How can cloud app providers use Aviatrix to connect with their customers?
Learning Center | Answers | Site-to-Cloud, VPN & Network Encryption
Hosted app providers or ISV’s (for this article, we’ll refer to them collectively as Cloud Service Providers) that have traditionally deployed software in their customer’s environments/datacenters are beginning to deliver their software as a cloud hosted application offering. This trend is being driven in part by customer demand for subscription-based consumption model and, in part, to leverage the agility provided by public clouds.
This so called “Saasification” of applications often requires the cloud service provider to secure connectivity from a central VPC/VNet to 100s of their customer environments. Adding to the scale issue, the cloud service provider is also required by many customers to address security challenges in parallel with delivering the connectivity.
Here are some of the common challenges faced by these providers:
- Over-lapping CIDRs that needs to be handled on a per-customer basis.
- Required support for a variety of customer environments
- Skills required to design, setup and troubleshoot IPSec/VPN connectivity.
- Lack of monitoring and troubleshooting.
- Lack of Network Automation
- Lack of Auditability (who accessed what and when).
- Security and isolation across customers.
- Remote user Connectivity
- Cloud provider limits like unidirectional traffic requirements (AWS VGW can only accommodate inbound traffic, not outbound) and limits on number of tunnels (Azure and AWS have this limit).
All these issues start impacting the cloud service provider’s business by increasing the time to value for their customers.
How can Aviatrix solve these problems?
Aviatrix has been a platform of choice for innovative companies that have successfully Saasified their applications (like Informatica, Mircrostrategy and many more). Aviatrix allows cloud service providers or ISVs to deploy connectivity in a fast and cloud-native fashion. Aviatrix also helps operationalize connectivity at scale (monitoring, troubleshooting and logging).
Aviatrix operates based on a central controller that allows cloud service providers to provision and manage connectivity across all their products connecting to all their customers. This controller-based approach to networking can be operated by a CloudOps or SRE engineers. Network operations and troubleshooting are performed through the UI or using REST APIs embedded in automation scripts.
The solution scales with cloud-native gateways that can be provisioned across the vendor product offerings and cloud platforms.
Proactive alerting, reporting and logging makes it easy to comply by SLAs and auditability for their end customers.
The low overhead allows these gateways to be more cloud-friendly and operate in smaller instance (VM) sizes. Aviatrix’s PAYG subscription also helps vendors avoid upfront capital costs and incur costs only when a customer is on-boarded.
Aviatrix has built features that eliminate networking complexities when onboarding new customers and operating the solution. Here are some key features:
- Handle Overlapping IP address spaces: Aviatrix uses two-way NATing (set-up via a simple interface) on a per connection basis to mask overlapping IP CIDRs.
- Option to install Virtual Gateway on customer premise: Most of the delay in connecting to customer premises arises from having to make changes to edge devices in their environment (routers/firewalls). Aviatrix offers a software gateway that can be spun up in their customer’s VMware/Hyper-V/KVM environment. This gateway connects to to The vendor’s cloud gateway in an automated fashion using outbound UDP or TCP ports. This minimizes any changes necessary to edge devices.
More general information is available at https://docs.aviatrix.com