新手入门 赵锴 物联网_IoT
GE Predix 新手入门 赵锴 物联网_IoTKai Zhao
 
Aviatrix_and_CheckPoint_Cloudmates_Apr_2021.pptx
Aviatrix_and_CheckPoint_Cloudmates_Apr_2021.pptxAviatrix_and_CheckPoint_Cloudmates_Apr_2021.pptx
Aviatrix_and_CheckPoint_Cloudmates_Apr_2021.pptxjopivihine
 
Distributed Traceability in AWS - Life of a Transaction
Distributed Traceability in AWS - Life of a TransactionDistributed Traceability in AWS - Life of a Transaction
Distributed Traceability in AWS - Life of a TransactionAmazon Web Services
 
Simplify Cloud Applications using Spring Cloud
Simplify Cloud Applications using Spring CloudSimplify Cloud Applications using Spring Cloud
Simplify Cloud Applications using Spring CloudRamnivas Laddad
 
Transitioning to the Next Generation Hybrid Cloud Operating Model- AWS Summit...
Transitioning to the Next Generation Hybrid Cloud Operating Model- AWS Summit...Transitioning to the Next Generation Hybrid Cloud Operating Model- AWS Summit...
Transitioning to the Next Generation Hybrid Cloud Operating Model- AWS Summit...Amazon Web Services
 
Infrastructure as Code: Manage your Architecture with Git
Infrastructure as Code: Manage your Architecture with GitInfrastructure as Code: Manage your Architecture with Git
Infrastructure as Code: Manage your Architecture with GitDanilo Poccia
 
Building Serverless Container Applications using AWS Fargate and CDK
Building Serverless Container Applications using AWS Fargate and CDK Building Serverless Container Applications using AWS Fargate and CDK
Building Serverless Container Applications using AWS Fargate and CDK Amazon Web Services
 
Deploying Cloud Native Red Team Infrastructure with Kubernetes, Istio and Envoy
Deploying Cloud Native Red Team Infrastructure with Kubernetes, Istio and Envoy Deploying Cloud Native Red Team Infrastructure with Kubernetes, Istio and Envoy
Deploying Cloud Native Red Team Infrastructure with Kubernetes, Istio and Envoy Jeffrey Holden
 
Shashi Raina [AWS] & Al Sargent [InfluxData] | Build Modern Monitoring with I...
Shashi Raina [AWS] & Al Sargent [InfluxData] | Build Modern Monitoring with I...Shashi Raina [AWS] & Al Sargent [InfluxData] | Build Modern Monitoring with I...
Shashi Raina [AWS] & Al Sargent [InfluxData] | Build Modern Monitoring with I...InfluxData
 
Deep Dive - Hybrid Architectures
Deep Dive - Hybrid ArchitecturesDeep Dive - Hybrid Architectures
Deep Dive - Hybrid ArchitecturesAmazon Web Services
 
AirVantage M2M Cloud - A survival guide to newcomers
AirVantage M2M Cloud - A survival guide to newcomersAirVantage M2M Cloud - A survival guide to newcomers
AirVantage M2M Cloud - A survival guide to newcomersDavid Sciamma
 
Deploying windows containers with kubernetes
Deploying windows containers with kubernetesDeploying windows containers with kubernetes
Deploying windows containers with kubernetesBen Hall
 
Sierra Wireless Developer Day 2013 - 11 - AirVantage M2M Cloud
Sierra Wireless Developer Day 2013 - 11 - AirVantage M2M CloudSierra Wireless Developer Day 2013 - 11 - AirVantage M2M Cloud
Sierra Wireless Developer Day 2013 - 11 - AirVantage M2M CloudThibault Cantegrel
 
Hybrid Infrastructure Integration
Hybrid Infrastructure IntegrationHybrid Infrastructure Integration
Hybrid Infrastructure IntegrationAmazon Web Services
 
Amazon EKS multi-cluster gitops-bridge
Amazon EKS multi-cluster gitops-bridgeAmazon EKS multi-cluster gitops-bridge
Amazon EKS multi-cluster gitops-bridgeCarlos Santana
 

Similar to Understanding the New Enterprise Multi-Cloud Backbone for DevOps Engineers (20)

(ARC401) Cloud First: New Architecture for New Infrastructure
(ARC401) Cloud First: New Architecture for New Infrastructure(ARC401) Cloud First: New Architecture for New Infrastructure
(ARC401) Cloud First: New Architecture for New Infrastructure
 
Stups.io - an Open Source Cloud Framework for AWS
Stups.io - an Open Source Cloud Framework for AWSStups.io - an Open Source Cloud Framework for AWS
Stups.io - an Open Source Cloud Framework for AWS
 
Running Serverless at The Edge (CTD302) - AWS re:Invent 2018
Running Serverless at The Edge (CTD302) - AWS re:Invent 2018Running Serverless at The Edge (CTD302) - AWS re:Invent 2018
Running Serverless at The Edge (CTD302) - AWS re:Invent 2018
 
Integrating Jira Software Cloud With the AWS Code Suite
Integrating Jira Software Cloud With the AWS Code SuiteIntegrating Jira Software Cloud With the AWS Code Suite
Integrating Jira Software Cloud With the AWS Code Suite
 
