Co-Author: Vittorio Garbuglio – I am a Cloud Solutions Leader at Oracle who is passionate about Thinking strategically about business, creating technical definitions around customer objectives in complex situations and Developing technical and business solution strategies.
Secure channel for connections leaving OCI
Oracle OCI is doing a great job to secure data in-transit and at-rest while the communication is happening within OCI backbone. But how can you ensure data security for any outbound connections, especially in the Multi-Cloud scenarios? In this article we will describe how to interconnect OCI with Azure, AWS, GCP, or any 3rd party network with an easy-to-establish encrypted channel. That connectivity can leverage private links (FastConnect, DirectConnect, ExpressRoute, CloudInterconnect), private connectivity providers (MegaPort, Equinix, Epsilon, PurePort, and others), or the Public Internet, and in each scenario it is equally easy to provision the secure channel.
Aviatrix is the Multi-Cloud networking platform used to make it all happen.
Aviatrix, OCI and other clouds
Being a real multi-cloud platform, Aviatrix can be deployed in any of the big cloud providers. The main components of the platform are:
- Aviatrix Controller — the brain of the system, management- and control-plane
- Aviatrix CoPilot — responsible for visibility and visualization of the network topology and traffic flows, troubleshooting, and more
- Aviatrix Gateways — nodes in the data-plane
In only a few easy steps you can build the architecture as this:
In this scenario Aviatrix Gateways are deployed in Transit VCN in OCI, and in Transit VPC in AWS. The gateways are peered — encrypted IPsec connection is provisioned from the level of Aviatrix Controller. No more guessing game and hours wasted trying to set up IPsec tunnel — it happens seamlessly with a click of a button.
The connection is leveraging a private underlay (e.g. MegaPort, Epsilon, Equinix, PurePort). Backup tunnel can be established over the Public Internet, for redundancy.
This architecture is one of the most simple options you can get with Aviatrix — we place Aviatrix Gateways only in the “hubs” and the rest of the connectivity — to other VCNs or VPCs — is configured and maintained outside of Aviatrix. You can be using LPGs in OCI, TGW in AWS, and respective solutions in other clouds. With this you have a full end-to-end multi-cloud connectivity, ensuring security on the inter-cloud link.
However, you can also consider extending Aviatrix’ footprint to all of your “spoke” networks, achieving unified architecture, configuration, troubleshooting and monitoring across OCI, AWS, Azure and OCI. That is the true power of Aviatrix Multi-Cloud Network Architecture.
Getting started with Aviatrix
Aviatrix is a powerful and advanced platform providing networking and security services in the public clouds, with multi-cloud optionality. While being comprehensive, it is also perfectly modular — you can start really small with just one or two services, and if you need to add more services, or expand into other clouds, you can do it at any time. The platform is flexible and can easily follow your current needs. Start anywhere, grow anywhere.
In this scenario we were talking about multi-region connectivity for OCI. Once this base platform is built out, the customer can add more services:
- Next Generation Firewall inspection (Palo Alto, Fortinet, Checkpoint)
- Stateful L4 Firewall
- Network segmentation
- User VPN
- FQND Egress Filtering
- Multi-Cloud connectivity and network segmentation
- Encryption over FastConnect
- Advanced NAT for interconnecting networks with overlapping IPs
and many more.
Are you ready to deploy Aviatrix in your OCI environment?
Start here: https://cloudmarketplace.oracle.com/marketplace/en_US/listing/65804594
Contact us: [email protected], [email protected] for additional information.
