The MultiCloud deployment start to be more common in several enterprises, with this advent some aspects can quickly became more challenge.
Actually Cloud Service Providers architect and deploy their network and services using different aspects , particulars constructs and some similarities.
Now let’s introduce how this can be handle using a technology player called Aviatrix.
Bellow some interesting scenarios that can be addressed.
Transit Perspective
Using more than one Cloud Service Provider – CSP, will introduce challenges like:
The challenges
- How provide communication from on prime, CSP1, CSP2 ?
- How provide consistent network deployment across CSP1, CSP2 and possible news
- After provide the connectivity with CSP1 and CSP2 how we can define what environments can talk with each other?
- control plane named Controller: Responsible to all lifecycle control, orchestration for all Aviatrix resources. Can be deployed in offside from the CSP that you to control. Embrace native constructs from CSP. can orchestrate the life cycle using a web interface UI or terraform.
- Data plane: Transit gateways and spoke gateways. Deployed respectively on CSP that you target to control will run routing protocols and configurations defined by the controllers.
Aviatrix Firenet
An very common requirement due internal polices, practices or even compliance reasons inspect the income traffic for all or specific environment can be achieved using an functionality called Aviatrix FireNet to create this security transit VPC and deploy an NextGeneration firewall supported by the CSP. After proper configure the NextGenFW you can select what spoke network will be inspected by this FireNet.
Also another pattern is possible to deploy another set of NextGenFW to inspect egress traffic.
Encrypted Transit
In this scenario the encryption transit peering can bring in an very quick simple form an full mesh agaisnt two gateways delivering connectivity for two cloud virtual networking using an encrypted configuration.
reference: Encrypted Aviatrix Transit
VPN Solution
Nowadays remote work is an very relevant requirement scenario to achieve this is also possible to create of use an existing NVP/vNET or VPC deploy an gateway and use the VPN2Client to authenticate use profiles using SAML or user/password or even certificate.
An very interest aspect in this deployment is the fine grant control of what some profiles are capable to access.
Creating the possibility to provide access to partner and collaborators without expose the entire deployment.
VPN Server – Server side configure VPN
VPN – Client – Client Side multiples O.S.
Troubleshooting tools
In an cloud deployment form network perspective the common tools that normally has access can be challenge to use or have the same capability to deploy at any CSP.
The model deployed by Aviatrix provides the possibility to use some of those tools provide an reach set of capabilities that we can use like ping, package capture and traceroute.
Besides this traditional tools also has available one specific tool to run connectivity diagnostics from distinct clouds embracing their constructs to check what is current block the communication even from different clouds called Flight Path.
Visualization
Similar of the Controller that is the configuration that can be sit off the account or the clout that is current controlling network, Aviatrix has an similar virtual appliance called CoPilot.
CoPilot provides an operational multi cloud vision of the network. Providing:
- Network Health Monitor Real-time cloud network resource inventory and status
- Dynamic Topology Map Accurate, multi-cloud network topology, layout control and search
- FlowIQ Detailed application traffic flow analysis, global heat map and trends
- MultiCloud Tagging Tag MultiCloud Resouces. Search by tag. Filter traffic data by tag.
- CloudRoutes Detailed searchable routing tables across cloud providers.
- Notifications Alert on resources status/utilization across distinct Cloud Service Providers