GE Predix 新手入门 赵锴 物联网_IoT
GE Predix 新手入门 赵锴 物联网_IoTGE Predix 新手入门 赵锴 物联网_IoT
GE Predix 新手入门 赵锴 物联网_IoT
 
Aviatrix_and_CheckPoint_Cloudmates_Apr_2021.pptx
Aviatrix_and_CheckPoint_Cloudmates_Apr_2021.pptxAviatrix_and_CheckPoint_Cloudmates_Apr_2021.pptx
Aviatrix_and_CheckPoint_Cloudmates_Apr_2021.pptx
 
Distributed Traceability in AWS - Life of a Transaction
Distributed Traceability in AWS - Life of a TransactionDistributed Traceability in AWS - Life of a Transaction
Distributed Traceability in AWS - Life of a Transaction
 
Simplify Cloud Applications using Spring Cloud
Simplify Cloud Applications using Spring CloudSimplify Cloud Applications using Spring Cloud
Simplify Cloud Applications using Spring Cloud
 
Transitioning to the Next Generation Hybrid Cloud Operating Model- AWS Summit...
Transitioning to the Next Generation Hybrid Cloud Operating Model- AWS Summit...Transitioning to the Next Generation Hybrid Cloud Operating Model- AWS Summit...
Transitioning to the Next Generation Hybrid Cloud Operating Model- AWS Summit...
 
Infrastructure as Code: Manage your Architecture with Git
Infrastructure as Code: Manage your Architecture with GitInfrastructure as Code: Manage your Architecture with Git
Infrastructure as Code: Manage your Architecture with Git
 
Building Serverless Container Applications using AWS Fargate and CDK
Building Serverless Container Applications using AWS Fargate and CDK Building Serverless Container Applications using AWS Fargate and CDK
Building Serverless Container Applications using AWS Fargate and CDK
 
Deploying Cloud Native Red Team Infrastructure with Kubernetes, Istio and Envoy
Deploying Cloud Native Red Team Infrastructure with Kubernetes, Istio and Envoy Deploying Cloud Native Red Team Infrastructure with Kubernetes, Istio and Envoy
Deploying Cloud Native Red Team Infrastructure with Kubernetes, Istio and Envoy
 
Deploying SharePoint @ Cloud
Deploying SharePoint @ CloudDeploying SharePoint @ Cloud
Deploying SharePoint @ Cloud
 
Shashi Raina [AWS] & Al Sargent [InfluxData] | Build Modern Monitoring with I...
Shashi Raina [AWS] & Al Sargent [InfluxData] | Build Modern Monitoring with I...Shashi Raina [AWS] & Al Sargent [InfluxData] | Build Modern Monitoring with I...
Shashi Raina [AWS] & Al Sargent [InfluxData] | Build Modern Monitoring with I...
 
Deep Dive - Hybrid Architectures
Deep Dive - Hybrid ArchitecturesDeep Dive - Hybrid Architectures
Deep Dive - Hybrid Architectures
 
AirVantage M2M Cloud - A survival guide to newcomers
AirVantage M2M Cloud - A survival guide to newcomersAirVantage M2M Cloud - A survival guide to newcomers
AirVantage M2M Cloud - A survival guide to newcomers
 
Deploying windows containers with kubernetes
Deploying windows containers with kubernetesDeploying windows containers with kubernetes
Deploying windows containers with kubernetes
 
Sierra Wireless Developer Day 2013 - 11 - AirVantage M2M Cloud
Sierra Wireless Developer Day 2013 - 11 - AirVantage M2M CloudSierra Wireless Developer Day 2013 - 11 - AirVantage M2M Cloud
Sierra Wireless Developer Day 2013 - 11 - AirVantage M2M Cloud
 
Hybrid Infrastructure Integration
Hybrid Infrastructure IntegrationHybrid Infrastructure Integration
Hybrid Infrastructure Integration
 
Amazon EKS multi-cluster gitops-bridge
Amazon EKS multi-cluster gitops-bridgeAmazon EKS multi-cluster gitops-bridge
Amazon EKS multi-cluster gitops-bridge
 

More from DevOps.com

Modernizing on IBM Z Made Easier With Open Source Software
Modernizing on IBM Z Made Easier With Open Source SoftwareModernizing on IBM Z Made Easier With Open Source Software
Modernizing on IBM Z Made Easier With Open Source SoftwareDevOps.com
 
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...DevOps.com
 
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...DevOps.com
 
Next Generation Vulnerability Assessment Using Datadog and Snyk
Next Generation Vulnerability Assessment Using Datadog and SnykNext Generation Vulnerability Assessment Using Datadog and Snyk
Next Generation Vulnerability Assessment Using Datadog and SnykDevOps.com
 
Vulnerability Discovery in the Cloud
Vulnerability Discovery in the CloudVulnerability Discovery in the Cloud
Vulnerability Discovery in the CloudDevOps.com
 
2021 Open Source Governance: Top Ten Trends and Predictions
2021 Open Source Governance: Top Ten Trends and Predictions2021 Open Source Governance: Top Ten Trends and Predictions
2021 Open Source Governance: Top Ten Trends and PredictionsDevOps.com
 
A New Year’s Ransomware Resolution
A New Year’s Ransomware ResolutionA New Year’s Ransomware Resolution
A New Year’s Ransomware ResolutionDevOps.com
 
