Simplify cloud adoption with Aviatrix intelligent cloud networking
Published Dec 07 2022 05:51 PM 2,305 Views
Copper Contributor

In this guest blog post, Gerald Buchholz, Principal Solutions Architect at Aviatrix, discusses how a reliable and secure network creates the foundation for the successful use of cloud services.


Customers have built on-premises networks for years, gaining deep technical knowledge and expertise on how to plan, build, and run them. When customers begin their cloud journey, however, they realize that cloud networking is different, emphasized by additional security requirements that need to be implemented in the cloud. This can slow down cloud adoption.


The Aviatrix cloud network platform enhances Microsoft Azure networking services by enabling customers to plan, build, secure, and operate their cloud network in a unified experience, using well-known tools and familiar processes.


Let’s take a look at how Aviatrix’s intelligent cloud networking helps speed up the cloud journey along with some of the business, security, and operational benefits organizations gain from enhancing their cloud network on Azure.


Available in the Azure Marketplace, Aviatrix gets you started on your cloud adoption right away by enabling you to deploy the Aviatrix controller in your own Azure subscription.


The Aviatrix controller helps you create or onboard virtual networks according to best practices and organizes them into a cohesive cloud network fabric that you own. It also takes care of the lifecycle of Aviatrix gateways that build the cloud network and enhance the native features, like adding encryption and collecting network telemetry data. The controller can be deployed using Terraform, and it also interacts with the official Aviatrix Terraform provider, allowing you to build and maintain your Aviatrix cloud network with infrastructure as code.


After deploying the Aviatrix controller, it is recommended you deploy Aviatrix CoPilot, which offers programmable intent and operational visibility.

 

Picture1.png

 

Business benefits
One of the biggest benefits of the cloud is it can deliver nearly endless, highly available resources. This can also be a burden, as with a much broader footprint in the cloud, rules need to be applied dictating how workloads communicate with one another.


Rather than identifying each workload and applying rules to a single virtual machine or network, Aviatrix enables you to specify the intent, such as, “Development can talk to shared services. SAP can talk to shared services and HR systems.” Aviatrix programs the intent according to your requirements. There is no need to maintain IP lists or keep track of changes to your workloads.


According to a Microsoft article about tracking costs across business units, environments, or projects, "To build a cost-conscious organization, you need visibility and properly defined access to cost-related data." This is true, especially since costs are becoming more important as more workloads are moved to the cloud.


Nevertheless, networking costs can be hard to track back to an individual subscription or application. Simply spreading networking costs equally across subscriptions that consume networking services will most likely be unfair, because usually not all applications consume the same amount of resources. Other models, like spreading the costs based on VMs, might be a better approach but are still not based on individual usage.


With Aviatrix CostIQ you can charge back networking costs to the owner of the service, including data from Azure cost management, making the charges transparent, fair, and based on actual usage.

 

Picture2.png

 

Security benefits

Security is a top concern when moving to the cloud, not only because you’re not using your own datacenter or a location you control, but also because you need to rethink how security is built. This includes how you will protect your workloads from incoming connections as well as from outgoing traffic to the internet, for example, downloading updates or using external data sources.

 

Software downloaded from unknown sources and misconfigured applications can also pose a risk to cloud security. The same goes for data exfiltration, either by bad actors inside a company or from a cyberattack.

 

To lower the risk, a popular option is to deploy Azure Firewall or a third-party firewall in Azure. While deployment of third-party firewalls in Azure is more complicated, Aviatrix helps with the initial deployment because it has built-in support for zero-touch deployment of CheckPoint, Fortinet, and Palo Alto Networks firewalls.

 

The Aviatrix platform also automates the complex route management processes in Azure. Looking for a cost-effective and simple way to do FQDN filtering to ensure only certain destinations, like update servers, can be reached? Simply deploy an Aviatrix FQDN-Gateway and whitelist the destinations you need. That’s it.

 

By integrating FQDN rule deployment into the DevOps workflow, developers can easily request new URLs to be added, ensuring URLs are evaluated before they are approved.

 

Aviatrix ThreatIQ provides another layer of security by evaluating traffic flows to public IP addresses against an IP reputation database, then triggering an alert via email or using a webhook to post an alert in Microsoft Teams. Communication to the malicious IP is then automatically blocked by Aviatrix ThreatGuard.

 

If you use a SIEM, such as Microsoft Sentinel, you can use netflow information from Aviatrix gateways to enrich your SIEM with information about the communication between internal and external networks.

 

Operational benefits

When critical applications like SAP are moved to the cloud, application owners want to determine performance. Azure identifies the performance of a single VM or a larger fleet of VMs along with application performance. But when it comes to networking, numbers can be hard to get. Aviatrix AirSpace offers embedded telemetry that can be used to show network performance and help understand traffic patterns and identify possible networking bottlenecks.

 

Application performance problems are often identified by the end users reporting them to their IT service desk. Then the troubleshooting starts, and one of the usual first steps is to check networking performance. Aviatrix CoPilot visualizes network usage and helps identify networking problems like bandwidth issues or high latencies.

 

Reports generated in Aviatrix CoPilot, showing connectivity, latency, routing, packet loss, and other issues, can be generated and attached to the support ticket or used to show evidence to the service provider.

 

Since the cloud is not an island, you need a proper connection to it. Although more and more services can be consumed over the internet, you still want to access the database that is running in your datacenter, securely and reliably.

 

Many customers use Azure ExpressRoute as a reliable way to connect between their datacenter and Azure. But customers may also wish to maintain isolation, for example, between different environments, like production and development and on-premises.

 

This can be achieved by deploying Aviatrix Edge in your on-premises datacenter or in your co-location space. Aviatrix Edge not only adds isolation and encryption to your existing Azure ExpressRoute instance, but it also provides you all the telemetry data you’ll gain from Aviatrix Airspace, extended to your on-premises environment. Aviatrix Edge can also be used to connect using internet-based connections, for example, from your branch offices.

 

Aviatrix not only helps speed up your cloud journey, but it also enhances your cloud network with features that support improved adoption in your company.

 

Eager to get started? Deploy Aviatrix through Azure Marketplace or request a demo to see Aviatrix in action and learn how your cloud network can be enhanced to facilitate your success.

Co-Authors
Version history
Last update:
‎Dec 05 2022 08:56 AM
Updated by: