Aviatrix Glossary

This Glossary provides definitions of Aviatrix products, features, tools, and general terminology.

ACE (Aviatrix Certified Engineer) Training

The Aviatrix Certified Engineer (ACE) program is a multicloud networking and security certification available to technical professionals and cloud practitioners. The program offers an overview of the networking industry’s move from on-premises to cloud servers, the main cloud service providers (AWS, Azure, GCP, and OCI) and their platforms, the necessity of multicloud networking architecture, and case studies that demonstrate how multicloud networking architecture has benefited specific customers.

ActiveMesh

ActiveMesh is an Aviatrix networking architecture that provides a highly-available and scalable encrypted transit network for cloud environments. It is based on a load balancing model where both primary and backup gateways forward packets, thus improving network performance and resiliency. This architecture ensures that the network remains highly available and resilient. In ActiveMesh mode, multiple remotes sites can be connected to the Aviatrix Transit gateways.

AppIQ

Aviatrix AppIQ shows network and domain traffic between any two cloud instances that are connected via your Aviatrix Transit network.

Aviatrix Billing

Aviatrix Billing enables you to analyze the costs of your Aviatrix Controller and gateways. You can review your account’s Total Cost and review costs by Cloud Service Provider, region, group of Cloud Accounts, and individual Cloud Account.

Aviatrix Cloud Fabric

The network managed by the Aviatrix Cloud Networking Platform, the network data plane. Aviatrix Cloud Fabric includes telemetry and distributed controls embedded in the network data plane to deliver advanced networking, Distributed Cloud Firewall, and enterprise-class visibility and troubleshooting.

Aviatrix Cloud Networking Platform

The Aviatrix Cloud Networking Platform is a management and control plane or a single pane of glass that enables you to manage and support a single or multicloud network architecture. You can deploy an Aviatrix Cloud Networking Platform, or Aviatrix Controller & CoPilot, through any of the four major Cloud Service Provider marketplaces.

Aviatrix Controller

A cloud instance of the Aviatrix software that processes network operations. The Controller manages connections, gateways, users, security, and other networking operations.

Aviatrix CoPilot

CoPilot is the Aviatrix software GUI used to configure all your network connections, policies, and monitor all gateways and traffic on your network. Customizable monitoring tools give you views of network resource usage, performance, security threats, and financial data.

AWS Transit Gateway Orchestrator

Aviatrix AWS TGW (Transit Gateway) Network Orchestration creates a single hub for transit networks across multiple AWS regions. The AWS TGW feature in Aviatrix CoPilot connects your Aviatrix platform to this AWS feature and enables you to attach Spoke VPCs to your Aviatrix Transit Network.

Aviatrix VPN Client

The Aviatrix VPN Client provides SAML authentication for VPN users.

Cloud Fabric™

The network managed by the Aviatrix Cloud Networking Platform, the network data plane. Aviatrix Cloud Fabric includes telemetry and distributed controls embedded in the network data plane to deliver advanced networking, Distributed Cloud Firewall, and enterprise-class visibility and troubleshooting.

CloudN

CloudN is a 1U rack mountable hardware appliance deployed in the datacenter. It works with the Aviatrix gateway.

CloudN is being replaced by Edge Networking.

Cloud Network Backbone

The Aviatrix Cloud Network Backbone is created when Aviatrix brings all your enterprise network resources together to create a resilient and secure cloud backbone using a hub-and-spoke topology. After deploying an Aviatrix software instance in AWS, Azure, or GCP you can begin to create Aviatrix transit gateways in one or more cloud service providers to form the core of your cloud network. AWS and GCP virtual private clouds (VPCs), Azure virtual networks (VNets), and OCI virtual cloud networks (VCNs) can then seamlessly integrate into your Aviatrix Cloud Network Backbone.

Cloud Networking

The network managed by the Aviatrix Cloud Networking software including connections between users, devices, cloud native services and applications. Security is built into every level of your Aviatrix network with Aviatrix high-performance encryption (HPE), ThreatIQ monitoring, and Distributed Cloud Firewall.

Cloud Security

Cloud security encompasses a broad spectrum of policies, technologies, applications, and controls deployed to protect cloud-based systems, data, and infrastructure. From authenticating access to filtering traffic, cloud security can be tailored to the unique needs of the business. The flexibility of cloud security solutions enables businesses to deploy them on-premises, in the cloud, or a hybrid model, offering protection across various cloud services and infrastructure.

Connected Transit

The Connected Transit feature enables you to build a full mesh network where Spoke VPCs/VNets can communicate with each other via the Transit Gateway.

