Design Guides

Aviatrix Validated Design - SaaS Providers Infrastructure

Issue link:

Contents of this Issue


Page 1 of 6

2 AVIATRIX VALIDATED DESIGN AVIATRIX VALIDATED DESIGN SaaS Vendor Challenges with Native Cloud Networking The way enterprises consume SaaS services poses several challenges related to cloud networking and security, because native CSP constructs fall short of providing the enterprise-grade capabilities required to solve these challenges: Secure onboarding of end-customers with overlapping IP space: • End customers may have overlapping IPs with each other, as shown in the above diagram • End customers may have overlapping IPs with the SaaS vendor's applications address space. For example, Customer A using the same address space used by the SaaS provider for its own dedicated or shared resources Often SaaS provider end-customers have business requirements or preferences that their data be hosted or processed in one cloud platform verses another. To meet customer requirements, SaaS providers must onboard these customers to the preferred cloud, forcing SaaS providers to maintain complex, inconsistent architectures unique to each cloud provider. To meet this challenge, a secure, high-performance multi-cloud network and security architecture is necessary to satisfy the end- customer requirement. Security is a big challenge; SaaS providers are expected provide: • Full segregation of the resources; end-customers must not be able to access each other's dedicated resources • Based on service agreements, end-customers should be able to securely access shared services • Traffic from end-customers must be inspected by NextGen Firewalls before accessing shared services Other challenges SaaS providers must overcome include: • DIY (Do It Yourself) oriented SaaS providers with complex networking and security requirements face substantial Day 2 operational challenges when they go multi-cloud using this strategy due to architectural complexity and unmanageability. SaaS providers should not limit themselves to CSP provided native constructs • SaaS providers find it infeasible to maintain separate operational teams for each unique cloud provider platform when customers require service delivery from a cloud other than the SaaS providers primary cloud. • NextGen Firewall traffic inspection becomes a big challenge when end-customers are onboarded via Private Links • SaaS provider architectures that restrict their customers from initiating sessions, only allowing unidirectional traffic flows from cloud to customers • Native cloud provider tools lack the visibility and troubleshooting capabilities required for SaaS operations teams Aviatrix Introduction – Multi-Cloud Network Architecture Aviatrix Validated Designs are created based on a Multi- Cloud Network Architecture (MCNA), which has been proven with hundreds of enterprise customers building cloud network infrastructure in AWS, Azure, GCP, OCI and Ali Cloud (CSPs) across every vertical industry around the world. An MCNA is not a product, it is an architectural framework that is used to organize design requirements. An MCNA outlines how architectural pillars such as networking, security, day-one automation and day-two operational visibility span across cloud access, cloud networking and cloud application layers. Like a physical building an architecture, the MCNA is the go-to plan that allows cloud and security architects and their operational counter parts to work together to ensure network designs meets all cross-functional requirements. To realize their multi-cloud network designs, Aviatrix customers leverage the Aviatrix cloud network platform to deliver multi-cloud networking, security, and operational visibility capabilities that go beyond what any cloud service provider offers. Aviatrix software leverages public cloud provider APIs (Application Programming Interfaces) to interact with and directly program native cloud networking constructs. This abstracts the unique complexities of each cloud, simplifies deployments and forms one multi-cloud network data plane with advanced networking and security features and one, consistent multi-cloud operational model. Aviatrix Transit delivers a superset of enterprise-class capabilities that becomes the foundation of our enterprise customer's multi-cloud network architecture.

Articles in this issue

view archives of Design Guides - Aviatrix Validated Design - SaaS Providers Infrastructure