6.7 Release Highlights

The 6.7 release of Aviatrix Platform brings the first installment of two key features and one enhancement.

1.     Micro-segmentation

2.     Aviatrix Edge

3.     High-Performance Encryption (Insane Mode) for GCP/OCI to other Clouds

A summary of these features is provided below.

1. Micro-segmentation

Security threats in the cloud are increasing in both number and severity as businesses shift their investment to digital transformation and innovation. While application owners have successfully adopted the new operating model of cloud, the existing approach to micro-segmentation lacks the scale and intelligence that is required to keep pace with this new model. This leaves businesses exposed to elevated levels of risk.

Aviatrix micro-segmentation allows customers to define their applications in cloud-native terminology. It is built on top of a distributed security stack that is embedded throughout the network. The Aviatrix micro-segmentation solution gives customers the unique capability to build zero-trust environments for applications that are distributed across multiple regions or multiple clouds. New cloud resources will be automatically protected by existing security policies based on their cloud-native tags.

Figure 1. An example of micro-segmentation across multi-cloud.

With Aviatrix micro-segmentation, traffic can be controlled not just at the VPC level but down to the application level. In the above image, the customer has the capability to allow Shopping Cart Frontend communication to only Product info DB application. Traffic to Product SKUs or Product Price can be blocked as required.

2. Aviatrix Secure Edge 1.0

As more enterprises realize the advantages of deploying in the public cloud, the challenge of supporting two different operational models emerges, with one set of processes and policies for their on-premise environments and a different set of processes and policies for their cloud environments.  Since Aviatrix was born in the cloud, the operational model for deploying and managing the Aviatrix Secure Cloud Networking platform is a true cloud-native model.  With the release of the Aviatrix Secure Edge 1.0, Aviatrix is extending this cloud operational model from the cloud to on-premise locations, creating a unified control plane and a single pane of glass management interface.

Figure 2: An example of Aviatrix Secure Edge architecture.

The Aviatrix platform provides orchestration for deploying the edge in a virtual form factor using zero-touch provisioning, making deployment simple and easy and eliminating the need for smart hands on-site.  Additionally, all the visibility and troubleshooting tools that Aviatrix already makes available for cloud deployments can now be leveraged at the branch or data center.  This creates a seamless, consistent operational model for network administrators regardless of where their resources are located.

3. High-Performance Encryption (Insane Mode) for GCP/OCI to other Clouds

Aviatrix already offered High-Performance Encryption (HPE) functionality to connect transits to other transits or spokes for intra-cloud peering using private IP addresses, and to connect transits between Azure and AWS (inter-cloud) using public IP addresses to offer a higher throughput between gateway instances by creating additional IPSec tunnels. In 6.7, we now support peering of transits between all the four major clouds: AWS, Azure, GCP, and OCI. This will be helpful for our customers that have a multi-cloud footprint and who would like to see a higher throughput between different cloud service providers.

To create a transit peering for inter-cloud, we use the same Transit Peering feature in the UI. However, for inter-cloud transits, an additional option is displayed that allows the user to specify the number of tunnels to create (2-20).

The maximum expected throughputs using HPE inter-cloud and intra-cloud are provided in the diagram below.

Figure 3: The above figure provides average throughput performance between transits over the internet (black text) using 20 tunnels, and in private underlay (intra-cloud, coloured text).