Next-Gen Transit Network
The Problem

Secure Networking for a Growing Number of VPCs

AWS provides a native Transit Gateway service that can be used to connect Virtual Private Clouds (VPCs) in a hub-and-spoke architecture to simplify connectivity between VPCs, and from VPCs to on-premise networks. The AWS Transit Gateway — with new constructs such as route domains — represents a promising new service that will help organizations improve security, VPC segmentation and compliance initiatives.

However, the inherent flexibility can create new complexities resulting from manual updates of transit gateway route tables, enabling route table propagation, and configuring VPC route tables for every newly added VPC or policy change. A transit network is a strategic network architecture for hybrid cloud computing, it’s design should also limit lateral movement in the event of a breach and reduce the blast radius resulting from misconfigurations.

The New Standard for VPC Connectivity in AWS


Announced by AWS and Aviatrix at re:Invent 2018, a Zero Trust Architecture for VPC networks combining Aviatrix Orchestrator and AWS Transit Gateway helps to:

  • Ensure your AWS network meets VPC segmentation best practices
  • Limit lateral movement in the event of a breach
  • Minimize blast radius resulting from misconfigurations
  • Avoid project delays due to tedious, manual configuration
  • Migrate from existing vRouter-based (eg CSR) Transit VPCs
  • Move from a flat architecture to a transit architecture
 
AWS | Aviatrix | Cloud Academy
AWS | Aviatrix | Cloud Academy

AWS Networking Unpacked: What does it all mean for you?

On-Demand Webinar

This session with Aviatrix and AWS explains transit gateway in-depth – from VPC segmentation to edge consolidation.

Integrated Solution: Aws Transit Gateway + Aviatrix Orchestrator

Powerful Orchestration for AWS Transit Gateway

Developed in collaboration with AWS, the Aviatrix Orchestrator for AWS Transit Gateway automates the creation of Zero Trust Networks, or segmented groups of VPCs networks. The Controller enables cloud ops to plan Security Domains, build connected VPC networks, visualize the native Transit Gateway service, and extend it with Aviatrix Gateways where required. Best of all, it’s fully supported by Aviatrix and AWS to help you maximize network reliability and uptime.

Together, AWS Transit Gateway with Aviatrix Orchestrator provide an automated approach to evolve from a simple set of connected VPCs to a secure, zero-trust network of VPCs — a network where operations, security and network connectivity are orchestrated and automated to reduce problems resulting from human error, achieve security and compliance best practices and minimize delays due to tedious, manual configuration changes.

Operations AWS Transit Gateway with Aviatrix Orchestrator AWS Transit Gateway without Aviatrix Orchestrator
Terraform / CloudFormation Compatible Yes Yes
Transit network visualization of security and connectivity policies Yes No
Automated Workflow for step-by-step instruction of network build Yes No
Network monitoring for link status, latency and performance Yes No
Automated Alerts to notify on network limits or thresholds met Yes No
Troubleshooting via a centralized console for faster resolution Yes No
Security AWS Transit Gateway with Aviatrix Orchestrator AWS Transit Gateway without Aviatrix Orchestrator
Route Domains Yes Yes
Zero-Trust Security Domains for granular VPC Isolation Yes No
Auditable Connectivity and Security Policies Yes No
Compliance Reporting Yes No
Network Provisioning & Configuration AWS Transit Gateway with Aviatrix Orchestrator AWS Transit Gateway without Aviatrix Orchestrator
Scaleability to 1000s of VPCs Yes Yes
Edge Network Consolidation Yes Yes
IPsec VPN to On-premise Edge Router Yes Yes
50Gbps Performance Yes Yes
Multicloud Connectivity Yes No
Direct Connect Support for On Premise / Hybrid Envrionments Yes No
Dynamic VPC Route Propagation (Software Defined) Yes No
Optional Features AWS Transit Gateway with Aviatrix Orchestrator AWS Transit Gateway without Aviatrix Orchestrator
VPC Egress Filtering to control Internet bound traffic Yes No
CloudSquad™ Concierge Migration from CSR 1000v Yes No
Free Trial Yes No

Using Aviatrix to Orchestrate AWS Transit Gateway and Build VPC Segmentation

AWS Transit Gateway is a new service to connect VPCs and consolidate edge connections to on-premises networks.

How Aviatrix Orchestration Works

Using Aviatrix Orchestrator and AWS Transit Gateway, cloud engineers can build a zero-trust architecture for better security and compliance of VPC networks. Aviatrix Orchestrator abstracts VPC and TGW route tables to a simple, common framework of Security Domains and Connection Policies across the hybrid network.

Optional: Using Aviatrix Gateways for Your Transit VPC

A Complete Transit VPC Network, if you need it.

Some organizations may have unique requirements that are not met by the native AWS Transit Gateway. For these environments, the Aviatrix Next-Gen Transit VPC Network provides a tried-and-true, AWS-recommended VPC architecture for multiple accounts, regions, and on-premise sites.

An integrated Transit Wizard guides a cloud or network engineer through the build steps in less than an hour. Once built, the network is easily customized or extended to meet your organization’s requirements. And, Aviatrix can easily migrate the environment to the native AWS Transit Gateway should you need to.

Learn more about AWS Transit Gateway