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)DevOps.com
 
Don't Panic! Effective Incident Response
Don't Panic! Effective Incident ResponseDon't Panic! Effective Incident Response
Don't Panic! Effective Incident ResponseDevOps.com
 
Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's Culture
Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's CultureCreating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's Culture
Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's CultureDevOps.com
 
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with Teleport
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with TeleportRole Based Access Controls (RBAC) for SSH and Kubernetes Access with Teleport
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with TeleportDevOps.com
 
Monitoring Serverless Applications with Datadog
Monitoring Serverless Applications with DatadogMonitoring Serverless Applications with Datadog
Monitoring Serverless Applications with DatadogDevOps.com
 
Deliver your App Anywhere … Publicly or Privately
Deliver your App Anywhere … Publicly or PrivatelyDeliver your App Anywhere … Publicly or Privately
Deliver your App Anywhere … Publicly or PrivatelyDevOps.com
 
Securing medical apps in the age of covid final
Securing medical apps in the age of covid finalSecuring medical apps in the age of covid final
Securing medical apps in the age of covid finalDevOps.com
 
How to Build a Healthy On-Call Culture
How to Build a Healthy On-Call CultureHow to Build a Healthy On-Call Culture
How to Build a Healthy On-Call CultureDevOps.com
 
The Evolving Role of the Developer in 2021
The Evolving Role of the Developer in 2021The Evolving Role of the Developer in 2021
The Evolving Role of the Developer in 2021DevOps.com
 
Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?DevOps.com
 
Secure Data Sharing in OpenShift Environments
Secure Data Sharing in OpenShift EnvironmentsSecure Data Sharing in OpenShift Environments
Secure Data Sharing in OpenShift EnvironmentsDevOps.com
 
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...DevOps.com
 
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...DevOps.com
 

More from DevOps.com (20)

Modernizing on IBM Z Made Easier With Open Source Software
Modernizing on IBM Z Made Easier With Open Source SoftwareModernizing on IBM Z Made Easier With Open Source Software
Modernizing on IBM Z Made Easier With Open Source Software
 
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
 
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
 
Next Generation Vulnerability Assessment Using Datadog and Snyk
Next Generation Vulnerability Assessment Using Datadog and SnykNext Generation Vulnerability Assessment Using Datadog and Snyk
Next Generation Vulnerability Assessment Using Datadog and Snyk
 
Vulnerability Discovery in the Cloud
Vulnerability Discovery in the CloudVulnerability Discovery in the Cloud
Vulnerability Discovery in the Cloud
 
2021 Open Source Governance: Top Ten Trends and Predictions
2021 Open Source Governance: Top Ten Trends and Predictions2021 Open Source Governance: Top Ten Trends and Predictions
2021 Open Source Governance: Top Ten Trends and Predictions
 
A New Year’s Ransomware Resolution
A New Year’s Ransomware ResolutionA New Year’s Ransomware Resolution
A New Year’s Ransomware Resolution
 
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
 
Don't Panic! Effective Incident Response
Don't Panic! Effective Incident ResponseDon't Panic! Effective Incident Response
Don't Panic! Effective Incident Response
 
Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's Culture
Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's CultureCreating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's Culture
Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's Culture
 
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with Teleport
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with TeleportRole Based Access Controls (RBAC) for SSH and Kubernetes Access with Teleport
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with Teleport
 
Monitoring Serverless Applications with Datadog
Monitoring Serverless Applications with DatadogMonitoring Serverless Applications with Datadog
Monitoring Serverless Applications with Datadog
 
Deliver your App Anywhere … Publicly or Privately
Deliver your App Anywhere … Publicly or PrivatelyDeliver your App Anywhere … Publicly or Privately
Deliver your App Anywhere … Publicly or Privately
 
Securing medical apps in the age of covid final
Securing medical apps in the age of covid finalSecuring medical apps in the age of covid final
Securing medical apps in the age of covid final
 
How to Build a Healthy On-Call Culture
How to Build a Healthy On-Call CultureHow to Build a Healthy On-Call Culture
How to Build a Healthy On-Call Culture
 
The Evolving Role of the Developer in 2021
The Evolving Role of the Developer in 2021The Evolving Role of the Developer in 2021
The Evolving Role of the Developer in 2021
 
Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?
 
Secure Data Sharing in OpenShift Environments
Secure Data Sharing in OpenShift EnvironmentsSecure Data Sharing in OpenShift Environments
Secure Data Sharing in OpenShift Environments
 
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...
 
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...
 

