
Enterprise cloud networks are increasing in size and complexity in and across cloud service providers, locations, and teams. In these complex environments, maintaining network visibility and control is critical. Setting consistent security policies across a vast matrix of accounts, safeguarding a sprawling network with a huge attack surface, and connecting edge locations to the cloud is a monumental task for networking teams.
The latest updates to the Aviatrix platform offer cutting-edge features and enhancements to simplify and secure network management, giving networking teams deeper visibility and increased control. These features empower you to simplify Day 2 operations: organizing resources with Kubernetes SmartGroups, extending the security of Distributed Cloud Firewall SmartGroups to non-HTTP/TLS traffic, and promoting edge connectivity with Aviatrix Edge as Transit now in general availability.
This newest release equips you to manage a sprawling cloud network effectively and efficiently, increasing security, performance, and flexibility.
1. Kubernetes SmartGroups (Preview): Expanding Aviatrix Networking for Dynamic Workloads
SmartGroups are a groundbreaking addition to Aviatrix, enabling users to dynamically group resources by meaningful identifiers for both traditional and Kubernetes workloads. In traditional networking, SmartGroups provide a new way to organize and control resources beyond static IPs, VPCs, and subnets. But Kubernetes introduces unique challenges—clusters recycle IP addresses rapidly and bypass conventional subnet usage, limiting granularity. This new release bridges the gap by extending SmartGroups to Kubernetes environments, allowing users to fully harness Aviatrix’s networking power while respecting Kubernetes-specific attributes.
With Kubernetes SmartGroups, you can now filter and group pods by namespaces, services, or wildcard patterns, enabling granular policies that align with Kubernetes’ dynamic nature. This means security engineers and network administrators can leverage the same robust SmartGroup capabilities introduced for traditional workloads—now tailored for Kubernetes.
Whether it’s managing microservices within a namespace or applying DCF policies to specific pods, SmartGroups bring consistency, flexibility, and control to your multicloud strategy.
What Does This Mean for You?
This release marks a major leap forward for Aviatrix users. SmartGroups, both for traditional and Kubernetes workloads, enable unprecedented levels of customization and control. Define policies at the pod level, dynamically manage resources across clusters and namespaces, and integrate seamlessly into Aviatrix’s security and observability features, all while staying aligned with Kubernetes’ unique structure.
Whether you’re adopting SmartGroups for traditional workloads or taking advantage of their new Kubernetes capabilities, this feature ensures your networking strategy is as agile as the environments you manage.
2. Extending DCF SmartGroups to Non-HTTP/TLS Traffic (Preview): Filling in a Missing Piece
Managing network security often requires control over a wide range of traffic types, from web-based communication to protocols like FTP, SSH, and database connections. Until now, Aviatrix’s WebGroups have provided robust support for managing domain and URL-based traffic with TLS decryption. However, non-HTTP/TLS traffic was a missing piece, forcing customers to rely on legacy FQDN filtering for such use cases. The new SmartGroups Hostname Lookup feature addresses this gap by enabling DNS-based hostname resolution for non-HTTP and non-TLS traffic on Aviatrix Gateways.
This release empowers administrators to create hostname-based SmartGroups that dynamically resolve through DNS, extending the power of DCF (Aviatrix Distributed Cloud Firewall) policies to protocols beyond web traffic.
For example, blocking SSH traffic to a specific server like baddomain.com becomes as straightforward as defining the hostname in a SmartGroup and setting up a DCF rule with the desired action. Customers can even choose their preferred DNS server for hostname resolution, adding flexibility while keeping enforcement seamless.
What Does This Mean for You?
With SmartGroups supporting hostname lookup, you can now manage traffic for non-web services just as effectively as you do for HTTP and TLS traffic. Whether you need to secure database connections, FTP transfers, or SSH sessions, this feature enables precise, hostname-based control. By dynamically resolving hostnames at the gateway level, policies stay accurate even as DNS mappings change—helping you migrate from legacy FQDN filtering to Aviatrix’s modern DCF capabilities with confidence.
This innovation brings Aviatrix closer to a unified and comprehensive approach to traffic management, ensuring you can enforce policies across all protocol types without compromise. Start leveraging SmartGroups Hostname Lookup today to simplify your security policies and strengthen your control over network traffic.
Learn more about how our Cloud Perimeter Security solution can protect your network.
3. Aviatrix Edge as Transit: Now Generally Available for Private DC and Equinix Deployments
We’re excited to announce that the Edge as Transit capability for Private Data Centers (DCs) and Equinix is now generally available! Previously offered as a preview feature, this powerful solution empowers enterprises to leverage Aviatrix Edge for seamless, high-performance connectivity across their cloud service providers (CSPs), private data centers, and partner ecosystems via Equinix middle-mile provider.
This feature enables customers to use Equinix’s metro-to-metro links and underlay fabric for cost-effective, high-speed, and reliable connectivity.
By avoiding the expense of traditional MPLS circuits and CSP egress fees, enterprises can now take advantage of private circuits to reduce costs, improve SLAs, and scale bandwidth from 1G to 100G as needed. Whether connecting CSPs across regions, linking on-prem data centers, or enabling partner and SD-WAN terminations, Edge as Transit ensures flexibility and efficiency.
Why This Matters
Organizations are increasingly using middle-mile providers like Equinix as exchange points to connect their on-prem systems, CSPs, and partners while optimizing for cost and performance. With Aviatrix Edge as Transit, customers can now:
- Establish transit peering between edges across Equinix fabric.
- Connect to edge spokes in CSPs, DCs, or Equinix environments.
- Enable centralized firewall inspection for B2B and DC traffic.
- Avoid “tromboning” via CSP transits by leveraging Equinix as a direct backbone.
From reducing cross-region CSP costs to supporting high-performance encryption for secure B2B connections, this feature unlocks significant technical and cost-saving opportunities.
Learn more about how our Secure High-Performance Datacenter Edge solution unlocks hybrid cloud connectivity.
What Does This Mean For You?
With Edge as Transit, you can securely connect your global data centers, CSP regions, and partners with a private, high-performance underlay, unlocking the following capabilities:
- Create cost-efficient cross-CSP connections using Equinix’s colo fabric.
- Establish secure B2B partnerships with SD-WAN terminations at Equinix.
- Centralize firewall services to inspect and secure all egress traffic.
- Seamlessly link on-prem data centers via Equinix without hairpinning through CSP-hosted transits.
Aviatrix Edge as Transit is the next step in delivering the flexibility, scalability, and performance that modern enterprises need. Start leveraging this capability today to simplify your connectivity strategy and transform how you connect your cloud, data center, and partner ecosystems.
Curious about how Aviatrix helps you tackle networking challenges?