AWS FAQs


Userlevel 5
Badge +1

Is Direct Connect (DX) encrypted by default?


No. DX is not encrypted. The encryption solution needs to be built on top of it. If you are looking for near line rate encryption for DX and/or ER (Express Route), Aviatrix has a hardware appliance called CloudN that one should consider.


Does the 3rd party firewall and Aviatrix controller have to be in AWS, or do the firewall services work on Azure as well?


Nothing has to be in AWS.  If you are a customer who has no footprint in AWS, you can only be in Azure, which means that your Controller, GWs, FWs will all be in Azure, too.


I want to have routing from multiple regions to my on-prem via AWS-TGW, would I need multiple route peering?


Yes, you would terminate a VPN per TGW to on-prem. If using a Direct Connect, you could leverage the DX Gateway. 


If the VPN tunnel is built with an AWS-TGW, do we also need to programs routes in VPCs?


You will need to go into the VPC route tables and manually configure routes for DC to use Transit (TGW), which will have the VPN tunnel to get back to the DC. 


3 replies

Badge +2

As far as I know for now, the Controller always has to run in AWS. That's why there is only a CloudFormation template for it, and no ARM template.

Userlevel 6
Badge +6

Mark Noorman 

Number of our customers have deployed Aviatrix Controller in Azure as well. They are using it for number of use-cases. The Aviatrix Controller can be deployed both as metered or BYOL. Please take a look at the doc. here

https://docs.aviatrix.com/StartUpGuides/azure-aviatrix-cloud-controller-startup-guide.html

Let us know if you need help deploying it in Azure.

Following link shows Terraform modules to deploy controller in AWS, Azure, GCP and OCI

https://github.com/AviatrixSystems/terraform-solutions/tree/master/controller-launch

Badge +2

Alright, learned something today - thanks 🙂

Reply