Recently uploaded

"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 

Recently uploaded (20)

"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 

Understanding the New Enterprise Multi-Cloud Backbone for DevOps Engineers

  • 1. Understanding the New Enterprise Multi-Cloud Backbone for DevOps Engineers
  • 2. 21 Years in Information Technology - Administration / Networking - Design / Development / Cloud 10 Years in the InfoSec Space - Application / Mobile Security - Infrastructure / SIEM / Risk Python Coder – PyCharmMark Cunningham Senior Solutions Architect markc@Aviatrix.com
  • 3. In this webinar, you’ll learn more about critical use cases such as: 1. Using Terraform to spin up transit networking services in AWS 2. Profile-based secure cloud access for developers 3. VPC secure egress filtering to meet compliance including deeper dives into: • Deploying the network as code using automation tools [terraform • Addressing specific operational challenges for high availability, across multiple VPCs [HA peering, HA Egress] • Isolating environments for dev and test easily • Design pattern details and the pros and cons of each approach • Understanding the limitation of native services and how to add value and capabilities with advanced services • How to architect an Enterprise Cloud Backbone to support all your cloud use cases Webinar Brief – DevOps.com
  • 4. Aviatrix – Building the Enterprise Multi-Cloud Backbone
  • 5. Aviatrix Confidential Meet Michael… Michael is a developer. He has an idea for an application that will make use of his company’s data. An application that capitalizes upon the opportunity present in last minute cancellations of airline tickets and hotel rooms that haven’t sold yet. He gets sign off from his manager who approves a small budget for him and gives him read access to the company data lake. He designs a quick query and scoops up a few chunks of data for specific time periods and begins work on his application. All the while, he is wondering how he is going to access his application server in the cloud, so he googles ‘coolest AWS VPN solution ever’ and AVX is the top result. Quickly, he learns that he can deploy the entire solution as code after laying the groundwork for a few needed components in AWS. So he decides to go that route, and off he goes!
  • 6. Aviatrix Confidential Installing Terraform + AVX provider In case you are new to Terraform…. Install Terraform NinjaMac:~ brew install terraform Install Go NinjaMac:~ brew install go Set the Go path: NinjaMac:~ ( ~/.bash_profile) export GOPATH=$HOME/go Clone the Provider Repo and build it NinjaMac:~ git clone https://github.com/AviatrixSystems/terraform-provider-aviatrix $ cd $GOPATH/src/github.com/terraform-providers/terraform-provider-aviatrix $ make fmt $ make build Create Terraform Configuration file with a provider entry for AVX NinjaMac:~ touch ~/.terraformrc providers { "aviatrix" = "$GOPATH/bin/terraform-provider-aviatrix" } https://docs.aviatrix.com/HowTos/tf_aviatrix_howto.html
  • 7. Aviatrix Confidential Launch the Controller To get the controller launched, you need: • A centrally located VPC, usually Shared Services in a Prod, or Non-Prod account • A public subnet • An available EIP Two ways you can launch it: § Script Only https://github.com/AviatrixSystems/terraform-modules § AWS Markplace AMI
  • 8. After Michael launches the controller and gets the AVX provider configured, he begins building his VPN Endpoint with Terraform provider "aviatrix" { controller_ip = ”XXX.XXX.XXX.XXX" username = "admin" password = “Open-Sesame” resource "aviatrix_gateway" "AVX-VPN-GW" { account_name = "MarksDemoAccount" cloud_type = 1 gw_name = "AVX-VPN-GW" vpc_id = "vpc-045d528779bd37a10" vpc_reg = "us-west-2" vpc_size = "t2.small" vpc_net = "10.21.150.0/24" vpn_access ="yes" vpn_cidr ="192.168.43.0/24" } <<aviatrix>> User VPN service + AWS cloud Seattle office AVX Controller VPC AVX User VPN Gateway
  • 9. resource "aviatrix_gateway" "AVX-VPN-GW" { account_name = "MichaelsDemoAccount" cloud_type = 1 gw_name = ”Michaels-VPN-GW" vpc_id = "vpc-045d528779bd37a10" vpc_reg = "us-west-2" vpc_size = "t2.small" vpc_net = "10.21.150.0/24" vpn_access ="yes" vpn_cidr ="192.168.43.0/24" } <<aviatrix>> resource "aviatrix_vpn_user" "terraform_vpn_user" { vpc_id = "vpc-045d528779bd37a10" gw_name = "AVX-VPN-GW" user_name = "mark1" user_email = "superman@aviatrix.com" } <<aviatrix gateway AVX-VPN-GW>> User VPN service + AWS cloud Seattle office AVX Controller VPC AVX User VPN Gateway Now that he has the Controller up and running, he begins moving through the contents of the terraform provider and collects the required script syntax for deploying a VPN endpoint.
