Aviatrix Glossary

The Aviatrix Certified Engineer (ACE) program is a multicloud networking and security certification available to technical professionals and cloud practitioners. The program offers an overview of the networking industry’s move from on-premise to cloud servers, the main cloud service providers (AWS, Azure, GCP, and OCI) and their platforms, the necessity of multicloud networking architecture, and case studies that demonstrate how multicloud networking architecture has benefited specific customers.

ActiveMesh is an Aviatrix networking architecture that provides a highly-available and scalable encrypted transit network for cloud environments. It is based on a load balancing model where both primary and backup gateways forward packets, thus improving network performance and resiliency. This architecture ensures that the network remains highly available and resilient. In ActiveMesh mode, multiple remotes sites can be connected to the Aviatrix Transit gateways.

Aviatrix AppIQ shows network and domain traffic between any two cloud instances that are connected via your Aviatrix Transit network.

Aviatrix Billing enables you to analyze the costs of your Aviatrix Controller and gateways. You can review your account’s Total Cost and review costs by Cloud Service Provider, region, group of Cloud Accounts, and individual Cloud Account.

The network managed by the Aviatrix Cloud Networking Platform, the network data plane. Aviatrix Cloud Fabric includes telemetry and distributed controls embedded in the network data plane to deliver advanced networking, Distributed Cloud Firewall, and enterprise-class visibility and troubleshooting.

The Aviatrix Cloud Networking Platform is a management and control plane or a single pane of glass that enables you to manage and support a single or multicloud network architecture. You can deploy an Aviatrix Cloud Networking Platform, or Aviatrix Controller & CoPilot, through any of the four major Cloud Service Provider marketplaces.

A cloud instance of the Aviatrix software that processes network operations. The Controller manages connections, gateways, users, security, and other networking operations.

CoPilot is the Aviatrix software GUI used to configure all your network connections, policies, and monitor all gateways and traffic on your network. Customizable monitoring tools give you views of network resource usage, performance, security threats, and financial data.

Aviatrix AWS TGW (Transit Gateway) Network Orchestration creates a single hub for transit networks across multiple AWS regions. The AWS TGW feature in Aviatrix CoPilot connects your Aviatrix platform to this AWS feature and enables you to attach Spoke VPCs to your Aviatrix Transit Network.

The Aviatrix VPN Client provides SAML authentication for VPN users.

The network managed by the Aviatrix Cloud Networking Platform, the network data plane. Aviatrix Cloud Fabric includes telemetry and distributed controls embedded in the network data plane to deliver advanced networking, Distributed Cloud Firewall, and enterprise-class visibility and troubleshooting.

CloudN is a 1U rack mountable hardware appliance deployed in the datacenter. It works with the Aviatrix gateway.

CloudN is being replaced by Edge Networking.

The Aviatrix Cloud Network Backbone is created when Aviatrix brings all your enterprise network resources together to create a resilient and secure cloud backbone using a hub-and-spoke topology. After deploying an Aviatrix software instance in AWS, Azure, or GCP you can begin to create Aviatrix transit gateways in one or more cloud service providers to form the core of your cloud network. AWS and GCP virtual private clouds (VPCs), Azure virtual networks (VNets), and OCI virtual cloud networks (VCNs) can then seamlessly integrate into your Aviatrix Cloud Network Backbone.

The network managed by the Aviatrix Cloud Networking software including connections between users, devices, cloud native services and applications. Security is built into every level of your Aviatrix network with Aviatrix high-performance encryption (HPE), ThreatIQ monitoring, and Distributed Cloud Firewall.

Cloud security encompasses a broad spectrum of policies, technologies, applications, and controls deployed to protect cloud-based systems, data, and infrastructure. From authenticating access to filtering traffic, cloud security can be tailored to the unique needs of the business. The flexibility of cloud security solutions enables businesses to deploy them on-premises, in the cloud, or a hybrid model, offering protection across various cloud services and infrastructure.

For more information see https://aviatrix.com/learn-center/cloud-security/.

The Connected Transit feature enables you to build a full mesh network where Spoke VPCs/VNets can communicate with each other via the Transit Gateway.

Aviatrix CostIQ offers visibility into costs of resources across all clouds in your multicloud network that are managed by Aviatrix Controller. This feature provides visibility into shared services used by cost centers for bill back purposes. CostIQ is an add-on feature that must be enabled by application administrators.

Aviatrix Distributed Cloud Firewall embeds Layer 4-7 network security on top of the Aviatrix Cloud Networking infrastructure. Advanced security capabilities include Layer 4 visibility and policy enforcement, URL/FQDN filtering (formerly Egress FQDN Filtering), reputation-based Threat Detection/Prevention (ThreatIQ), transparent MITM decryption, and Advanced Threat Detection with Suricata. Micro-segmentation (intra-VNet/VPC segmentation) can be enabled on VPC/VNets to enforce greater granular segmentation policies.

An Aviatrix gateway that enables connectivity to edge locations such as data centers, co-locations, remote sites, provider locations, branch offices, and retail stores.

The hardware/virtual appliance provided by Aviatrix as an alternative to SDWAN solutions (formerly known as CloudN or ExoGateway). Aviatrix Edge connects different Cloud Service Provider networks in its multicloud networking architecture framework.

Secures VPC/VNet/VCN Egress by filtering outbound traffic to the Internet. This feature enables companies to discover what Internet sites their cloud apps are communicating with, push filtering policies instantly to one VPC or hundreds of VPCs, move from NAT Gateway (IP address based) to Fully Qualified Domain Name (FQDN) filtering, and audit all events, including the packets.

You can view Egress FQDN filtering in the Aviatrix Controller, Aviatrix CoPilot, or by exporting logs.

An Aviatrix gateway that performs the function of cloud-to-Internet egress filtering and egress security. Connectivity between a VPC/VNet and the Internet.

Aviatrix CoPilot’s dynamic topology mapping, which helps companies maintain an accurate view of their global multicloud networks. FlowIQ helps you analyze global network traffic flows using global heat maps and time series trend charts to easily pinpoint and troubleshoot traffic anomalies.

An Aviatrix gateway is a virtual router managed by Aviatrix. It routes traffic in accordance with the connection and security policies you define in Aviatrix Secure Cloud Network Platform. See the definitions of the Gateway types: Egress Gateway, Edge Gateway, Spoke Gateway, and Transit Gateway.

Aviatrix Gateway High Availability supports multiple gateway instances in a VPC or VNet for high availability and scalability, to minimize and reduce network downtime and improve network stability and performance to mitigate packet loss.

Aviatrix Gateway Scaling helps ensure that appropriate sizing is applied to VPCs/VNets on AWS and Azure Spoke gateways. This can reduce cloud provider costs, improve performance and mitigate packet loss. You can apply manual, automatic, or scheduled scaling to your selected VPCs/VNets.

Aviatrix High Performance Encryption (HPE) enables 10Gbps and higher IPsec performance between two single Aviatrix Gateway instances, or between a single Aviatrix Gateway instance and on-prem Aviatrix appliance. Multiple tunnels are established between two virtual routers, allowing all CPU cores to be used for performance scaling with the CPU resources.

Formerly known as “Insane Mode”.

With Gateway Scaling you can add or remove gateway instances to support the increased or decreased traffic (horizontal scaling).

Also see Gateway Scaling.

Refers to data migration and appliance migration. The data migration refers to migrating data from one instance to another instance. The appliance migration usually refers migrating a deployment, which includes a new deployment and data migration.

Aviatrix Multicloud Transit Network architecture is about building connectivity between the cloud and on-prem in the most agile manner possible. In the Aviatrix Multicloud Transit Network architecture, there is one connection (not including the backup) between on-prem and a Transit VPC or VNet. Everything else (the Spoke VPC and VNets to on-prem traffic) is routed through the Transit VPC or VNet.

Aviatrix Multicloud Transit Segmentation provides network isolation and enhanced security through network domains and connection policies to the Aviatrix Multicloud Transit Network, where both Spoke and Transit networks deploy Aviatrix Gateways across multi-region and multicloud.

Use the Multi-Tier Transit setting to implement a hierarchical Transit Gateway architecture that permits packets to traverse more than two Aviatrix Transit Gateways. You can connect two cloud service providers or regions through one peered connection. You must implement ActiveMesh to use multi-tier transit gateways, but full-mesh transit peering is not required.

An Aviatrix gateway that performs the network address translation (NAT) function.

Private Mode is a global setting that offers secure orchestrated intra- and multicloud networking by removing the need for public IPs for Aviatrix gateways. Web proxies are used for the gateways to access the internet. All communication is done via native cloud constructs such as Load Balancers, Private Link Services, and peering connections, which act as the underlay for the Aviatrix Transit Network.

An Aviatrix gateway that provides ingress and egress security for AWS public subnets where instances have public IP addresses.

Rollback refers to the process of reverting a system or application to a previous version, usually after encountering errors during an upgrade. Currently, Aviatrix supports Gateway Rollback.

Use Security Group Management to manage inbound gateway rules.

This feature utilizes cloud-native security features (such as network and application security groups within Azure, and security groups within AWS) to provide security control within the virtual network. Based on the SmartGroup and Distributed Cloud Firewall (DCF) policy rule configuration, Aviatrix will push these security group policies to provide L4 access control for the workloads in the virtual network.

Site2Cloud builds an encrypted connection between two sites over the Internet in an easy-to-use and template-driven manner. On one end of the tunnel is an Aviatrix Gateway. The other end could be an on-prem router, firewall, or another public cloud VPC/VNet, that the Aviatrix Controller does not manage.

A SmartGroup is a logical grouping of your resources that are managed by Aviatrix. The grouping of resources may represent various departments, business units, or other aspects of your organization based on how you group your resources.

An Aviatrix gateway that is not a Transit or Spoke gateway (for example, a Public Subnet Filtering, NAT, or standalone gateway).

In Aviatrix’s Hub-and-Spoke topology, a Spoke Gateway connects components within the same Cloud Service Provider main account or tenancy.

Aviatrix CoPilot feature that enables you to monitor for security threats in your Aviatrix cloud network, set alerts when threats are detected in the network traffic flows, and block traffic that is associated with threats. All of these capabilities apply to your entire cloud network (multicloud or single cloud) that is managed by Aviatrix Controller.

A turnkey or ready-made network solution to deploy firewall instances in the cloud. Transit FireNet significantly simplifies firewall instance deployment and allows the firewall instances to inspect traffic between VPCs/VNets/VCNs (East West) traffic, between VPCs/VNets/VCNs and the Internet (Egress) traffic, and VPC/VNet/VCN to on-prem (North South) traffic.

Transit FireNet also allows you to scale firewall deployment to multiple Availability Zones and multi-instances so that your network can grow with your company.

In Aviatrix’s Hub-and-Spoke Topology, a Transit Gateway connects a company’s subnets across the main Cloud Service Providers: AWS, Azure, GCP and OCI. This Transit Gateway connection provides high-speed and secure data transfers between networks while allowing for traffic engineering and multi-account subscription monitoring.

Aviatrix Transit Gateway Peering connects two or more Aviatrix Transit Gateways in a partial or full-mesh manner for communication between groups of Spoke VPCs or VNets across multiple clouds and regions.

Upgrade is used for / often refers (in the context of) to Aviatrix Platform, Controller, CoPilot (Software Updates).

Upgrading to a different version.

Secures VPC/VNet/VCN Egress by filtering outbound traffic to the Internet. This feature enables companies to discover what Internet sites their cloud apps are communicating with, push filtering policies instantly to one VPC or hundreds of VPCs, move from NAT Gateway (IP address based) to Fully Qualified Domain Name (FQDN) filtering, and audit all events, including the packets.

You can view URL/FQDN filtering in Aviatrix CoPilot, or by exporting logs.

Also see Distributed Cloud Firewall (DCF) and WebGroups.

The Aviatrix UserVPN feature is a client VPN solution based on OpenVPN® that is compatible with all OpenVPN® clients.

With Gateway Scaling you can scale the gateways vertically (increase or decrease gateway size) to support increased or decreased gateway traffic.

Also see Gateway Scaling.

An Aviatrix gateway that performs the function of VPN connectivity between your partners/branches and your cloud services for site-to-cloud VPN access (deployed on the partner/branch side), or VPN connectivity between your remote users and the cloud for dynamic enforcement, to differentiate the users connecting into the cloud. This is useful for companies that have no on-prem data center (all resources are in the cloud).

WebGroups define Domains and URLs into a group which can be used in the Distributed Firewalling Rules as a matching condition for the Rule action to be enforced.