Aviatrix Answers

How do I connect to partner networks from my public Cloud (AWS, Azure or GCP)?


How-To Guide
8 minute read

Enterprises have traditionally connected to their partner’s services via IPsec connections from their datacenter. When these applications move to the cloud, it helps to have a cloud-native connectivity solution to connect to partner IT services. Important considerations for partner connectivity:

  1. Easy to provision encrypted connectivity to third party devices.
  2. Ability to monitor connectivity proactively
  3. Easy to troubleshoot
  4. Method to audit connectivity (who is accessing what)
  5. Ability to update settings per connection without affecting other connections.
  6. Ability to scale connections based on bandwidth

Aviatrix addresses these requirements in a centrally managed solution. The following diagram shows a typical end-state architecture for third-party connectivity:

Here are the steps to accomplish cloud-native connectivity to 3rd parties (vendors):

  1. Deploy the Aviatrix controller from the AWS market place: http://docs.aviatrix.com/StartUpGuides/aviatrix-cloud-controller-startup-guide.html
  2. Note: You can also deploy the controller in Azure (http://docs.aviatrix.com/StartUpGuides/azure-aviatrix-cloud-controller-startup-guide.html)
  3. Log into the controller.
  4. Add your AWS and/or Azure accounts in the on-boarding page.
  5. Go to the Gateway tab in the controller UI and deploy Aviatrix gateways in the VPCs and VNETs that require connectivity to partner networks.
  6. Deploy Site-to-Site IPSec Connectivity
    1. Go to the Site2Cloud tab in the controller UI.
    2. Follow the instructions here: http://docs.aviatrix.com/HowTos/site2cloud.html
  7. Provide the configuration file to your partner network team to build their end of the IPsec VPN tunnel.

Other Operational Considerations:

  1. These connectivity tunnels are monitored by the Aviatrix controller. You can set up alerting and monitoring on these connections for proactive operations.
  2. You can log events and packet statistics to SIEM and log analytics platforms like Splunk, Sumologic, Datadog, Logstash etc.
  3. Some customers also use this connectivity to provide their developers access to instances in the partner’s network. The Aviatrix Gateways can also operate as an SSL VPN gateway. Developers can connect to the gateway via an OpenVPN client on their devices and gain secure access to the cloud instances and the partner networks.
  4. You might also want to set up gateways with High Availability (http://docs.aviatrix.com/Solutions/gateway_ha.html#deployment-guide)

Please email info@aviatrix.com with any questions you may have.