Implementing Multicloud Networks with AWS, Azure, & GCP
The Growth of Multicloud
Enterprises levering the public clouds such as AWS, Azure and Google are also beginning to leverage multiple public clouds at the same time. While multicloud networking offers many advantages, using multiple cloud providers also introduces complexity, security, and visibility challenges. Learn more about the challenges of multicloud networking and how you can solve them.
Challenges of Multicloud Networking
While multicloud leverage makes a good public cloud strategy, enabling a multicloud architecture that includes two or more cloud providers is a challenge on many fronts. From an enterprise point of view, all the considerations and requirements for access, networking, and security that applied to one cloud provider must apply to all clouds you use.
While each provider’s underlying infrastructure services are built to address networking, segmentation, isolation, load balancing, security, and access, and each provider delivers a sophisticated management and orchestration interface to configure these IAAS services, there is no common command and control for multicloud networking.
While each public cloud provider brings a rich set of common infrastructure services, they are all unique in their nomenclature, function, configuration, APIs, control and visibility. In addition, these services need to deploy, orchestrate, configure, and provide visibility using each cloud providers orchestration and management console. Each cloud provider provides automation and scripting tools that only address their services.
The table below lists some of the core networking services and functions across AWS, Azure, and Google that need to be enlisted when leveraging these cloud providers.
IAAS Networking Services across AWS, Azure, GCP | |||
Network Services/Function | AWS | Azure | |
Network Administration | Account | Subscription | Project |
Virtual Network | VPC & Subnets | VNET & Subnet | VPC and Sub-Network |
DNS | Route 53 | Traffic Manager | Cloud DNS |
VPN | VGW | VPN Gateway | VPN Gateway |
Peering | AWS Peering or DirectConnect | Azure Peering or ExpressRoute | Google Cloud Interconnect |
Load Balancer | ELB | NLB | Cloud Load Balancer |
Security | Sec Groups | Network Security Groups | Network ACLs |
Storage | S3 | Blob Storage | Cloud Storage |
Notifications | SNS | Notification hubs | Cloud Messaging |
Messaging | SQS | Batch | Pub/Stub |
Logging | CloudTrail | Operational Insights | Cloud Logging |
Monitoring | CloudWatch | Application Insights | Cloud Monitoring |
*For more information on varying terms and definitions across cloud providers, see our Multicloud Rosetta Stone.
Learning and leveraging multiple providers and their IAAS services is a big challenge for many enterprise cloud architects and cloud network engineers.
In this new era of cloud computing, multicloud network abstraction is essential.
Illustrating a Challenge of Multicloud Networking by Using vRouters
Each public cloud vendor—including Amazon Web Services (AWS), Microsoft Azure, and Google Cloud (formerly Google Cloud Platform or GCP)—has its own structure and workflow. For obvious reasons, they don’t make it easy to connect with a competitor’s cloud infrastructure. As a result, an enterprise’s Cloud or DevOps teams are left to establish connections manually: a complex, tedious, and time-consuming process.
Here are the typical steps for connecting two public clouds:
Log into each cloud provider’s IAAS console – AWS EC2 Console, Azure Portal/Resource Manager, and Google Cloud.
Configure the AWS VPCs, Azure VNETs, or Google VPCs with non-overlapping subnets.
Configure relevant networking services for each cloud provider (for example, VPC CIDR, subnets, route table, DNS, NAT, FW, or Internet Access).
Install cloud provider-specific instances based virtual router (for example, Cisco CSR1000V or Palo Alto VM-FW) in each cloud provider’s VPC or VNET.
Using the CLI of each virtual router, configure the virtual router and its services to function as a router for that VPC or VNET.
Configure IPSec VPN between the two virtual routers. IPSec VPN configuration could be a multi-step procedure based on virtual router type and typically requires deep network and security knowledge.
Multicloud Networking with the Aviatrix Cloud Network Security Platform
Aviatrix empowers enterprises to embrace their multicloud strategies while empowering their cloud and DevOps teams. Instead of forcing the cloud professionals to handle the complexity of networking between and within multiple cloud vendors’ footprints, enterprise cloud teams can:
Review and manage all the enterprise’s public cloud instances and resources using a single, abstracted view.
Gain the freedom to choose the right public cloud deployment option for each application and workload, without getting bogged down in time-consuming intricacies of how to connect them all.
Add and change connections between and within various public cloud resources automatically and at real cloud speeds, rather than spending a couple of weeks manually building connections—or waiting even longer for the IT networking experts to step in and handle the networking chores.
Enable the use cases that best serve the enterprise’s business goals, whether that means migrating workloads from one public cloud to another or mirroring the environment in one public cloud to another public cloud for backup and disaster recovery (DR).
Secure Multicloud Networking with Aviatrix
The Aviatrix Cloud Network Security Platform is the industry’s leading multicloud networking software that abstracts the networking layers across AWS, Azure, and Google and allows multiple clouds to be networked from a single unified management plane. Achieve robust security, reliable connectivity, high performance, and essential agility for your entire multicloud network.
Curious about multicloud networking best practices?
See our multicloud networking guides for network engineers and DevOps teams.
Review a Checklist for Building a Secure Multicloud Network.
Learn how Better improved multicloud security and compliance with Aviatrix.
