Information on multi-cloud networking, cloud network platform, cloud networking, cloud network security, cloud network operations
Issue link: https://aviatrix.com/resources/i/1321447
1 Deploying Multi-Cloud Kong API Gateway and Kuma Service Mesh with Aviatrix Building a Multi-Region or Multi-Cloud environment for your applications requires a lot of attention. The usual deployment, where we have an API Gateway running closely to the several application runtimes, should be enhanced to support different regions in a given Cloud or, with an even more distributed and hybrid scenario, multiple services running across different public clouds and on-premise environments. The task gets even more challenging when we consider Service Mesh based applications implementing C anary Releases, A/B testing, Blue Green deployments, etc. Moreover, a Zero-Trust Network requirement for distributed environments should be considered mandatory. Architecting a Global Multi-Cloud Transit Network To be a bit more specific, from the networking perspective, the multi-cloud environment should address critical requirements, such as: • Architecture should be scalable and should not require redesign or have scaling impact when new VPC/VNets are added/removed. As such, direct VPC/VNet peering should be avoided and a hub-and-spoke based transit architecture should be used. • Support a variety of communication requirements including Public and Private IPs, Direct Peering between multiple clouds, and more. • Provide a scalable networking capability to be consumed by all application components including for example the service mesh itself and the API Gateway. • Support additional network services like Next-Gen Firewalls (NGFW), IPS, IDS, DPI, etc. that can be transparently inserted without re-architecting any aspect of your deployment or changing application. In summary, three key attributes should be pursued: • Networking: A repeatable architecture in a single cloud or across multiple clouds. • Security: The network architecture should be flexible enough to implement connections across different security domains/zones. • Operations: Visibility, control, and troubleshooting capabilities that abstract the unique complexities of the underlying native cloud constructs. Aviatrix Cloud Network Platform Aviatrix provides complete and easy-to-manage connectivity solutions to support advanced enterprise networking, security and operational visibility requirements for both single or multi-cloud application development. Microservice based Application Topologies From the distributed application perspective, all topics listed to the left should be considered taken care of, as well as all the necessary networking connectivity requirements should be already in place. This way any topology required could be implemented on top of any cloud service provider platform. Among these topologies and architectures, we could consider: • Distributed Service Mesh deployment with Microservices running on different Clouds. • API Gateway implementing a single point of contact to Microservices running on different environments and on all sorts of runtimes like Linux, Docker, Kubernetes, and more. • Distributed API Gateway layer having control plane running on a cloud and multiple data planes across different environments and clouds. Reference Architecture Kong provides technologies to implement both layers in an enterprise architecture: • Kong: API gateway built for multi-cloud and hybrid, optimized for microservices and distributed architectures. • Kuma: Service Mesh implementation for distributed service connectivity.