Challenges and Requirements
Many Independent Software Vendors (ISV) and Platform Providers need to support multi-cloud. On top of that customers will have their own custom networking solutions, given the CSP they are connecting from, the client VPN standard or the firewall they are running in their environment.
With the growing demand for multi-cloud support, the challenge of ISV’s is to ensure a consistent way to manage each customer’s software environment independently, securely and across all clouds. It is therefore important to establish full visibility and control over these environments with as little customization as possible. The other issue that needs to be resolved is to have a painless way to on-board new customers and reduce the complexity and time it takes to connect them to their multi-cloud network.
Your VPN network will typically resemble the following situation in which we have six customers with their application hosted in three CSP’s, and each customer using its own VPN connectivity systems and methods:
Your concerns and challenges
- Customer demand for data segmentation and high bandwidth VPN connectivity
- Overlapping IPv4 CIDRs between customers, which means native cloud VPN solutions are unsuitable, but no standard solution to tackle this issue
- Creating secure and redundant customer-to-cloud VPNs using many different connection types (also in your own cloud environments), which requires large management effort, and introduces a new risk for availability and security
- Lack of deployment automation which results in manual customization and long customer on-boarding times
- Lack of ‘single pane of glass’ operational visibility across multi-cloud network for troubleshooting
- Your focus is on managing tailored connectivity solutions for all customers, while you want to focus on improving and developing your software platform
- As the number of customers grows, and your environment scales, it becomes more and more complex
All of the above need to preferably be solved based on intelligent orchestration, full visibility and control for multi-cloud networking
CloudNation and Aviatrix deliver a cloud-native Transit VPN Networking architecture which enables you to standardize and automate customer-to-cloud network connections. This reduces customer on-boarding significantly. In some cases, to hours rather than weeks. The ability of Aviatrix to orchestrate the multi-cloud network and deeply integrate with the CSP networking services, enables you to deploy your customer software environments to any customer network, without cloud specific skills. We will create a multi-cloud transit network for you that securely segments customer environments, while allowing your engineers the ability to onboard, monitor, support and upgrade customers on demand. This enables you to deliver SaaS-like simplicity, agility and continuous software integration for your customers, without having to rearchitect the software and build a multi-tenant SaaS offering. Using Aviatrix products, you get that single pane of glass providing detailed insight in network health and performance, along with much more advanced troubleshooting tools, over all clouds and all regions.
Aviatrix Gateways are deployed in every VPC and VNET and have peering connections with a central Gateway in the VPN Transit Network. The Gateways handle all traffic routing. They are deployed and fully managed by the central Aviatrix Controller and all connectivity is encrypted by default. If desired, customers can deploy an Aviatrix Gateway in their network to make onboarding even simpler and faster.
The Aviatrix multi-cloud transit network architecture will significantly simplify your network architecture, and handle scaling with ease:
The solution includes
- Aviatrix cloud-native networking for AWS, Azure and GCP transit hub-spoke networking
- Deployment in any customer cloud/datacenter network using Terraform Infrastructure as Code
- Aviatrix Intelligent Orchestration and Control to deliver global visibility and monitoring
- Secure and highly available site-to-cloud automation, regardless of IPv4 CIDR ranges
- Aviatrix secure egress with FQDN
- SAML based client VPN
- Aviatrix architecture enables roadmap to multi-cloud application environments
From a business perspective, cloud-native networking by Aviatrix and CloudNation helps you on-board new customers more quickly and with less ‘handling’ by your customer and you. Resulting in higher customer satisfaction. Architecturally and operationally, your team will be able to increase network visibility and control across multiple clouds, facilitating much faster troubleshooting. Due to the high rate of internal standardization, you will experience substantially less network downtime, and more business value for your customers.
The results include
- Drastically standardized, but still very flexible, scalable and robust VPN solution
- Default network encryption to enhance security
- Better cloud networking visibility and control
- Simplified and much faster multi-cloud network orchestration
- Automated deployment and new route propagation
- Secure customer environment segmentation (overlapping IPv4 CIDRs are not an issue)
- Reduced time to onboard new customers
- Far less effort required from customers
- Facilitating a rapidly growing customer base (network connectivity no longer being an obstacle)
*note: We use the definition of multi-cloud by NIST: ‘An organization has a multi-cloud if simply at least 2 cloud deployments models are used within the organization. Within which all combinations are possible.” ~ Peter Mell, & Timothy Grance. (2011). The NIST Definition of Cloud Computing.