Blog

Can You Stretch On-Prem VLAN to AWS/Azure?

sunil
By Sunil Kishen
Vice President of Sales and Partnership, Aviatrix
March 11, 2017

In the datacenter, a VLAN can cross physical switches and form a logical L2 domain. Machines, VMs or hosts on this VLAN can communicate with each other irrespective of its physical location with private IP addresses. All is secure.

The question is: Can you stretch this VLAN to AWS or Azure?




Alternative to AWS Direct Connect

sherry
By Sherry Wei
Founder and CTO, Aviatrix
February 9, 2017

If you’ve ever deployed AWS Direct Connect or are in the process of deploying it, you know that it is a long and arduous process. It can take weeks if not months before you can send even one bit from your enterprise network to your network in AWS. In addition to time, there is also the added overhead of hardware, networking ninjas, and cost that makes AWS Direct Connect beyond reach for most companies. But before we dive into this dilemma, why do people want AWS Direct Connect?




Hybrid Cloud Unleashed

sunil
By Sunil Kishen
Vice President of Sales and Partnership, Aviatrix
January 11, 2017

The definition of hybrid cloud typically involves attaching a part of an enterprise network to the cloud or vice versa. AWS Direct Connect is the ultimate hammer to a hybrid cloud problem, but you don’t always need a hammer for all hybrid cloud problems. There are easier and quicker ways to build a hybrid cloud.

Aviatrix’s hybrid cloud solution is 100% software and deploys in minutes. The solution looks like this…




Use Aviatrix to Control Accessing Microservices in the Cloud

sherry
By Sherry Wei
Founder and CTO, Aviatrix
October 23, 2016

Applications are being built, deployed and managed differently these days. Enterprises are adopting microservices architecture where a big monolithic service is broken into smaller and single task services with REST APIs and messaging services connecting them in a loosely coupled fashion. Such methodology fuels the growth of the number of applications serving employees and customers, a lot of them are simply standalone applications. Granting access control to who can access what information becomes an important IT/Ops task.




Bastion Station Weary

sherry
By Sherry Wei
Founder and CTO, Aviatrix
July 23, 2016

If you use a bastion station to access instances in a VPC, you should be very weary of the private key management. The bastion station, itself an AWS or Azure instance, has a private key that cannot be changed once the instance is created. Moreover, this private key is shared by all users and any user who logs in into the bastion station has “sudo” power, that is, root privilege. If an employee leaves the company, the employee still has access to the bastion station! Changing the private key amounts to building a new bastion station and distributing the private key again. There needs to be a security perimeter at the user level to allow or deny access to your cloud resource at any given time, rather than relying on a private key. Furthermore, using a bastion station does not allow non-developers to access private applications in the cloud.

Deploying a VPN server instead of a bastion station is the first step to build a real security perimeter. It is a must have from security standpoint.