SlideShare a Scribd company logo

Securely Connecting Your Customers to Their Cloud-Hosted App – In Minutes

K
Khash Nakhostin

This document summarizes a presentation about securely connecting customers' sites to cloud-hosted applications. It discusses the challenges of connectivity, operational readiness, and security/compliance when onboarding customers. Specifically, it outlines limitations of native AWS/Azure VPN solutions and the lack of visibility, automation, and security controls. The presentation promotes using a communication module that can automate provisioning IPsec or SSL tunnels without requiring changes to customer edge devices or opening firewall ports. This provides centralized management of connectivity and compliance reporting across customer environments.

Technology
1 of 11
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
Securely Connecting Customers’ Sites To Your Cloud Hosted Apps – In Minutes AWS Bootcamp #6 – May 24, 2018 Sherry Wei, Founder & CTO Neel Kamal, Head of Field Operations Frank Cabri, VP Product Marketing
© 2018 AVIATRIX SYSTEMS, INC. | 2 • Use Cases for App Providers • Understanding the Challenges of Customer On-Boarding - Connectivity - Operational Readiness - Security & Compliance • Demo • Live Q & A Welcome & Agenda SHERRY WEI Founder & CTO NEEL KAMAL Head of Field Operations FEATURED SPEAKERS
© 2018 AVIATRIX SYSTEMS, INC. | 3 Check Out More Bootcamps – Available On-Demand www.aviatrix.com/bootcamps
© 2018 AVIATRIX SYSTEMS, INC. | 4 Networking Use Cases for Hosted Apps Providers AND Managing Your Internal PaaS Operation Onboarding Your Customers Customers YOU Users
© 2018 AVIATRIX SYSTEMS, INC. | 5 1. Connectivity Challenges - Building IPsec connectivity to the customer environment - Handling overlapping CIDR blocks - Supporting connectivity from the hosted environment to customer environment, which can be on-prem, AWS, Azure, Google Cloud, etc. 2. Operational Challenges - Lack of monitoring/insights into customer experience: latency, performance - Lack of alerting and troubleshooting ability - Lack of automation, which leads to delays and errors 3. Security & Compliance Challenges - Policy-based, remote user access to separate internal staff from customer staff - Isolate and segmenting VPCs to tighten the security perimeter and reduce audit scope Challenges in Connecting Customers’ Sites to Cloud Hosted Apps Onboarding Your Customers Customers YOU Users
© 2018 AVIATRIX SYSTEMS, INC. | 6 Challenges in Connecting Customers’ Sites to Cloud Hosted Apps 3. Security & Compliance 2. Operational Readiness 1. Connectivity
© 2018 AVIATRIX SYSTEMS, INC. | 7 Why Is It So Complex? - Requires involving customers’ network & security teams - Hits customers’ change control process when touching an edge device (for IPsec) and their perimeter security appliance - Requires your team to have expertise on a variety of customer edge routers What Does AWS/Azure Provide Natively? - AWS Virtual GW (VGW) & Azure VPN What’s Missing? - AWS VPN Gateway Limitation (supports 10 connections per VPC.) - Azure VPN Gateway Limitation (supports only 1 VPN connection for IKEv1) - Overlapping IP addresses - Traffic Direction Problem - Encryption Algorithm Mismatch 1. Connectivity Considerations
© 2018 AVIATRIX SYSTEMS, INC. | 8 Why Is It So Complex? - No visibility into your customer’s environment - Requires deep network expertise by the internal staff who supports connectivity to the customer environment (BGP, IPsec) - Committed SLAs impossible to prove What Does AWS/Azure Provide Natively? - No tools What’s Missing? - No Visibility: Cloud provider’s VPN gateway is a blackbox, there is no visibility - Automated Configuration: manually configuring traditional vRouter for 100s of IPSEC tunnel is not possible) - Too Slow to Onboard a Customer: VPN runs on UDP port 500/4500 which require opening corporate firewall ports) - Downtime Problem: When you add new IPsec tunnel, it will reset all existing tunnels 2. Operational Considerations
© 2018 AVIATRIX SYSTEMS, INC. | 9 Why Is It So Complex? - Giving customer users/groups limited access to your cloud- hosted app is just hard - SOC2-compliant reports (“who accessed what, at what time”) is even harder What Does AWS Provide Natively? - No AWS-native services What’s Missing? - A cloud-native User VPN solution - Profile-based access control with MFA - Audit logs that are exportable to your tool of choice 3. Security and Compliance Considerations for Remote Users
© 2018 AVIATRIX SYSTEMS, INC. | 10 • A communication module that you can include with your product to your customers: • Works in every type of customer environment: data center, private cloud, etc. • Does not require changes to edge routers or security appliances (opening ports) • Can sit inside the DMZ • Supports both IPsec and SSL termination • Provisioning and configuring these modules can be automated centrally • Does not require deep network expertise on your site as well as on your customer site A Better Approach for Connecting Customers’ Sites to Cloud- Hosted Apps
© 2018 AVIATRIX SYSTEMS, INC. | 11 • You’ll receive email w/ a link to a replay and slides • Take 10 minutes and start a free 14-day trial …. https://www.aviatrix.com • To view other bootcamps: https://www.aviatrix.com/bootcamps Next Steps with Aviatrix

More Related Content

PDF
Securing Your AWS Global Transit Network: Are You Asking the Right Questions?
Khash Nakhostin
 
PDF
Five Connectivity and Security Use Cases for Azure VNets
Khash Nakhostin
 
PDF
Seven Criteria for Building an AWS Global Transit Network
Khash Nakhostin
 
PDF
Security Requirements and Tradeoffs for Controlling VPC-to-Internet Egress Tr...
Khash Nakhostin
 
PPTX
Getting the Most Value from Your Aviatrix Controller & Gateways
Khash Nakhostin
 
PDF
Three Innovations that Define a “Next-Generation Global Transit Hub”
Khash Nakhostin
 
PDF
Secure Remote Access to AWS: Why OpenVPN & Jump Hosts Aren’t Enough
Khash Nakhostin
 
PDF
Network Troubleshooting in the Cloud: Tools, Techniques and Gotchas
Khash Nakhostin
 
Securing Your AWS Global Transit Network: Are You Asking the Right Questions?
Khash Nakhostin
 
Five Connectivity and Security Use Cases for Azure VNets
Khash Nakhostin
 
Seven Criteria for Building an AWS Global Transit Network
Khash Nakhostin
 
Security Requirements and Tradeoffs for Controlling VPC-to-Internet Egress Tr...
Khash Nakhostin
 
Getting the Most Value from Your Aviatrix Controller & Gateways
Khash Nakhostin
 
Three Innovations that Define a “Next-Generation Global Transit Hub”
Khash Nakhostin
 
Secure Remote Access to AWS: Why OpenVPN & Jump Hosts Aren’t Enough
Khash Nakhostin
 
Network Troubleshooting in the Cloud: Tools, Techniques and Gotchas
Khash Nakhostin
 

What's hot (20)

PDF
What You Need to Know About Operationalizing Your AWS Transit Hub
Khash Nakhostin
 
PDF
Understanding the New Enterprise Multi-Cloud Backbone for DevOps Engineers
DevOps.com
 
PDF
How Intuit Monitors Connectivity to AWS
ThousandEyes
 
PDF
Demystifying Service Mesh
Mitchell Pronschinske
 
PDF
CDN Performance at eBay from Thousandeyes Connect
ThousandEyes
 
PDF
Cisco IT and ThousandEyes
ThousandEyes
 
PDF
Network monitoring for the modern wan webinar
ThousandEyes
 
PPTX
Centurylink - Acceleration and securing modern applications!
Regis Allen
 
PDF
Istio Service Mesh
Lew Tucker
 
PPTX
The Internet of things for integration people - UKCSUG - public version
Sam Vanhoutte
 
PPTX
WWT: NFV Solutions Presentation from Cisco Live 2017
World Wide Technology
 
PPTX
VPC and Datacenter Connectivity Options
john homer alvero
 
PDF
How ThousandEyes Helps Atlassian Operate in the Public Cloud
ThousandEyes
 
PDF
Getting Started with Kubernetes and Consul
Mitchell Pronschinske
 
PDF
Layer 7 Observability and Centralized Configuration with Consul Service Mesh
Mitchell Pronschinske
 
PDF
apidays LIVE Paris - Serverless security: how to protect what you don't see? ...
apidays
 
PDF
NGINX DevSecOps Workshop
NGINX, Inc.
 
PDF
Automating Performance Monitoring at Microsoft
ThousandEyes
 
PPTX
Gain multi-cloud versatility with software load balancing designed for cloud-...
Ashnikbiz
 
PDF
Visibility for a Global Network
ThousandEyes
 
What You Need to Know About Operationalizing Your AWS Transit Hub
Khash Nakhostin
 
Understanding the New Enterprise Multi-Cloud Backbone for DevOps Engineers
DevOps.com
 
How Intuit Monitors Connectivity to AWS
ThousandEyes
 
Demystifying Service Mesh
Mitchell Pronschinske
 
CDN Performance at eBay from Thousandeyes Connect
ThousandEyes
 
Cisco IT and ThousandEyes
ThousandEyes
 
Network monitoring for the modern wan webinar
ThousandEyes
 
Centurylink - Acceleration and securing modern applications!
Regis Allen
 
Istio Service Mesh
Lew Tucker
 
The Internet of things for integration people - UKCSUG - public version
Sam Vanhoutte
 
WWT: NFV Solutions Presentation from Cisco Live 2017
World Wide Technology
 
VPC and Datacenter Connectivity Options
john homer alvero
 
How ThousandEyes Helps Atlassian Operate in the Public Cloud
ThousandEyes
 
Getting Started with Kubernetes and Consul
Mitchell Pronschinske
 
Layer 7 Observability and Centralized Configuration with Consul Service Mesh
Mitchell Pronschinske
 
apidays LIVE Paris - Serverless security: how to protect what you don't see? ...
apidays
 
NGINX DevSecOps Workshop
NGINX, Inc.
 
Automating Performance Monitoring at Microsoft
ThousandEyes
 
Gain multi-cloud versatility with software load balancing designed for cloud-...
Ashnikbiz
 
Visibility for a Global Network
ThousandEyes
 
Ad

Similar to Securely Connecting Your Customers to Their Cloud-Hosted App – In Minutes (20)

PPTX
Citrix Synergy 2014 - Syn231 Why cloud projects fail
Citrix
 
PDF
Primend Praktiline Konverents - Rakenduse keskne IT infrastruktuur / Cisco Ap...
Primend
 
PPTX
VM Farms Thrive with Dedicated IP Storage Networks
Brocade
 
PDF
Check Point and Accenture Webinar
Check Point Software Technologies
 
PPTX
Faster, simpler, more secure remote access to apps in aws
Zscaler
 
PPTX
What's New? ThousandEyes Product Features and Highlights
ThousandEyes
 
PDF
CNCF On-Demand Webinar_ LitmusChaos Project Updates.pdf
LibbySchulze
 
PPTX
Nieuwe onderwijs- en onderzoekstoepassingen door slimme wifi-netwerken - Roy ...
SURFnet
 
PDF
ciscothousandeyesusecase
RENJITHKNAIR5
 
PPTX
Getting Started With ThousandEyes Proof of Concepts: End User Digital Experience
ThousandEyes
 
PDF
Get the Most Out of Kubernetes with NGINX
NGINX, Inc.
 
