Information on multi-cloud networking, cloud network platform, cloud networking, cloud network security, cloud network operations
Issue link: https://aviatrix.com/resources/i/1321456
aviatrix.com 1 TECH BRIEF TECH BRIEF Aviatrix Multi-Cloud Private Link Introduction As enterprises move to the cloud many look to leverage Platform as a Service (PaaS) in an effort to refactor legacy applications. These services reduce platform management (compute, network and storage) and allow administrators to focus on application and service delivery. PrivateLink PrivateLink is available in both AWS and Azure and allows VPCs/VNets to connect to AWS/Azure PaaS services, partner services or customer-owned on-premises services using private IP connections. PrivateLink services have been adopted by application teams eager to take advantage of the deployment simplicity, speed and agility offered by PaaS services. However, as the number of private endpoints grows, enterprise security teams find that PrivateLink connections often circumvent corporate and regulatory policies. Finding a way to govern these connections has become a top priority for enterprise security teams. Compliance and governance without impacting deployment simplicity, speed and agility While security teams need to find a way to provide governance, nobody wants to become a bottleneck for application teams. Aviatrix customers have found a solution, leveraging a shared services VPC/VNet, dedicated to PrivateLink endpoint hand-offs. Leveraging the Aviatrix Transit ensures that traffic bound for PrivateLink endpoints inherits the same security posture as any other traffic and does not circumvent corporate and regulatory policies. At the same time, this approach simplifies PrivateLink connections because application teams simply deploy PrivateLink endpoints in the shared VPC/VNet and enterprise governance is already in place. Leveraging the Aviatrix cloud network platform and multi-cloud network architecture Aviatrix customers leverage the capabilities of the Aviatrix cloud network platform in many ways. While each deployment is similar, each is also unique to a specific customer's requirements and network design. Similarities start with the Aviatrix Controller's ability to deploy Aviatrix network and security services in a common, repeatable manner across cloud environments. An Aviatrix transit network offers the same networking and operational capabilities across all cloud providers. Security policies for SAML User VPN, site-to-cloud connections and Internet egress, for example, are consistent and centrally managed across the multi-cloud network environment. PrivateLink and Aviatrix Transit Deploying a central shared services VPC/VNet for PrivateLink endpoints connected to an Aviatrix transit network provides several benefits: • Centralized control for compliance and governance • Common security posture across multiple clouds • Intelligent route table management ensures end-to- end network correctness • Enterprise class operational visibility and troubleshooting with CoPilot and FlightPath • IPSec encryption across the cloud, up to the shared VPC containing the PrivateLink endpoints • Support for next gen firewall traffic inspection • Multi-cloud network segmentation to provide flexible segmentation controls into, within and between clouds • Multi-cloud consumer-provider relationships (e.g. consumer in cloud A, connected to provider in cloud B)