CostIQ

Aviatrix CostIQ offers visibility into costs of resources across all clouds in your multicloud network that are managed by Aviatrix Controller. This feature provides visibility into shared services used by cost centers for bill back purposes. CostIQ is an add-on feature that must be enabled by application administrators.

Distributed Cloud Firewall (DCF)

Aviatrix Distributed Cloud Firewall embeds Layer 4-7 network security on top of the Aviatrix Cloud Networking infrastructure. Advanced security capabilities include Layer 4 visibility and policy enforcement, URL/FQDN filtering (formerly Egress FQDN Filtering), reputation-based Threat Detection/Prevention (ThreatIQ), transparent MITM decryption, and Advanced Threat Detection with Suricata. Micro-segmentation (intra-VNet/VPC segmentation) can be enabled on VPC/VNets to enforce greater granular segmentation policies.

Edge Gateway

An Aviatrix gateway that enables connectivity to edge locations such as data centers, co-locations, remote sites, provider locations, branch offices, and retail stores.

Edge Networking

The hardware/virtual appliance provided by Aviatrix as an alternative to SDWAN solutions (formerly known as CloudN or ExoGateway). Aviatrix Edge connects different Cloud Service Provider networks in its multicloud networking architecture framework.

Egress FQDN Filtering (Legacy)

Secures VPC/VNet/VCN Egress by filtering outbound traffic to the Internet. This feature enables companies to discover what Internet sites their cloud apps are communicating with, push filtering policies instantly to one VPC or hundreds of VPCs, move from NAT Gateway (IP address based) to Fully Qualified Domain Name (FQDN) filtering, and audit all events, including the packets.

You can view Egress FQDN filtering in the Aviatrix Controller, Aviatrix CoPilot, or by exporting logs.

Egress Gateway

An Aviatrix gateway that performs the function of cloud-to-Internet egress filtering and egress security. Connectivity between a VPC/VNet and the Internet.

FlowIQ

Aviatrix CoPilot’s dynamic topology mapping, which helps companies maintain an accurate view of their global multicloud networks. FlowIQ helps you analyze global network traffic flows using global heat maps and time series trend charts to easily pinpoint and troubleshoot traffic anomalies.

Gateway

An Aviatrix gateway is a virtual router managed by Aviatrix. It routes traffic in accordance with the connection and security policies you define in Aviatrix Secure Cloud Network Platform. See the definitions of the Gateway types: Egress Gateway, Edge Gateway, Spoke Gateway, and Transit Gateway.

Gateway High Availability

Aviatrix Gateway High Availability supports multiple gateway instances in a VPC or VNet for high availability and scalability, to minimize and reduce network downtime and improve network stability and performance to mitigate packet loss.

Gateway Scaling

Aviatrix Gateway Scaling helps ensure that appropriate sizing is applied to VPCs/VNets on AWS and Azure Spoke gateways. This can reduce cloud provider costs, improve performance and mitigate packet loss. You can apply manual, automatic, or scheduled scaling to your selected VPCs/VNets.

High Performance Encryption (HPE)

Aviatrix High Performance Encryption (HPE) enables 10Gbps and higher IPsec performance between two single Aviatrix Gateway instances, or between a single Aviatrix Gateway instance and on-prem Aviatrix appliance. Multiple tunnels are established between two virtual routers, allowing all CPU cores to be used for performance scaling with the CPU resources.

Formerly known as “Insane Mode”.

Horizontal Gateway Scaling

With Gateway Scaling you can add or remove gateway instances to support the increased or decreased traffic (horizontal scaling).

Also see Gateway Scaling.

Migration

Refers to data migration and appliance migration. The data migration refers to migrating data from one instance to another instance. The appliance migration usually refers migrating a deployment, which includes a new deployment and data migration.

Multicloud Transit Network Architecture

Aviatrix Multicloud Transit Network architecture is about building connectivity between the cloud and on-prem in the most agile manner possible. In the Aviatrix Multicloud Transit Network architecture, there is one connection (not including the backup) between on-prem and a Transit VPC or VNet. Everything else (the Spoke VPC and VNets to on-prem traffic) is routed through the Transit VPC or VNet.

Multicloud Transit Segmentation

Aviatrix Multicloud Transit Segmentation provides network isolation and enhanced security through network domains and connection policies to the Aviatrix Multicloud Transit Network, where both Spoke and Transit networks deploy Aviatrix Gateways across multi-region and multicloud.

Multi-Tier Transit

Use the Multi-Tier Transit setting to implement a hierarchical Transit Gateway architecture that permits packets to traverse more than two Aviatrix Transit Gateways. You can connect two cloud service providers or regions through one peered connection. You must implement ActiveMesh to use multi-tier transit gateways, but full-mesh transit peering is not required.

NAT Gateway

An Aviatrix gateway that performs the network address translation (NAT) function.

Private Mode

Private Mode is a global setting that offers secure orchestrated intra- and multicloud networking by removing the need for public IPs for Aviatrix gateways. Web proxies are used for the gateways to access the internet. All communication is done via native cloud constructs such as Load Balancers, Private Link Services, and peering connections, which act as the underlay for the Aviatrix Transit Network.

Public Subnet Filtering Gateway

An Aviatrix gateway that provides ingress and egress security for AWS public subnets where instances have public IP addresses.

Rollback

Rollback refers to the process of reverting a system or application to a previous version, usually after encountering errors during an upgrade. Currently, Aviatrix supports Gateway Rollback.

Security Group Management

Use Security Group Management to manage inbound gateway rules.

Security Group Orchestration

This feature utilizes cloud-native security features (such as network and application security groups within Azure, and security groups within AWS) to provide security control within the virtual network. Based on the SmartGroup and Distributed Cloud Firewall (DCF) policy rule configuration, Aviatrix will push these security group policies to provide L4 access control for the workloads in the virtual network.

Site2Cloud (External Connection)

Site2Cloud builds an encrypted connection between two sites over the Internet in an easy-to-use and template-driven manner. On one end of the tunnel is an Aviatrix Gateway. The other end could be an on-prem router, firewall, or another public cloud VPC/VNet, that the Aviatrix Controller does not manage.

SmartGroups

A SmartGroup is a logical grouping of your resources that are managed by Aviatrix. The grouping of resources may represent various departments, business units, or other aspects of your organization based on how you group your resources.

Speciality Gateway

An Aviatrix gateway that is not a Transit or Spoke gateway (for example, a Public Subnet Filtering, NAT, or standalone gateway).

Spoke Gateway

In Aviatrix’s Hub-and-Spoke topology, a Spoke Gateway connects components within the same Cloud Service Provider main account or tenancy.

ThreatIQ

Aviatrix CoPilot feature that enables you to monitor for security threats in your Aviatrix cloud network, set alerts when threats are detected in the network traffic flows, and block traffic that is associated with threats. All of these capabilities apply to your entire cloud network (multicloud or single cloud) that is managed by Aviatrix Controller.

Transit FireNet

A turnkey or ready-made network solution to deploy firewall instances in the cloud. Transit FireNet significantly simplifies firewall instance deployment and allows the firewall instances to inspect traffic between VPCs/VNets/VCNs (East West) traffic, between VPCs/VNets/VCNs and the Internet (Egress) traffic, and VPC/VNet/VCN to on-prem (North South) traffic.

Transit FireNet also allows you to scale firewall deployment to multiple Availability Zones and multi-instances so that your network can grow with your company.

Transit Gateway

In Aviatrix’s Hub-and-Spoke Topology, a Transit Gateway connects a company’s subnets across the main Cloud Service Providers: AWS, Azure, GCP and OCI. This Transit Gateway connection provides high-speed and secure data transfers between networks while allowing for traffic engineering and multi-account subscription monitoring.

Transit Gateway Peering

Aviatrix Transit Gateway Peering connects two or more Aviatrix Transit Gateways in a partial or full-mesh manner for communication between groups of Spoke VPCs or VNets across multiple clouds and regions.

Upgrade

Upgrade is used for / often refers (in the context of) to Aviatrix Platform, Controller, CoPilot (Software Updates).

Upgrading to a different version.

URL/FQDN Filtering

Secures VPC/VNet/VCN Egress by filtering outbound traffic to the Internet. This feature enables companies to discover what Internet sites their cloud apps are communicating with, push filtering policies instantly to one VPC or hundreds of VPCs, move from NAT Gateway (IP address based) to Fully Qualified Domain Name (FQDN) filtering, and audit all events, including the packets.

You can view URL/FQDN filtering in Aviatrix CoPilot, or by exporting logs.

UserVPN

The Aviatrix UserVPN feature is a client VPN solution based on OpenVPN® that is compatible with all OpenVPN® clients.

Vertical Gateway Scaling

With Gateway Scaling you can scale the gateways vertically (increase or decrease gateway size) to support increased or decreased gateway traffic.

Also see Gateway Scaling.

VPN Gateway

An Aviatrix gateway that performs the function of VPN connectivity between your partners/branches and your cloud services for site-to-cloud VPN access (deployed on the partner/branch side), or VPN connectivity between your remote users and the cloud for dynamic enforcement, to differentiate the users connecting into the cloud. This is useful for companies that have no on-prem data center (all resources are in the cloud).

WebGroups

WebGroups define Domains and URLs into a group which can be used in the Distributed Firewalling Rules as a matching condition for the Rule action to be enforced.