PDF
VMworld 2013: NSX PCI Reference Architecture Workshop Session 3 - Operational...
VMworld
 
PPTX
From Pivotal to VMware Tanzu: What you need to know
VMware Tanzu
 
PPTX
APJC Introduction to ThousandEyes Webinar
ThousandEyes
 
PPTX
PCI DSS Compliance in the Cloud
ControlCase
 
PPTX
Getting Started with ThousandEyes Proof of Concepts
ThousandEyes
 
PDF
VMware Workspace ONE a synergie s Microsoftem
MarketingArrowECS_CZ
 
PDF
2025-07-15 EMEA Volledig Inzicht Dutch Webinar
ThousandEyes
 
PPTX
Getting Started with ThousandEyes Proof of Concepts
ThousandEyes
 
PDF
Cisco Connect Ottawa 2018 multi cloud
Cisco Canada
 
Citrix Synergy 2014 - Syn231 Why cloud projects fail
Citrix
 
Primend Praktiline Konverents - Rakenduse keskne IT infrastruktuur / Cisco Ap...
Primend
 
VM Farms Thrive with Dedicated IP Storage Networks
Brocade
 
Check Point and Accenture Webinar
Check Point Software Technologies
 
Faster, simpler, more secure remote access to apps in aws
Zscaler
 
What's New? ThousandEyes Product Features and Highlights
ThousandEyes
 
CNCF On-Demand Webinar_ LitmusChaos Project Updates.pdf
LibbySchulze
 
Nieuwe onderwijs- en onderzoekstoepassingen door slimme wifi-netwerken - Roy ...
SURFnet
 
ciscothousandeyesusecase
RENJITHKNAIR5
 
Getting Started With ThousandEyes Proof of Concepts: End User Digital Experience
ThousandEyes
 
Get the Most Out of Kubernetes with NGINX
NGINX, Inc.
 
VMworld 2013: NSX PCI Reference Architecture Workshop Session 3 - Operational...
VMworld
 
From Pivotal to VMware Tanzu: What you need to know
VMware Tanzu
 
APJC Introduction to ThousandEyes Webinar
ThousandEyes
 
PCI DSS Compliance in the Cloud
ControlCase
 
Getting Started with ThousandEyes Proof of Concepts
ThousandEyes
 
VMware Workspace ONE a synergie s Microsoftem
MarketingArrowECS_CZ
 
2025-07-15 EMEA Volledig Inzicht Dutch Webinar
ThousandEyes
 
Getting Started with ThousandEyes Proof of Concepts
ThousandEyes
 
Cisco Connect Ottawa 2018 multi cloud
Cisco Canada
 
Ad

Recently uploaded (20)

PDF
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
PDF
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PPTX
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
DOCX
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
PDF
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
PPTX
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
PDF
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PDF
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
PDF
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PDF
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
PDF
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
Approach and Philosophy of On baking technology
30anthuong17
 
