Taking an “Inside out” Approach to Cloud Networking
I was talking with a long-time CIO friend recently about what changes are required, from an architectural point of view, as enterprises move to the cloud. He boiled it down well for me. He said, “As a CIO, you have to ask yourself… Do I believe I will be building and operating physical data centers and MPLS backbone networks in the future? Or, do I believe I will be leveraging the most incredibly agile and highly available global compute, storage and network infrastructure that has ever existed in the history of computing?”
Of course, it was a rhetorical question and he continued, “If the latter, I need to think about the architecture differently. For years the center of gravity was the data center. That changes as the cloud becomes the center of gravity, you have to think ‘inside out’, the cloud isn’t a black box off to the side that you connect to, the cloud is the core. The cloud is where the intelligence is, it’s where the applications are, it’s where the data is. ‘Inside’ is now the cloud. From an architecture perspective, I need to leverage the intelligence and agility of the cloud to reach ‘out’ to everything my applications need to reach in order to drive my business.”
At Aviatrix, we deliver our services on a cloud-native networking architecture, meaning our services are built on top cloud-native constructs. We are cloud-native, we integrate directly with and program native cloud services using cloud provider APIs. Then, we extend the native construct capabilities with advanced services enterprises need in the cloud.
Which leads me to talk specifically about what we have done to take advantage of the new AWS native services delivered this week at AWS re:Invent 2019 in Las Vegas. But first let’s step back and give a little background on our strong relationship and collaboration with AWS networking teams over the years.
In 2016 and 2017, Aviatrix delivered a cloud-native, intelligent control plane orchestration solution combined with powerful cloud-native data plane routing services, delivered by Aviatrix Gateways. The combination provided AWS customers the ability to automate the propagation of routes, attach VPCs in a hub-and-spoke architecture as an alternative to a manually configured and managed VPC peering mesh. And, the Aviatrix Orchestrator provided visibility into complex, multi-account cloud networking and security structures they’d never had. Customers loved it!
Last year at AWS re:Invent 2018, AWS delivered a powerful new networking construct, the AWS Transit Gateway. The AWS Transit Gateway allowed customers to natively attach VPCs and data center connections with Direct Connect in a hub-and-spoke architecture rather than a manually configured VPC peering mesh. Aviatrix was invited to be on stage for the announcement, because we embraced the new AWS Transit Gateway construct and extended it with our intelligent control plane orchestration, visibility and operational tools. And, customers loved it!
In preparation for AWS re:Invent 2019, the AWS networking team invited us to see the new AWS Transit Gateway Network Manager, a management tool they’d been working on for launch at re:Invent in Las Vegas. They’d been talking with SD-WAN providers about integrating with the new service. We, of course, are not an SD-WAN provider, we think that in a new “cloud-native” networking architecture, SD-WAN is a legacy approach, expensive and “cloud-naive” (not a typo, only missing one letter but a big difference).
That said, the Aviatrix engineering team had been busy working on the Aviatrix CloudWAN service to launch at AWS re:Invent. CloudWAN is a new Aviatrix service that embraces native AWS services (AWS Transit Gateway, AWS Global Accelerator, Amazon VPCs and now the AWS Transit Gateway Network Manager) and extends Aviatrix’s intelligent orchestration and control to customer’s existing Cisco IOS branch office routers.
Unlike any other solution, Aviatrix CloudWAN uses the customer’s Aviatrix controller in AWS to reach out from the cloud to the customer’s existing Cisco IOS branch routers and directly reconfigures VPN settings and BGP routes to point to the closest AWS Global Accelerator.
Just to be clear, because this is a big deal, the customer enters login credentials into the Aviatrix Orchestrator, simply points to the IP address of any Cisco IOS branch office router, in fact, any Cisco IOS router and the orchestrator pulls the router configuration and displays it on the console. Then, because the Aviatrix controller has full knowledge of the customer’s AWS environment it directly injects the VPN crypto details and BGP routes to direct traffic to the closest AWS Global Accelerator, the native AWS networking service that will route traffic over an optimal path through the AWS global infrastructure.
A huge benefit for customers who are able to leverage their existing Cisco branch office routers without expensive hardware or software upgrades. It’s an “inside out” approach that makes the on-premise router effectively “cloud-native”, composed using the intelligence in the cloud and managed from inside the cloud.
We did a short demo for the AWS team. Their response, “on-prem networking is the friction for customers coming to AWS and Aviatrix makes that friction go away…you bring intelligence from the cloud to the branch office.”
AWS loved it and they believed customers would love it too! We agree. We committed to embrace the new AWS Transit Gateway Network Manager. As a cloud-native service it was easy for us to do. We completed and tested the API integration in less than a week and were ready to go.
AWS positions the new AWS Transit Gateway Network Manager as a seamless way to integrate partner Software-Defined WAN (SD-WAN) solutions with AWS services making it easy to view them through a single, unified, automatable interface, providing visibility into network changes, events, and health telemetry, presented in the centralized AWS Transit Gateway Network Manager dashboard.
Through our API integration with the AWS Transit Gateway Network Manager, we direct network changes, events, and health telemetry from the Cisco IOS branch office routers we configure with the Aviatrix Orchestrator and this information is available in both the AWS Transit Gateway Network Manager and the Aviatrix dashboards.
Aviatrix embraces and extends. We clearly believe customers need the values AWS in general and AWS Transit Gateway Network Manager specifically delivers and we embrace them. But we also believe customers want and need more. Aviatrix cloud-native networking software is launched from AWS Marketplace, consumes native AWS services, and intelligently composes and manages native networking constructs and Aviatrix Gateways. This includes automated propagation of routes to route tables at the AWS Transit Gateway and AWS VPCs. Aviatrix is bi-lingual. We speak both native AWS language and the native networking language of on-premise routers, including customer data centers connected with AWS Direct Connect and branch office Cisco IOS routers. The Aviatrix Orchestrator provides global visibility, simplifies visualization of complex multi-account networking connectivity and segmentation and delivers powerful day-two operational tools that leverage both the centralized knowledge and control plane intelligence of the Aviatrix controller and the embedded data plane capabilities of Aviatrix software.
We are excited about both new networking constructs AWS announced this week at re:Invent 2019 – AWS Transit Gateway Network Manager and Amazon VPC Ingress Routing (blog on how Aviatrix embraces and extends the new VPC Ingress Routing in combination with Amazon GuardDuty). We encourage you to find out more about AWS’s powerful new networking constructs (links to AWS blogs: AWS Transit Gateway Network Manager and Amazon VPC Ingress Routing) and learn more about how Aviatrix embraces and extends these constructs with our centralized control plane and advance data plane services.