  • 10. <<aviatrix>> resource "aviatrix_vpn_user" "terraform_vpn_user" { vpc_id = "vpc-045d528779bd37a10" gw_name = ”Michaels-VPN-GW" user_name = ”Michael-1" user_email = ”Michael.Baxter@SomeTravelCompany.com" } <<aviatrix gateway AVX-VPN-GW>> resource "aviatrix_vpn_profile" "test_profile1" { name = "Terraform_Profile" base_rule = "allow_all" users = ["mark1"] policy = [ { action = "deny" proto = "tcp" port = "443" target = "10.0.0.0/32" }, { action = "deny" proto = "tcp" port = "443" target = "10.0.0.1/32" } <<aviatrix vpn user terraform vpn user>> User VPN service + AWS cloud Seattle office AVX Controller VPC AVX User VPN Gateway Now that he has the Controller up and running, he begins moving through the contents of the terraform provider and collects the required script syntax for deploying a VPN endpoint.
  • 11. provider "aviatrix" { controller_ip = ”XXX.XXX.XXX.XXX" username = "admin" password = “Open-Sesame” resource "aviatrix_gateway" "AVX-VPN-GW" { account_name = "MarksDemoAccount" cloud_type = 1 gw_name = "AVX-VPN-GW" vpc_id = "vpc-045d528779bd37a10" vpc_reg = "us-west-2" vpc_size = "t2.small" vpc_net = "10.21.150.0/24" vpn_access ="yes" vpn_cidr ="192.168.43.0/24" } <<aviatrix>> resource "aviatrix_vpn_user" "terraform_vpn_user" { vpc_id = "vpc-045d528779bd37a10" gw_name = "AVX-VPN-GW" user_name = "mark1" user_email = "superman@aviatrix.com" } <<aviatrix gateway AVX-VPN-GW>> resource "aviatrix_vpn_profile" "test_profile1" { name = "Terraform_Profile" base_rule = "allow_all" users = [”Michael-1"] policy = [ { action = "deny" proto = "tcp" port = "443" target = "10.1.0.0/24" }, { action = "deny" proto = "tcp" port = "443" target = "10.2.0.168/32" } ] } <<aviatrix vpn user terraform vpn user>> User VPN service + AWS cloud Seattle office AVX Controller VPC AVX User VPN Gateway Now that he has the Controller up and running, he begins moving through the contents of the terraform provider and collects the required script syntax for deploying a VPN endpoint.
  • 12. A close up look at the way the AVX VPN endpoint enables profile based access – what is the profile, how does it work? resource "aviatrix_vpn_profile" "test_profile1" { name = "Terraform_Profile" base_rule = "allow_all" users = [”Michael-1"] policy = [ { action = "deny" proto = "tcp" port = "443" target = "10.1.0.0/24" }, { action = "deny" proto = "tcp" port = "443" target = "10.2.0.168/32" } ] } + AWS cloud Seattle office AVX Controller VPC AVX User VPN Gateway User VPN service
  • 13. Integrates VPN access and VPC peering from a central console Access Control based upon policies + AWS cloud AVX Controller VPC AVX User VPN Gateway NLB VNet Azure cloud GCP cloud VPC Seattle office Partner EmployeeContractor Duo Okta Active Directory SAML Client MFA Authentication Authorization User VPN service
  • 14. + AWS cloud Seattle office AVX Controller VPC AVX User VPN Gateway Transit Michaels App is a Killer App !
  • 15. + AWS cloud Seattle office AVX Controller AVX User VPN Gateway Transit Michaels App is a Killer App ! resource "aviatrix_transit_vpc" ”transit_gw_1" { cloud_type = 1 account_name = " MichaelsDemoAccount" gw_name = "transit-vpc-gw" vpc_id = "vpc-abcd1234" vpc_reg = "us-east-1" vpc_size = "t2.micro" subnet = "10.1.0.0/24" ha_subnet = "10.2.0.0/24" tag_list = [ "name:value", "name1:value1", "name2:value2” ] } Transit VPC
  • 16. © 2017 AVIATRIX SYSTEMS, INC. | 16 Aviatrix Confidential + AWS cloud Seattle office AVX Controller Transit VPC AVX User VPN Gateway Transit Interconnect them with AWS peering – Feature 2 Feature 3Feature 1 AWS peering resource "aws_vpc_peering_connection" ”feat_1" { peer_owner_id = "${var.peer_owner_id}" peer_vpc_id = "${aws_vpc.bar.id}" vpc_id = "${aws_vpc.foo.id}" }
  • 17. © 2017 AVIATRIX SYSTEMS, INC. | 17 Aviatrix Confidential + AWS cloud Seattle office AVX Controller Transit VPC AVX User VPN Gateway Transit Base Hybrid Cloud Architecure Feature 2 Feature 3Feature 1 AWS peering AVX Encrypted peering
  • 18. © 2017 AVIATRIX SYSTEMS, INC. | 18 Aviatrix Confidential + AWS cloud Seattle office AVX Controller Transit VPC AVX User VPN Gateway Transit Base Hybrid Cloud Architecure Feature 2 Feature 3Feature 1 AWS peering AVX Encrypted peering Seattle data center Site2Cloud connection
  • 19. © 2017 AVIATRIX SYSTEMS, INC. | 19 Aviatrix Confidential + AWS cloud Seattle office AVX Controller Transit VPC AVX User VPN Gateway Transit Add additional User_VPN access Feature 2 Feature 3Feature 1 AWS peering AVX Encrypted peering Seattle data center Site2Cloud connection resource "aviatrix_vpn_profile" ”Avengers_Prof" { name = "Terraform_Profile" base_rule = ”deny_all" users = [”Iron_Man, Dr-Strange, Capt-A"] policy = [ { action = ”Allow" proto = "tcp" port = "443" target = "10.3.0.0/24" }, { action = ”Allow" proto = ”ssh" port = ”22" target = "10.3.0.0/24" } ] }