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 

Securely Connecting Your Customers to Their Cloud-Hosted App – In Minutes

  • 1. Securely Connecting Customers’ Sites To Your Cloud Hosted Apps – In Minutes AWS Bootcamp #6 – May 24, 2018 Sherry Wei, Founder & CTO Neel Kamal, Head of Field Operations Frank Cabri, VP Product Marketing
  • 2. © 2018 AVIATRIX SYSTEMS, INC. | 2 • Use Cases for App Providers • Understanding the Challenges of Customer On-Boarding - Connectivity - Operational Readiness - Security & Compliance • Demo • Live Q & A Welcome & Agenda SHERRY WEI Founder & CTO NEEL KAMAL Head of Field Operations FEATURED SPEAKERS
  • 3. © 2018 AVIATRIX SYSTEMS, INC. | 3 Check Out More Bootcamps – Available On-Demand www.aviatrix.com/bootcamps
  • 4. © 2018 AVIATRIX SYSTEMS, INC. | 4 Networking Use Cases for Hosted Apps Providers AND Managing Your Internal PaaS Operation Onboarding Your Customers Customers YOU Users
  • 5. © 2018 AVIATRIX SYSTEMS, INC. | 5 1. Connectivity Challenges - Building IPsec connectivity to the customer environment - Handling overlapping CIDR blocks - Supporting connectivity from the hosted environment to customer environment, which can be on-prem, AWS, Azure, Google Cloud, etc. 2. Operational Challenges - Lack of monitoring/insights into customer experience: latency, performance - Lack of alerting and troubleshooting ability - Lack of automation, which leads to delays and errors 3. Security & Compliance Challenges - Policy-based, remote user access to separate internal staff from customer staff - Isolate and segmenting VPCs to tighten the security perimeter and reduce audit scope Challenges in Connecting Customers’ Sites to Cloud Hosted Apps Onboarding Your Customers Customers YOU Users
  • 6. © 2018 AVIATRIX SYSTEMS, INC. | 6 Challenges in Connecting Customers’ Sites to Cloud Hosted Apps 3. Security & Compliance 2. Operational Readiness 1. Connectivity
  • 7. © 2018 AVIATRIX SYSTEMS, INC. | 7 Why Is It So Complex? - Requires involving customers’ network & security teams - Hits customers’ change control process when touching an edge device (for IPsec) and their perimeter security appliance - Requires your team to have expertise on a variety of customer edge routers What Does AWS/Azure Provide Natively? - AWS Virtual GW (VGW) & Azure VPN What’s Missing? - AWS VPN Gateway Limitation (supports 10 connections per VPC.) - Azure VPN Gateway Limitation (supports only 1 VPN connection for IKEv1) - Overlapping IP addresses - Traffic Direction Problem - Encryption Algorithm Mismatch 1. Connectivity Considerations
  • 8. © 2018 AVIATRIX SYSTEMS, INC. | 8 Why Is It So Complex? - No visibility into your customer’s environment - Requires deep network expertise by the internal staff who supports connectivity to the customer environment (BGP, IPsec) - Committed SLAs impossible to prove What Does AWS/Azure Provide Natively? - No tools What’s Missing? - No Visibility: Cloud provider’s VPN gateway is a blackbox, there is no visibility - Automated Configuration: manually configuring traditional vRouter for 100s of IPSEC tunnel is not possible) - Too Slow to Onboard a Customer: VPN runs on UDP port 500/4500 which require opening corporate firewall ports) - Downtime Problem: When you add new IPsec tunnel, it will reset all existing tunnels 2. Operational Considerations
  • 9. © 2018 AVIATRIX SYSTEMS, INC. | 9 Why Is It So Complex? - Giving customer users/groups limited access to your cloud- hosted app is just hard - SOC2-compliant reports (“who accessed what, at what time”) is even harder What Does AWS Provide Natively? - No AWS-native services What’s Missing? - A cloud-native User VPN solution - Profile-based access control with MFA - Audit logs that are exportable to your tool of choice 3. Security and Compliance Considerations for Remote Users
  • 10. © 2018 AVIATRIX SYSTEMS, INC. | 10 • A communication module that you can include with your product to your customers: • Works in every type of customer environment: data center, private cloud, etc. • Does not require changes to edge routers or security appliances (opening ports) • Can sit inside the DMZ • Supports both IPsec and SSL termination • Provisioning and configuring these modules can be automated centrally • Does not require deep network expertise on your site as well as on your customer site A Better Approach for Connecting Customers’ Sites to Cloud- Hosted Apps
  • 11. © 2018 AVIATRIX SYSTEMS, INC. | 11 • You’ll receive email w/ a link to a replay and slides • Take 10 minutes and start a free 14-day trial …. https://www.aviatrix.com • To view other bootcamps: https://www.aviatrix.com/bootcamps Next Steps with Aviatrix