Azure Secure NAT Gateway Getting Started

This guide provides information to get you signed up for the Azure Secure NAT Gateway by Aviatrix. The NAT Gateway is part of the Platform-as-a-Service offering.

The Secure NAT Gateway provides security on outbound traffic for any Azure VNet-based workload, including Kubernetes.

For more information about how Aviatrix PaaS and the Secure NAT Gateway can help make your network more secure, see:

Aviatrix PaaS Overview

You can subscribe, onboard, and secure your cloud resources in four simple steps:

process flow for azure signup

Subscribe to Azure Secure NAT Gateway

Subscribe to the Aviatrix Secure NAT Gateway offer on the Azure Marketplace.

process flow subscribe

  1. Go to the Aviatrix Secure NAT Gateway listing on Azure Marketplace and click Get it now.

  2. Accept the Azure terms of use and privacy policy and click Continue.

  3. On the Aviatrix Secure NAT Gateway page, do one of the following.

    Both options open a subscription page.

    • From the Plan field, select the plan suitable to your needs and click Subscribe.

      azure marketplace plan selection

    • Click Plans + Pricing, review the details of each plan, and then click Subscribe for the plan suitable to your needs.

      azure marketplace plans & pricing
      If you select the Developer Evaluation Trial plan, you can upgrade to a paid plan at any time.

  4. On the Subscribe to Aviatrix Secure NAT Gatewy page, do the following:

    1. Under Project details > Resource group, click Create New and enter a name for the group.

      Microsoft requires a resource group to contain the resource metadata.

    2. Select a Resource group location.

    3. Under SaaS details, enter a descriptive Name for the subscription.

      You can leave other fields with their defaults.

    4. Click Review + Subscribe, and then click Subscribe on the next page.

      azure marketplace subscription details

  5. On the Subscription progress page, click Configure account now when the process completes.

    subscription progress page

    Alternatively, you can click the Configure Account button in the email you receive from Azure Marketplace.

  6. On the Sign Up screen that displays, enter your name.

    The email address you used for your Azure account is auto-populated.

    sign-up page

  7. Agree to the Aviatrix Terms of Service and Privacy Policy and click Finish Sign Up.

    You are signed in to the Aviatrix Platform UI and a Welcome screen displays, from which you can onboard your Azure cloud account.

Next Steps

After subscribing to Aviatrix Secure NAT Gateway, onboard your cloud account and VNets.

Onboard Cloud Account

Onboarding connects your cloud account to Aviatrix Platform and allows the platform to discover your cloud resources, such as VNets, subnets, and VMs.

process flow onboard cloud
Onboard Your Azure Cloud Account (click to expand)

After signing up with Aviatrix PaaS, the Aviatrix Platform opens to a Welcome page. From this page you can connect your cloud accounts with the Aviatrix Platform. After you have onboarded a cloud account, the Welcome page no longer displays when you sign in.

The onboarding process creates the Azure roles and resources required for Aviatrix Platform to monitor and manage your Azure network. It also allows Aviatrix PaaS to discover the resources in your cloud account.

  1. On Welcome to Aviatrix PaaS, click Begin.

  2. In Begin Aviatrix Journey Step 1, click Onboard Cloud Account and select Azure.

  3. If you have not already created an Azure application and gathered the necessary IDs, click Launch Microsoft Azure Portal and create an application.

    See Create a New Application in Azure, if you need more information.

  4. Enter the following IDs from your Azure account.

    • Subscription ID

    • Directory ID

    • Application ID

    • Client Secret

  5. Click Next.

    As your account is onboarded, the cloud assets in your account are discovered. When the discovery process completes, a success message displays.

  6. Click Close.

    Your onboarded account is named aviatrix-account and displays on the Cloud Resources pages and in the Dashboard.

    It can take a couple of minutes before your VNets display under Cloud Resources > Cloud Assets.

    Your onboarded regions will also display in the Dashboard geographic map.

If you want to onboard another cloud account, you can do so from Cloud Resources > Cloud Accounts.

Onboard VNets

Onboarding VNets allows Aviatrix Platform to manage the cloud resources you select.

process flow subscribe
Onboard VNets (click to expand)

After onboarding your cloud account in Aviatrix, the VPCs or VNets associated with the account display as unmanaged resources in Aviatrix Platform. You can see a list of VPCs and VNets, and associated VM resources, on the Cloud Assets page.

To bring the resources under Aviatrix management, you must onboard the VPCs or VNets. The recommended (default) performance size for VPCs and VNets is Medium.

It is recommended that you deploy each VPC or VNet with at least two subnets in two different zones to provide high availability.

To onboard Kubernetes clusters, see Onboard Kubernetes Clusters.

During onboarding, an Aviatrix Spoke Gateway is created on each subnet in the managed VPC or VNet. This gateway is displayed on the Topology map, along with other network resources.

You can onboard only one VPC or VNet at a time, but you can begin the onboarding process for multiple VPCs or VNets at one time. You do not have to wait until a VPC or VNet finishes onboarding to start onboarding another one.

You can also onboard VPCs and VNets from Security > Egress > Protected VPC/VNets.

To onboard your VPCs or VNets, do the following.

  1. Go to Cloud Resources > Cloud Assets > VPC/VNets & Subnets.

  2. Click the Onboard link for a VPC or VNet you want Aviatrix to manage.

    You can only onboard resources that have public IPs. By default, the 10.0.0.0/16 CIDRs are private.

  3. On Onboard a VPC/VNet you can do the following:

    1. From Performance Size, select the instance size for your VPC or VNet.

      The recommended default size is Medium.

    2. Remove a subnet from the onboarding list by clicking the "x" next to the subnet IP address.

      This action only removes the subnet from being managed, it does not remove the subnet from the VPC or VNet.

    3. Add a subnet to the list by clicking the down arrow and selecting the subnet IP address.

    4. Click Onboard.

      The Aviatrix Managed column changes status to In Progress. When onboarding of all subnets for the VPC or VNet is complete, status changes to Yes.

  4. Expand the VPC or VNet listing to see the status of individual subnets in the VPC or VNet.

  5. Click the Name of the VPC or VNet to display related route tables.

As subnets are onboarded, they also appear in the Cloud Fabric > Topology map as managed resources.

You can offboard a VPC or VNet from the Aviatrix Platform by using the Manage menu.

Secure Your Network

Use either the Distributed Cloud Firewall (DCF) or Egress Security workflow.

process flow subscribe

Upgrade a Developer Evaluation Trial to a Paid Plan on Azure