IT organizations have consistently overlooked one risk category that has haunted their cloud projects and agility aspirations: Operational connectivity to your cloud provider. An analyst put it this way: “Cloud providers built a beautiful highway, but left the on-ramps for the drivers to figure out.”
Amid all the excitement around Cloud-powered scalability, Network Engineers are still responsible for operating this organically growing animal that started off as a small pet (project).
Have you noticed that while cloud is all about infrastructure agility, the networking to the cloud is static and not agile at all. This means while it takes minutes to provision compute and storage in a VPC (virtual private cloud), it can take months to network to the same VPC. This is an impedance mismatch and often leads to performance issue, architectural challenges, slowdown in cloud projects and overall poor experience for hybrid cloud networking.
At a recent customer trial at a large beverage vendor, one of the cloud network architects who was kicking the tires of the Aviatix Hybrid Cloud Networking solution was over joyed when he could connect their AWS VPCs to their Google Project with a click of a button!
His reaction — Aa-ha.. and then Wow!
Welcome to next generation multi-cloud networking! Point, Click and Connect!
If your job is to build infrastructure for a gaming company, your priority is to keep the games up and running with great performance — making sure all event logs are properly setup, those logs are forwarded for analytics, and using scripting tools to manage new games as well as new software releases. And as such, networking in the cloud may be the last thing on your mind, indeed, cloud networking should become a substrate that you don’t have to worry about so you may focus your time on the real stuff, the games.
Where would you start? How do you build a cloud network for gaming? What is a good network architecture?
If you’ve ever deployed AWS Direct Connect or are in the process of deploying it, you know that it is a long and arduous process. It can take weeks if not months before you can send even one bit from your enterprise network to your network in AWS. In addition to time, there is also the added overhead of hardware, networking ninjas, and cost that makes AWS Direct Connect beyond reach for most companies. But before we dive into this dilemma, why do people want AWS Direct Connect?
The definition of hybrid cloud typically involves attaching a part of an enterprise network to the cloud or vice versa. AWS Direct Connect is the ultimate hammer to a hybrid cloud problem, but you don’t always need a hammer for all hybrid cloud problems. There are easier and quicker ways to build a hybrid cloud.
Aviatrix’s hybrid cloud solution is 100% software and deploys in minutes. The solution looks like this…
Applications are being built, deployed and managed differently these days. Enterprises are adopting microservices architecture where a big monolithic service is broken into smaller and single task services with REST APIs and messaging services connecting them in a loosely coupled fashion. Such methodology fuels the growth of the number of applications serving employees and customers, a lot of them are simply standalone applications. Granting access control to who can access what information becomes an important IT/Ops task.
If you use a bastion station to access instances in a VPC, you should be very weary of the private key management. The bastion station, itself an AWS or Azure instance, has a private key that cannot be changed once the instance is created. Moreover, this private key is shared by all users and any user who logs in into the bastion station has “sudo” power, that is, root privilege. If an employee leaves the company, the employee still has access to the bastion station! Changing the private key amounts to building a new bastion station and distributing the private key again. There needs to be a security perimeter at the user level to allow or deny access to your cloud resource at any given time, rather than relying on a private key. Furthermore, using a bastion station does not allow non-developers to access private applications in the cloud.
Deploying a VPN server instead of a bastion station is the first step to build a real security perimeter. It is a must have from security standpoint.
We are proud to announce that Aviatrix Cloud Gateway now supports GCP, in addition to AWS and Azure. Last week we attended GCP Next 16. It was a great show for us as over 200 visitors came to our booth and learned first hand what Aviatrix Cloud Native working is all about. Aviatrix Cloud Native networking provides simplified scalability, connectivity to any cloud architecture and end to end network security.
Sounds fancy and what’s in it for me, you may wonder.