  • 20. © 2017 AVIATRIX SYSTEMS, INC. | 20 Aviatrix Confidential + AWS cloud Seattle office AVX Controller Transit VPC AVX User VPN Gateway VPC Count Grows… Teams break up their environments into Dev/Stage/Prod Cloud Management Overhead begins to increase Strategic Planning for Long Term Success tell us to think simple about something big. Feature 2 Feature 3Feature 1 AWS peering AVX Encrypted peering Seattle data center Site2Cloud connection Feature 3Feature 2Feature 1 Feature 2 Feature 3
  • 21. © 2017 AVIATRIX SYSTEMS, INC. | 21 Aviatrix Confidential + AWS cloud Seattle office AVX Controller Edge VPC AVX User VPN Gateway Implementing the Transit Gateway Implementing the Hybrid Transit Model with the TGW and the Edge VPC Feature 2 Feature 3Feature 1 TGW Attachments AVX Encrypted peering Seattle data center Site2Cloud connection Feature 3 Feature 2Feature 1 DEV STAGE PROD Feature 2 DEV STAGE PROD Shared Services Security SumoLogic PCI + PII Azure Cloud GCP Coud AWS Transit Gateway
  • 22. © 2017 AVIATRIX SYSTEMS, INC. | 22 Aviatrix Confidential + AWS cloud AVX Controller Edge VPC Security Groups / Connection Policies resource "aviatrix_aws_tgw" ”Michaels_aws_TGW" { tgw_name = ”US-EAST-1-TGW" account_name = ”MichaelsDemoAccount" region = "us-east-1” aws_side_as_number = "64512" security_domains = [ { security_domain_name = "Aviatrix_Edge_Domain" connected_domains = ["Default_Domain", "Shared_Service_Domain”] }, { security_domain_name = "Default_Domain" connected_domains = ["Aviatrix_Edge_Domain", "Shared_Service_Domain"] attached_vpc = [] }, { security_domain_name = "Shared_Service_Domain" connected_domains = ["Aviatrix_Edge_Domain", "Default_Domain"] attached_vpc = [ { vpc_region = "us-east-1" vpc_account_name = ”MichaelsDemoAccount" vpc_id = "vpc-abcd1234” }, ] }, ] attached_aviatrix_transit_gateway = [" transit-vpc-gw"] } Feature 2Feature 1 TGW Attachments Feature 2Feature 1 DEV STAGE PROD Feature 2 DEV STAGE PROD Shared Services Security SumoLogic Security Domain: Feature 1 Team Security Domain: Feature 2 Team Security Domain: Shared Services Security Domain: Edge VPC Connected: Feature 1 Team Feature 2 Team Shared Services Not Connected: Aviatrix Edge AWS Transit Gateway
  • 23. © 2017 AVIATRIX SYSTEMS, INC. | 23 Aviatrix Confidential + AWS cloud AVX Controller Egress Security resource "aviatrix_fqdn" "fqdn_1" { gw_list = [ "Egress-NAT-gateway" ] fqdn_mode = "white" fqdn_status = "enabled" fqdn_tag = "Google_Policy" domain_names = [ { proto = "tcp" fqdn = "*.google.com" port = "443" }, { proto = "tcp" fqdn = "*.gstatic.com" port = "443" }, { proto = "tcp" fqdn = "*.yahoo.com" port = "443" }, { proto = "tcp" fqdn = "172.217.6.45" port = "443" }, ] } TGW Attachments Feature 2 Feature 3 Feature 1 Distributed AWS Transit Gateway
  • 24. © 2017 AVIATRIX SYSTEMS, INC. | 24 Aviatrix Confidential + AWS cloud AVX Controller Egress Security TGW Attachments Feature 2 Feature 3 Feature 1 Centralized AWS Transit Gateway resource "aviatrix_fqdn" "fqdn_1" { gw_list = [ "Egress-NAT-gateway" ] fqdn_mode = "white" fqdn_status = "enabled" fqdn_tag = "Google_Policy" domain_names = [ { proto = "tcp" fqdn = "*.google.com" port = "443" }, { proto = "tcp" fqdn = "*.gstatic.com" port = "443" }, { proto = "tcp" fqdn = "*.yahoo.com" port = "443" }, { proto = "tcp" fqdn = "172.217.6.45" port = "443" }, ] }
  • 26. Aviatrix – Building the Enterprise Multi-Cloud Backbone
  • 27.
  • 28.
  • 29. © 2017 AVIATRIX SYSTEMS, INC. | 29 Aviatrix Confidential
  • 30. © 2017 AVIATRIX SYSTEMS, INC. | 30 Aviatrix Confidential
  • 31. © 2017 AVIATRIX SYSTEMS, INC. | 31 Aviatrix Confidential + AWS cloud Seattle office AVX Controller Edge VPC AVX User VPN Gateway High Availability Feature 2 Feature 3Feature 1 TGW Attachments AVX Encrypted peering Seattle data center Site2Cloud connection Feature 3 Feature 2Feature 1 DEV STAGE PROD Feature 2 DEV STAGE PROD Shared Services Security SumoLogic PCI + PII Azure Cloud GCP Coud Aviatrix HA Answers Article AWS Transit Gateway resource "aviatrix_spoke_vpc" ”feat3_spoke" { cloud_type = 1 account_name = ”Michaels" gw_name = "myspoke" vpc_id = "vpc-defg3456" vpc_reg = "us-east-1" vpc_size = "t2.micro" subnet = "10.20.0.0/24" ha_subnet = "10.20.1.0/24" transit_gw = " transit-vpc-gw" tag_list = [ "name:value", "name1:value1", "name2:value2” ] }
  • 32. © 2017 AVIATRIX SYSTEMS, INC. | 32 Aviatrix Confidential + AWS cloud Seattle office AVX Controller Transit VPC AVX User VPN Gateway Transit Create data center connection through VGW – Site2Cloud [AWS terraform – Create VGW Site2Cloud connection Feature 3Feature 2 AWS peering AVX Encrypted peering Seattle data center Site2Cloud connection Feature 1 Feature 2 Feature 3
  • 33. © 2017 AVIATRIX SYSTEMS, INC. | 33 Aviatrix Confidential + Egress Security Interconnect them with AWS peering – resource "aws_vpc_peering_connection" "foo" { peer_owner_id = "${var.peer_owner_id}" peer_vpc_id = "${aws_vpc.bar.id}" vpc_id = "${aws_vpc.foo.id}" }
  • 34. © 2017 AVIATRIX SYSTEMS, INC. | 34 Aviatrix Confidential + AWS cloud Seattle office AVX Controller Shared Services AVX User VPN Gateway Transit resource "aviatrix_transit_vpc" "test_transit_gw" { cloud_type = 1 account_name = "devops" gw_name = "transit" vpc_id = "vpc-abcd1234" vpc_reg = "us- east-1" vpc_size = "t2.micro" subnet = "10.1.0.0/24" ha_subnet = "10.1.0.0/24" tag_list = ["name:value", "name1:value1", "name2:value2"] } Feature 2 Feature 3Feature 1 Seattle data center AWS peering Site2Cloud connection
  • 35. © 2017 AVIATRIX SYSTEMS, INC. | 35 Aviatrix Confidential + AWS cloud Seattle office AVX Controller Shared Services AVX User VPN Gateway Transit Needs Grow resource "aviatrix_transit_vpc" "test_transit_gw" { cloud_type = 1 account_name = "devops" gw_name = "transit" vpc_id = "vpc-abcd1234" vpc_reg = "us- east-1" vpc_size = "t2.micro" subnet = "10.1.0.0/24" ha_subnet = "10.1.0.0/24" tag_list = ["name:value", "name1:value1", "name2:value2"] } Feature 2 Feature 3Feature 1 Seattle data center AWS peering Site2Cloud connection
  • 36. Shared Services Seattle – Office Aviatrix Controller Aviatrix User_VPN Gateway Feature 2Feature 1 Feature 3 Seattle Data Center + AWS Peering Terraform Adding VPCs Peering those VPCs Modifying the VPN users and profiles script for the new dev teams Creating the site2cloud connection from the gateway to the datacenter Transit Begins Site2Cloud Connection
  • 37. AWS Cloud Seattle – Office Aviatrix Controller Aviatrix User_VPN Gateway Seattle Data Center + AWS Peering Complexity suffers a massive increase Site2Cloud Connection Transit Complexity Grows Feature 3Feature 2Feature 1
  • 38. Shared Services AWS Cloud Seattle – Office Aviatrix Controller Aviatrix User_VPN Gateway Seattle Data Center + AWS Peering Complexity suffers a massive increase Site2Cloud Connection Transit Complexity Grows Feature 3Feature 2Feature 1
  • 39. Shared Services AWS Cloud Seattle – Office Aviatrix Controller Aviatrix User_VPN Gateway Seattle Data Center + AWS Peering Basic Routing Constructs Give Way to the AWS Transit Gateway Site2Cloud Connection Transit Complexity Grows Feature 3Feature 2Feature 1
  • 40. Shared Services AWS Cloud Seattle – Office Aviatrix Controller Aviatrix User_VPN Gateway Seattle Data Center + AWS Peering Basic Routing Constructs Give Way to the AWS Transit Gateway Direct Connect Transit Complexity Grows Feature 3Feature 2Feature 1
  • 41. Shared Services AWS Cloud Seattle – Office Aviatrix Controller Aviatrix User_VPN Gateway Seattle Data Center + AWS Peering Basic Routing Constructs Give Way to the AWS Transit Gateway Direct Connect Transit Complexity Solved Feature 3Feature 2Feature 1
  • 42. + Egress Security • Distributed Egress • Centralized Egress • Hypergress Model Egress Security Feature 3 Feature 2 Feature 1 • Egress Security is in place to give your development and production servers access to the internet in a controlled, policy driven manner that builds on the NAT gateway concept but offers rules based off of FQDNs as opposed to IP addresses • There are several different operational models that you can use to deploy our Egress Filtering Gateways from an operational perspective – Distributed is one gateway per VPC, giving each of the private subnets in that VPC an automatic route to the ENI of the Egress Gateway
  • 43. + Egress Security • Distributed Egress • Centralized Egress • Hypergress Model Egress Security • Egress Security is in place to give your development and production servers access to the internet in a controlled, policy driven manner that builds on the NAT gateway concept but offers rules based off of FQDNs as opposed to IP addresses • There are several different operational models that you can use to deploy our Egress Filtering Gateways from an operational perspective – Distributed is one gateway per VPC, giving each of the private subnets in that VPC an automatic route to the ENI of the Egress Gateway
  • 44. AWS Cloud Seattle – Office Aviatrix Controller Aviatrix User_VPN Gateway Feature 2Feature 1 Feature 3 Seattle Data Center + AWS Peering Complexity suffers a massive increase Site2Cloud Connection Transit Begins
