Network Architectures for SaaS
SaaS is Software as a Service, which is getting a lot of traction in the Cloud. Many companies are offering their software as a service to their clients. There are 2 models how services are delivered today in the cloud: Dedicated and Shared.
For dedicated model, one client one environment, it’s very costly as all the resources has to be available all the time. Everything needs to be provisioned to handle peak load. We see a trend that more and more SaaS providers are moving to a shared model thanks to Kubernetes.
Shared model, running K8s, very light weight on OS, all the services are microservices which can auto scale up/down dynamically. Be able to achieve economy of scale by sharing resources. However, we need to address these in this list in a shared model:
- Meeting in the cloud VPN
- Over the Internet VPN
- Over Dedicated Circuit VPN
- Over the internet via portal
- Network Segmentation for shared service
- Traffic Inspection
Overlapping Address Space:
- Overlapping between clients
- Overlapping between SaaS shared infrastructure and clients
Day 2 Operations:
The good news is that Aviatrix has a solution for it. Here is a diagram shows how all different types of connectivity can be integrated into Aviatrix Transit Architecture - MCNA, is repeatable in a multi-cloud environment. The solution creates network segmentation for each client with policy, and all traffic can be inspected using Transit FireNet Feature utilizing your current security/compliance standard. Overlapping address can be easily solved with newly developed function, NAT-Map (SNAT & DNAT in a very easy way to configure and understand). Day-2 Operation functions are built-in with Terraform and CoPilot.
To have a test drive or if you want to have a design discussion with us, please reach out to firstname.lastname@example.org