Solution Briefs

© Aviatrix, 2023. TECHNICAL BRIEF Aviatrix Secure Cloud Backbone Driving Factors for a Secure Cloud Backbone What began as a pioneering effort by enterprises to migrate non-critical apps to cloud has quickly evolved into a concerted effort to migrate and refactor business-critical apps for cloud. With IT at the helm of infrastructure design, deployment, and management, private connectivity between the cloud and the data center has become dominated by native cloud offerings such as Direct Connect (AWS), ExpressRoute (Azure), Cloud Connect (GCP), and FastConnect (OCI). Still, IT and cloud networking experts are wrangling with disparate designs and outcomes for an enterprise-class cloud backbone that offers resiliency, agility, advanced security, and mature troubleshooting tools without overrunning budgets. Building a cloud backbone has become increasingly important in the last several years due to the following factors: 1) Many enterprises are committing to a multicloud strategy. They must build high throughput, low latency transit systems between cloud service providers (CSPs) to move large quantities of data, migrate critical applications, handle B2B relationships, and incorporate disparate systems following mergers or acquisitions (M&A). 2) As the amount of critical data and dependent workloads in public cloud becomes increasingly profound, cloud footprints can quickly outgrow a single region and become multi-regional or even global. Applications formally consigned to a single region have forced the expansion to tolerate regional failures, better pricing, or to service growing customer bases nationally or globally. 3) IT teams realize that it is faster and more efficient to use the CSP private networks to move data around instead of backhauling it over their existing private network fabrics, many of which are still telco-based. The primary driver here is to reduce latency (a remedy for LFN – Long Fat Networks) and alleviate the burden of increased cost, throughput, and consumer demand over private network fabrics. Aviatrix Secure Cloud Backbone Overview The Aviatrix Secure Cloud Backbone is more than a simple overlay tunnel within or between CSPs. Aviatrix delivers advanced cloud networking features, embedded security, and enterprise-class visibility in the overlay -- services not offered by any cloud provider. The Aviatrix control plane is fully aware of, leverages, and controls CSP networking services and underlying transport infrastructure. The Aviatrix control plane is housed in a highly available VM that the customer deploys within a VPC or VNet, called the Aviatrix Controller. The Controller's job is to interpret programmatic input from the end user, usually via Terraform or the Aviatrix GUI, and convert it into goal states realized in the Aviatrix data plane. It converts Aviatrix API commands into cloud- native APIs that support AWS, Azure, GCP, OCI, and Alibaba. This allows the Controller to automatically orchestrate the network fabric of the CSP, thereby creating cloud-native routing and security policies based on the desired goal state of the end user. The Controller also receives and executes Aviatrix API commands explicitly meant to build and manage the Aviatrix data plane. The data plane includes virtual machines running Aviatrix code, performing various tasks common to any enterprise-class network such as routing and forwarding, IPsec and GRE tunnel formation, failover, path convergence, etc. In addition, the Aviatrix data plane also collects real-time netFlow-based telemetry that allows for granular flow visibility and troubleshooting via Aviatrix CoPilot, the Aviatrix management plane. Finally, the data plane provides distributed traffic inspection and policy-based controls to enable a zero-trust network architecture. Significantly, these security controls for firewalling, network segmentation, micro-segmentation, IDS/IPS threat detection/mitigation, and anomaly detection are all

• Cover