  • 46. The necessity of Transit evolves… AWS Cloud Seattle – Office Aviatrix User_VPN Gateway AVX Encrypted Peering Feature 2Feature 1 Feature 3 Change structure in first transition slide: 1. Transit? 2. More User VPN configs? 3. Site2Cloud connection to on-prem Michael now needs to create a few VPCs in his account and give the other teams access to them such they can begin development on the new features for his app. He will also need to provide VPN access to those teams such that they can login to their respective workspaces and be able to commit their code to his production server while following the encryption mandate.
  • 47. Enabling HA AWS Cloud Seattle – Office Aviatrix User_VPN Gateway AVX Encrypted Peering Feature 2Feature 1 Feature 3 HA story 1. How it came about – someone from the cloud infra team 2. What he needed to do to modify his template to enable HA 3. The differences between the HA in the different components 4. The expected failover behavior model The scripts that we are adding to the
  • 48. Transit Continues to evolve…. AWS Cloud Seattle – Office Aviatrix User_VPN Gateway AVX Encrypted Peering Feature 2Feature 1 Feature 3 Story of how Michaels transit solution evolves into a TGW based transit solution More VPCs, security domains, etc.
  • 49. Egress Filtering Part AWS Cloud Seattle – Office Aviatrix User_VPN Gateway AVX Encrypted Peering Feature 2Feature 1 Feature 3 Story of how Michaels transit solution evolves into a TGW based transit solution More VPCs, security domains, etc.
  • 50. App/Web VPC Bank 1 Application Component Subnets Aviatrix Controller AWS Peering VPC 1 Bank 2 Bank N The Summit Group AVX Implementation 10.0.0.0/16 • Discreet Site2Cloud VPN Connections can be created from within the App/Web VPC Gateways • A Mapped S2C Connection with SNAT/DNAT will need to be employed to manage the overlapping CIDR ranges ( More details will be needed for final configuration ) • No intermediary Transit VPC or Gateways are needed between the App/Web VPC and the banking locations. • Prescriptive guidance can be found in the listed articles: • https://docs.aviatrix.com/HowTos/s2c_o verlapping_subnets.html • https://www.aviatrix.com/answers/how- do-i-resolve-conflicts-with-data-center- ip-and-public-cloud-ip-address-ranges- using-aviatrix/ • https://www.aviatrix.com/answers/how- to-test-aviatrix-transit-vpc-for-aws- without-requiring-a-connection-to-your- data-center/
  • 51. RajTestVPC TGW N Virginia TGW Egress Gateway VPC 1 VPC 1 VPC ISS_Sandbox Account 3 Account 2 Account 4 Your egress gateways
  • 52. Proposed Solution - Aviatrix Software-Defined Cloud Router 1. Advanced Mode Transit Gateway • Support transitive routing from on-prem to AWS environment • Segmentation through Zero-trust architecture by design. Spoke VPCs cannot talk with each other through the transit. • Support a fully encrypted network in the hub and spoke architecture 1. Insane Mode: • Integrated into the Transit Network to provide 10Gbps performance between On-Premises and Transit VPC with encryption • Encryption over Direct Connect • For Transit VPC Peerings (VPC to VPC), Insane mode can achieve 20Gbps • Overcome VGW performance limits and 100 route limit 2. Transit DMZ: • Transit VPC running in Transit DMZ Mode to enable scalable cloud firewall deployment for Ingress/Egress inspection. Security and Networking functions decoupled to allow independent scalability. 3. Automation performed through Terraform: • Aviatrix Controller and Gateways can be automated through the use Terraform.
  • 53. WIZARDS OF THE COAST – AWS Multi-Region VPC 1 Transit VPC (Aviatrix Edge) On-Premise US-WEST-1 Region VPC 2 AWS Transit Gateway VPC N VPC 1 Transit VPC (Aviatrix Edge) On-Premise VPC 2 AWS Transit Gateway VPC 3 US-EAST-1 Region Backup VPN Backup VPN Aviatrix Controller Shared Services VPC Build list 1 egress filters 1 tgw attachments 1 region
  • 54. Potential Capabilities 1. Egress Filtering • Replace AWS NAT Gateway with policy based NAT Gateway. Aviatrix goes beyond IP-based filtering to include FQDN filtering across TCP and UDP traffic including HTTP, HTTPS and SFTP traffic. 2. User VPN • Aviatrix provides a cloud native and feature rich client VPN solution. The solution is based on OpenVPN® and is compatible with all OpenVPN® clients. In addition, Aviatrix provides its own client that supports SAML authentication directly from the client. • The Aviatrix VPN solution is the only VPN solution that provides SAML authentication from the client itself. The solution is built on OpenVPN. The Aviatrix VPN Client provides a seamless user experience when authenticating a VPN user through a SAML IDP. The client also supports password based authentication methods as well.
  • 55. Documentation and Guides: 1. Advanced Mode Transit Gateway 2. Transit Gateway Peering 3. Insane Mode • High Performance Transit Network - Insane Mode • Insane Mode Encryption Performance • 10Gbps Transit VPC Design 4. Transit DMZ and Workflow 5. Terraform: 1. Requirements 2. Tutorial 3. Export tgw