Overview of Aviatrix Secure Edge

What is Aviatrix Secure Edge?

Aviatrix Secure Edge is an enterprise grade solution that enables customers to extend the Aviatrix Cloud Networking architecture to the edge of their networks for consistent and repeatable architecture, management, visibility, security, and control. This cloud-out architecture enables enterprises to leverage the Aviatrix platform ubiquitous support for edge connectivity. The result is secure, seamless connectivity to edge locations such as data centers, colocations, remote sites, provider locations, branch offices, and retail stores.

Why is cloud capable secure edge important?

During their public cloud journey, IT leaders often ask themselves, “How do we — as securely and as seamlessly as possible — bring public clouds closer to end-users and services that continue to reside on-premises. Applications are developed at pace and scale, and the ability to connect public cloud outward to the edge of on-premises becomes reliant on infrastructure, that needs to always be available, performant, scalable, secure, and cost efficient.

Key challenges:

  • Installation and setup of on-premises network edge infrastructure is often time-consuming and costly, resulting in significant delays.

  • Network automation (in cloud vs on-premises) is different, which increases the time to onboard.

  • The on-premises network architecture and cloud teams may be disconnected, creating unnecessary delays and dissatisfied end consumers.

  • Fragmented stacks in cloud and on-premises increase troubleshooting time and resources that need to be engaged. This fragmentation leads to network downtime and increased MTTR.

  • More tools to maintain for monitoring, troubleshooting, and visibility increase overhead and support costs.

  • Security risks due to lack of consistent security policies and procedures between cloud and on-premises can compromise the network and create an ever-expanding attack surface.

  • Crowded and inconsistent management consoles because of network stacks that are different across cloud and on-premises, which also increases challenges to troubleshoot problems. IT teams need trained experts in each cloud and technology concerned.

IT leaders have accepted that public cloud infrastructure is a separate entity to on-premises data center infrastructure — not only physically separate, but also organizationally separate. They are linked with private circuits either directly or via a colocation, but with different governance, operational models, controls, and feature sets.

If you manage to solve the challenges, one key thing remains. You will be without an edge infrastructure that looks, feels, and behaves like a VPC, VNet, or VCN.

What are the benefits of Aviatrix Secure Edge?

With clouds as a new home for business-critical applications, modern enterprises have pivoted their architectural and operational center of gravity to the cloud.

Aviatrix Secure Edge is Aviatrix cloud native Secure Network and Network Security software for customer edge locations. Its cloud-out architecture enables to extend the cloud operating model out to on-premises. That means your branch locations, colocations, and on-premises must be secure, operational and networked the same as another VPC or VNet. This allows security posture, policies, and controls to remain consistent end-to-end and gives the impression of the cloud being closer to the end users and services that reside in the data center.

edge benefits

Aviatrix Secure Edge enables enterprises to have the same governance, consistent cloud network and security controls between public cloud and on-premises, but with enterprise grade visibility and management into the edge locations. If the cloud edge is a data center or branch external to the cloud, you get a unified network stack within cloud and on-premises with complete network visibility and single console to manage and operate the network in cloud and on-premises.

Aviatrix Secure Edge offers advanced analytics and reporting capabilities, with the ability to track network performance and security metrics across multiple cloud platforms making it easy to identify and address issues before they impact the performance or security of your cloud environments.

Aviatrix Secure Edge is a powerful software-defined cloud networking solution that offers advanced networking and embedded security features for edge locations. It offers:

A single way of doing things. It extends the cloud model to on-premises, allows VPCs and VNets to be extended into the data center, Equinix colocation, or remote branch locations while retaining the cloud operational model and bringing the end users and services closer to the cloud.

Simple zero touch provisioning. You can deploy Aviatrix Secure Edge either by using Terraform or its easy-to-use Aviatrix cloud controller helping to improve time to deploy for applications and workloads without worrying about the underlying environment.

Cloud centric management and advanced analytics capabilities. This makes it easy to retain consistent end-to-end (cloud to edge) networking and security policies and controls. The result is an overall reduction in complexity and cost of managing multiple cloud platforms.

Complexity extraction. This leads to reduced skill set requirement — no multi-vendor, SDWAN, X Y Z clouds, simplicity that empowers agility.

In summation:

  • Go-to platform for all hybrid connectivity

  • Centralized control plane across multicloud networks and edge locations reducing operational complexity

  • Single pane of glass for cloud visibility, monitoring, and troubleshooting

  • Encrypted connectivity and routing between multicloud networks with a private path that uses standard architecture

  • High Performance Encryption (HPE) support over public and private networks

  • Zero-touch provisioning (ZTP) for automated Edge deployments

  • Multiple form factors to support various edge requirements

What are the use cases?

Aviatrix Secure Edge provides multicloud connectivity over private and public networks.

What edge platforms are supported?

You can deploy Aviatrix Secure Edge on these platforms:

Aviatrix Edge Platform

Aviatrix Edge platform is an Aviatrix turnkey solution that enables cloud orchestration of edge hardware and Aviatrix Edge Gateways for deployment in customer on-premises locations. The hardware is recommended by Aviatrix and comes pre-staged before it is shipped to a customer site.

edge aviatrix platform

Aviatrix Edge platform connects data centers, retail and branch customers to the cloud and offers these key benefits:

  • Extends the cloud operational model to the edge.

