Overview of Aviatrix Secure Edge
What is Aviatrix Secure Edge?
Aviatrix Secure Edge is an enterprise grade solution that enables customers to extend the Aviatrix Cloud Networking architecture to the edge network for consistent and repeatable architecture, management, visibility, security, and control. This cloud-out architecture enables enterprises to leverage the Aviatrix platform ubiquitous support for edge connectivity. The result is secure, seamless connectivity to edge locations such as data centers, colocations, remote sites, provider locations, branch offices, and retail stores.
Why is cloud capable secure edge important?
During their public cloud journey, IT leaders often ask themselves, “How do we — as securely and as seamlessly as possible — bring public clouds closer to end-users and services that continue to reside on-premise. This creates new challenges — applications are developed at pace and scale, and therefore the ability to connect public cloud outward to the edge of on-premise becomes reliant on infrastructure that needs to always be available, performant, scalable, secure, and cost efficient.
Key challenges:
-
Installation and set up of on-premise network edge infrastructure is often time-consuming and costly, resulting in significant delays.
-
Network automation (in cloud vs on-premise) is different, which causes increased time to onboard.
-
The on-premise network architecture and cloud teams may be disconnected, creating unnecessary delays and dissatisfied end consumers.
-
Fragmented stacks in cloud and on-premise increase troubleshooting time and resources that need to be engaged. This fragmentation leads to network downtime and increased MTTR.
-
More tools to maintain for monitoring, troubleshooting, and visibility increase overhead and support costs.
-
Security risks due to lack of consistent security protocols and policies between cloud and on-premise can compromise the network and create an ever-expanding attack surface.
-
Crowded and inconsistent management consoles because of network stacks that are different across cloud and on-premise, which also increases challenges to troubleshoot problems. IT teams need trained experts in each cloud and technology concerned.
IT leaders have accepted that public cloud infrastructure is a separate entity to on-premise data center infrastructure — not only physically separate, but also organizationally separate. They are linked with private circuits either directly or via a colocation, but with different governance, operational models, controls, and feature sets.
If you manage to solve the challenges, one key thing remains. You will be without an edge infrastructure that looks, feels, and behaves like a VPC, VNet, or VCN.
What are the benefits of Aviatrix Secure Edge?
With clouds as a new home for business-critical applications, modern enterprises have pivoted their architectural and operational center of gravity to the cloud.
Aviatrix Secure Edge is Aviatrix cloud native Secure Network and Network Security software for customer edge locations. Its cloud-out architecture enables to extend the cloud operating model out to on-premises. That means your branch locations, colocations, and on-premises must be secure, operational and networked the same as another VPC or VNet. This allows security posture, policies, and controls to remain consistent end-to-end and gives the impression of the cloud being closer to the end users and services that reside in the data center.
Aviatrix Secure Edge approach means enterprises can have the same governance, consistent cloud network and consistent security controls between public cloud and on-premises, but with the added differentiators of enterprise grade visibility and management into the edge locations. This is important because if the cloud edge is the data center or branch external to the cloud, you get a unified network stack within cloud and on-premise with complete network visibility and single console to manage and operate the network in cloud and on-premise — creating one operational model with bottlenecks removed.
Aviatrix Secure Edge offers advanced analytics and reporting capabilities, with the ability to track network performance and security metrics across multiple cloud platforms making it easy to identify and address issues before they start to impact the performance or security of your cloud environments.
Aviatrix Secure Edge is a powerful software-defined cloud networking solution that offers advanced networking and embedded security features for edge locations. It offers:-
A single way of doing things. It extends the cloud model to on-premises, allows VPCs and VNets to be extended into the data center, Equinix colocation, or remote branch locations while retaining the cloud operational model and bringing the end users and services closer to the cloud.
Simple zero touch provisioning. You can deploy Aviatrix Secure Edge either by using Terraform or its easy-to-use Aviatrix cloud controller helping to improve time to deploy for applications and workloads without worrying about the underlying environment.
Cloud centric management and advanced analytics capabilities. This makes it easy to retain consistent end-to-end (cloud to edge) networking and security policies and controls. The result is an overall reduction in complexity and cost of managing multiple cloud platforms.
Complexity extraction. This leads to reduced skill set requirement — no multi-vendor, SDWAN, X Y Z clouds, simplicity that empowers agility.
In summation:
-
Go-to platform for all hybrid connectivity
-
Centralized control plane across multicloud networks and edge locations reducing operational complexity
-
Single pane of glass for cloud visibility, monitoring, and troubleshooting
-
Encrypted connectivity and routing between multicloud networks with a private path that uses standard architecture
-
High Performance Encryption (HPE) support over public and private networks
-
Zero-touch provisioning (ZTP) for automated Edge deployments
-
Multiple form factors to support various edge requirements
What are the use cases?
Aviatrix Secure Edge provides multicloud connectivity over private and public networks.
What edge platforms are supported?
You can deploy Aviatrix Secure Edge on these platforms:
Aviatrix Edge Platform
Aviatrix Edge platform is an Aviatrix turnkey solution that enables cloud orchestration of edge hardware and Aviatrix Edge Gateways for deployments in customer on-premises locations. The hardware is recommended by Aviatrix and comes pre-staged before it is shipped to a customer site.
Aviatrix Edge platform connects data centers, retail and branch customers to the cloud and offers these key benefits:
-
Extends the cloud operational model to the edge
-
Remote orchestration of edge hardware and software with full lifecycle management
-
Encrypt high-speed circuits at line-rate with High Performance Encryption
-
Secure edge with distributed firewall and network segmentation
-
High-Availability Edge Gateways for failover
-
Designed for multicloud connectivity
-
Flexible form factors to support data center high throughput needs
-
Single unified control and management plane
Equinix Platform
Aviatrix Edge on Equinix platform leverages Equinix Network Edge to deliver high performance encrypted connection to your single cloud, multicloud, or hybrid environments.
Following are the key benefits:
-
Extends the Aviatrix Intelligent Cloud Networking and Security platform to the Equinix Fabric
-
Simplifies deployment of private multicloud connectivity leveraging the Equinix infrastructure
-
Accelerates enterprise cloud adoption by removing hardware requirements
-
Edge connectivity that is secure, easily deployable, and reliable with visibility and control
-
A seamless operational model and consistent architecture across network edge and multicloud
Does Aviatrix Secure Edge support high availability?
Aviatrix Edge Gateways are deployed in ActiveMesh by default, where the primary Edge Gateway and the HA Edge Gateway instance both forward packets to the Transit Gateway connections.
You have the option to choose Active-Active or Active-Standby mode for Edge Gateway to the LAN-side connectivity.
Does Aviatrix Secure Edge support NAT functions?
For the use case where the CSP network CIDR overlaps with the on-premise network CIDR, you can enable customized SNAT and DNAT on the Edge Gateway to resolve the overlapping CIDR issue.
Does Aviatrix Secure Edge support Local Internet Breakout?
You can set up Aviatrix Edge Gateways as the default gateway and enable SNAT to route egress connectivity directly through the NAT interface of the Internet.
How does Aviatrix Secure Edge provide security?
Aviatrix Secure Edge is an extension of the Aviatrix cloud-native networking and security platform which has security built into the data plane. Security capabilities include:
-
Distributed Firewall
-
Network Segmentation
-
End-to-End Encryption
-
Unified single dashboard for security management.
See:
Does Aviatrix Secure Edge support VLAN connectivity?
Aviatrix Secure Edge supports VLAN connectivity with multiple VLAN interfaces that can be enabled on Edge Gateway with VRRP support.
Aviatrix Secure Edge also enables you to segment your on-premises network traffic for your LAN network segments through network domains and connection policies.
How can I do transitive routing with Aviatrix Secure Edge?
You can enable transitive routing on an Aviatrix Edge Gateway to forward traffic between multiple Transit Gateways that are connected to it.
How can I do transit peering across multicloud with Aviatrix Secure Edge?
You can create Transit Gateway peering as a secondary path for forwarding traffic over the public network.
How do I deploy Aviatrix Secure Edge?
To deploy Aviatrix Edge, first you need to procure and onboard your edge device on the platform of your choice. Next, you deploy Aviatrix Edge Gateway on the edge device and attach the Edge Gateway to Aviatrix Transit Gateways for cloud connectivity. Then, configure the Edge Gateway for LAN-side connectivity.
See: