Design Guides

Alibaba Cloud - Aviatrix Validated Design

Issue link:

Contents of this Issue


Page 1 of 7

2 AVIATRIX VALIDATED DESIGN AVIATRIX VALIDATED DESIGN Challenges Private, secure connectivity in and out of mainland China is difficult to deliver. There are several options, but each has its own challenges: - IPsec tunnel over Public IPs – standard ports for IPsec need to be whitelisted by the Great Firewall, and even then, the connection will likely be very unstable - Private connectivity using a 3 rd party – long lead times to get the link activated, high cost; point-to-point design leads to complexity in extending that network to other resources; no encryption - Private connectivity leveraging Cloud Provider's backbone – only Ali Cloud offers such connection; not encrypted; complexity extending to resources outside of Ali Cloud (e.g. DC, other CSPs) The biggest cloud providers, AWS and Azure, use separate entities and separate backbones for their regions in mainland China. You are forced to separate accounts and use separate operational consoles to manage your resources inside and outside China. Alibaba Cloud provides a single account and single management console for all their regions. That makes Ali Cloud an attractive option to consider when building an enterprise global cloud backbone. The challenge is the lack of encryption on these links, as well as complex setup of the connectivity and routing for networks outside of Ali Cloud (other CSPs or DCs) as they need to be added into the mix. Aviatrix Introduction – Multi-Cloud Network Architecture Aviatrix Validated Designs are created based on a Multi- Cloud Network Architecture (MCNA), which has been proven with hundreds of enterprise customers building cloud network infrastructure in AWS, Azure, GCP, OCI and Ali Cloud (hereon referred to as Cloud Service Providers, or CSPs) across every vertical industry around the world. An MCNA is not a product, it is an architectural framework that is used to organize design requirements. An MCNA outlines how architectural pillars such as networking, security, day-one automation and day-two operational visibility span across cloud access, cloud networking and cloud application layers. Similar to building an architecture, the MCNA becomes the go to plan that allows cloud and security architects and their operational counter parts to work together to ensure network designs meets all cross-functional requirements. To realize their multi-cloud network designs, Aviatrix customers leverage the Aviatrix cloud network platform to deliver multi-cloud networking, security, and operational visibility capabilities that go beyond what any cloud service provider offers. Aviatrix software leverages public cloud provider APIs (Application Programming Interfaces) to interact with and directly program native cloud networking constructs. This abstracts the unique complexities of each cloud, simplifying deployments and forming one multi- cloud network data plane with advanced networking and security features and one, consistent multi-cloud operational model. Aviatrix Transit delivers a superset of enterprise-class capabilities that becomes the foundation of our enterprise customer's multi-cloud network architecture.

Articles in this issue

view archives of Design Guides - Alibaba Cloud - Aviatrix Validated Design