  • Remote orchestration of edge hardware and software with full lifecycle management.

  • Encrypt high-speed circuits at line-rate with High Performance Encryption.

  • Secure edge with distributed firewall and network segmentation.

  • High-Availability Edge Gateways for failover.

  • Designed for multicloud connectivity.

  • Flexible form factors to support data center high throughput needs.

  • Single unified control and management plane.

Equinix Platform

Aviatrix Secure Edge on the Equinix platform leverages Equinix Network Edge to deliver high performance encrypted connection to your single cloud, multicloud, or hybrid environments.

Following are the key benefits:

  • Extends the Aviatrix Intelligent Cloud Networking and Security platform to the Equinix Fabric.

  • Designed for multicloud and hybrid connectivity that provides a consistent architecture across these environments.

  • Simplifies deployment of private multicloud connectivity leveraging the Equinix infrastructure.

  • Accelerates enterprise cloud adoption by removing hardware requirements.

  • Edge connectivity that is secure, easily deployable, and reliable with visibility and control.

  • A seamless operational model and consistent architecture across network edge and multicloud.

  • Complete network traffic visibility and granular control across hybrid cloud environments.

  • Support for overlapping IP addresses leveraging NAT

  • Segmentation capabilities across hybrid and multicloud environments to support workload isolation and security requirement with cloud orchestrated policies.

  • Distributed cloud firewall with centralized policy and distributed enforcement across cloud and hybrid environments.

Megaport Platform

Aviatrix Secure Edge on Megaport Virtual Edge is available as a Preview Feature in CoPilot version 4.11 with Controller version 7.1.3958.

The Aviatrix Cloud Networking solution, combined with high-speed Megaport fabric, significantly simplifies the deployment and management of hybrid and multicloud networks. By addressing challenges such as inconsistent network architecture, complex custom configurations, and uniform security protocols, Aviatrix enables customers to specify their configuration intent seamlessly. The automated application of network constructs across cloud service provider environments and hybrid clouds leveraging the Megaport fabric, ensures robust, secure connections and reduces costs. Additionally, cloud orchestration with Terraform and fully centralized network management streamline network operations and enhance overall efficiency.

Following are the key benefits leveraging Aviatrix Secure Edge in Megaport fabric.

  • A cloud-like experience for hybrid cloud environments across multicloud environments that provides a consistent, high performance, secure, and resilient architecture.

  • On-demand provisioning of hybrid cloud edge and private connections leveraging Megaport fabric.

  • Simplicity and ease of use through a single unified control and management plane.

  • Cloud orchestration with Terraform automation.

  • Full centralized life cycle management.

  • Ability to encrypt high-speed private circuits at line-rate.

  • Complete network traffic visibility and granular control across hybrid cloud environments.

  • Support for overlapping IP addresses leveraging NAT.

  • Segmentation capabilities across hybrid and multicloud environments to support workload isolation and security requirement with cloud orchestrated policies.

  • Distributed cloud firewall with centralized policy and distributed enforcement across cloud and hybrid environments.

Self Managed Platform

Self Managed platform provides the flexibility to deploy Aviatrix Secure Edge on your own self-managed hardware.

Self Managed platform offers VMware ESXi and KVM hypervisor support that let you deploy an Edge Gateway on a self-managed hypervisor at the edge network.

Does Aviatrix Secure Edge support high availability?

Aviatrix Secure Edge supports active-active and active-standby peering to the Aviatrix Transit Gateway for high availability.

Does Aviatrix Secure Edge support scalability?

Aviatrix Secure Edge supports multiple highly available Edge Gateways for an Edge site for scalability.

Does Aviatrix Secure Edge support NAT functions?

For the use case where the CSP network CIDR overlaps with the on-premises network CIDR, you can enable customized SNAT and DNAT on the Edge Gateway to resolve the overlapping CIDR issue.

Does Aviatrix Secure Edge support Local Internet Breakout?

You can set up Aviatrix Edge Gateways as the default gateway and enable SNAT to route egress connectivity directly through the NAT interface of the Internet.

How does Aviatrix Secure Edge provide security?

Aviatrix Secure Edge is an extension of the Aviatrix cloud-native networking and security platform which has security built into the data plane. Security capabilities include:

  • Distributed Firewall

  • Network Segmentation

  • End-to-End Encryption

  • Unified single dashboard for security management.

Does Aviatrix Secure Edge support VLAN connectivity?

Aviatrix Secure Edge supports VLAN connectivity with multiple VLAN interfaces that can be enabled on Edge Gateway with VRRP support.

Aviatrix Secure Edge also enables you to segment your on-premises network traffic for your LAN network segments through network domains and connection policies.

How can I do transitive routing with Aviatrix Secure Edge?

You can enable transitive routing on an Aviatrix Edge Gateway to forward traffic between multiple Transit Gateways that are connected to it.

How can I do transit peering across multicloud with Aviatrix Secure Edge?

You can create Transit Gateway peering as a secondary path for forwarding traffic over the public network.

How do I deploy Aviatrix Secure Edge?

To deploy Aviatrix Edge, first you need to procure and onboard your edge device on the platform of your choice. Next, you deploy Aviatrix Edge Gateway on the edge device and attach the Edge Gateway to Aviatrix Transit Gateways for cloud connectivity. Then, configure the Edge Gateway for LAN-side connectivity.

See: