Amazon Web Services

Aviatrix for Amazon Web Services

Aviatrix provides a modern cloud networking solution purpose-built for public clouds such as AWS. Aviatrix simplifies the way you enable enterprise site to AWS cloud, users to AWS cloud and cloud to cloud secure connectivity. Aviatrix solution requires no new hardware and deploys in minutes.

Aviatrix solutions complement AWS native networking by providing these additional capabilities:

AWS Partner NetworkUnlike traditional networking devices, Aviatrix provides a centrally managed, point-and-click REST API driven solution for AWS. The Central Controller builds encrypted tunnel connections and security services by integrating with AWS infrastructure to launch gateway instances, modify AWS network routing tables, security policies and leverage other AWS native services. The result is a seamless user experience.

Aviatrix for AWS consists of two components: the Aviatrix Gateway, which is deployed on-premises or in the VPC; and the Aviatrix Cloud Controller, which provides centralized orchestration and management of one or more Gateways.

Why Customers Choose Aviatrix


Simplicity

Centrally managed, point and click solution deploys in minutes.

Highly Available

Built-in gateway redundancy supports hot standby and failover in seconds Scalable. The solution does not require a unique public IP address on the hub gateway connecting to each spoke gateway. No limits on the number of spoke VPCs can be connected to hub VPC.

Visibility

Central dashboard monitors, displays and alerts link status and link latency.

Security

Stateful firewall at the gateway to enforce security policies. OpenVPN based user access allows end to end cloud network solution.

Cost Saving

If hub and spoke VPCs are in the same region, encrypted traffic is routed over AWS peering, reducing network bandwidth cost by 10 times (as compared to AWS Transit VPC solution that goes over Internet with VGW for hub and spoke traffic).

AWS Global Transit Network with Aviatrix

Amazon Virtual Private Cloud (Amazon VPC) provides customers with the ability to create as many virtual networks as they need, as well as different options for connecting those networks to each other and to non-AWS infrastructure.

There are two common strategies for connecting multiple, geographically dispersed VPCs and remote networks: one is to implement a hub-and-spoke network topology that routes all traffic through a network transit center (a transit VPC); the other is to create a meshed network that uses individual connections between all networks.

Deploy global transit network in AWS with Aviatrix in minutes rather than days or weeks with architecture flexibility (Hub-spoke or meshed), complete automation without any need for a command-line-interface (CLI), end-to-end security over all transit links with encryption and complete visibility from a centralized managed dashboard.

Encryption on AWS Direct Connect

Aviatrix provides a unique and powerful solution to enable high performance encryption on top of an established Direct Connect link between Amazon VPCs and customer site.
GCP Encryption

With the Aviatrix solution, an encrypted IPSec tunnel is established between the Aviatrix gateway and customer’s edge network or Aviatrix Virtual Appliance over an established Direct Connect connection.

  • No additional hardware is required to encrypt traffic.
  • The central controller offers point-and-click deployment.
  • The Aviatrix Gateway interoperates with third-party IPsec-enabled routing and firewall devices.
  • Aviatrix gateways support 1:1 redundancy for high availability. The controller monitors all IPsec tunnel status. If the tunnel goes down, the controller automatically reprograms the cloud infrastructure routing table to switch to a standby gateway instance.
  • The controller provides diagnostic capabilities for troubleshooting the gateway and IPsec tunnel status.
  • Extensive logging allows administrators to have complete visibility of network traffic.

Remote Access: SSL VPN

Aviatrix Cloud Connect (ACC) enables enterprise-class secure remote access to AWS. Aviatrix SSL VPN to AWS offers global-scale, full-function remote access VPN capabilities. It enables an enterprise's employees and partners to directly connect into AWS over VPN.
AWS Remote Access

Combined with Aviatrix for AWS and inter-cloud peering, Aviatrix remote access VPN allows users to securely access their environments with a single certificate, even if they are spread across multiple VPCs, networks, and cloud providers. This capability greatly reduces user VPN management time for CloudOps.

  • Supports remote access for end users to connect to the cloud directly.
  • Supports wide range of clients: Windows, OS X, Linux, Chromebook, Android, and iOS.
  • Supports a scalable and highly available Cloud VPN solution.
    • Integrated with AWS load balancing, the solution scales to very large number of VPN gateways to serve thousands of users and bandwidth.
  • Supports multi-factor authentication: Duo, LDAP, and Okta.
  • Supports SAML authentication with Aviatrix proprietary VPN clients for Windows, OS X, and Linux.
  • Supports user-profile based access rules that allow administrators to define and enforce access privilege to any resources (network, protocols, and ports) in AWS VPC at the perimeter of the enterprise cloud network.
  • Supports the following log forwarders for remote logging: Logstash, Splunk, Sumo Logic, and rsyslog.
  • Supports split-tunnel and full-tunnel mode. Split-tunnel mode allows additional CIDRs to be pushed to client.
  • Supports modular configuration to support incremental configuration as your environment scales.
  • Supports active user dashboard and user browsing activity.
  • Requires no extra hop to access instances in different projects.
  • Supports policy-based multi-region and multi-cloud (AWS, Azure, and GCP) encrypted peering.
  • Supports multiple accounts for different business groups and projects.

Secure Inter-region Peering with AWS

Aviatrix is a next generation cloud networking solution built from the ground up for Amazon AWS. Simplify the way you inter-connect VPCs across AWS regions, connect your data center to a VPC, and connect AWS VPCs to other cloud providers. Easy to set up, fully encrypted, and peering based on policy. Based on the Aviatrix centralized controller, the solution simplifies and automates AWS inter-region peering. Get two connections for free.

Highlights include:

  • High availability with standby tunnel and automatic failover
  • Automatic discovery of VPCs
  • Configuration of routing across VPC networks; no static routes necessary
  • Policy-based routing
  • Stateful inspection for TCP port filtering

Related Resources


Deployment Guides

Documents to download, deploy and manage Aviatrix controller and gateway in Amazon Web Services.


Configuring AWS VPC Peering
PDF File, 573 KB
Configuring AWS User VPN
PDF File, 607 KB
Configuring AWS Transit VPC
PDF File, 618 KB

Walkthrough Videos

A series of videos providing step-by-step instructions on how to deploy the Aviatrix Cloud Controller in Amazon Web Services.