Learn how CBT Nuggets, a provider of interactive learning experiences for IT professionals, adopted the Juniper Networks Transit VPC solution to simplify network management and improve developer productivity as their trainings evolved.

1. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Learn how CBT Nuggets securely
connects VPCs in minutes with Juniper
Networks and AWS
Pratik Mankad, Solutions Architect, AWS
Scott Sneddon, Senior Director and Chief Evangelist, Cloud, Juniper Networks
Kurt Engle, Network Engineer and DevOps Architect, CBT Nuggets

2. Scalability Security Global Footprint Cost-effectiveness
Network agility bolsters cloud agility
The benefits of cloud computing are well-proven
But your networking agility can enhance the degree at which you derive those benefits

3. Amazon
Virtual Private
Cloud
(Amazon VPC)
AWS Direct
Connect
Amazon Elastic
Load Balancing
Amazon
Route 53
Core networking offerings
AWS offers a wide variety of networking services, with four at the center:
53

4. Connect Amazon VPCs using a transit VPC
If you’re running multiple Amazon VPCs,
a transit VPC can simplify connectivity:
 Connect multiple geographically dispersed and
cross-account Amazon VPCs and remote networks
 Reduce on-premises configuration delays and
accelerate data transfers

5. Transit VPC structure on AWS

6. Transit VPC capabilities on AWS
 Leverage Virtual Gateway capabilities to maintain network
connections to the transit VPC network appliances
 Connect remote networks to the transit Virtual Private
Network (VPN) appliances using dynamically routed VPN
connections
 Implement more complex routing rules based on the
transit VPC design
 Support any IP-based connectivity requirements with
minimal on-premises network changes required

7. Extend corporate
network to AWS
Shared
connectivity
Monitoring
and visibility
Private
networking
Move corporate applications
to the cloud, launch
additional web servers,
and/or add more compute
capacity to networks
Multiple Amazon VPCs can
share connections to data
centers, partner networks,
and other clouds
Transit VPCs help to
increase transparency
and enable the rapid
visualization of data
being transferred
Build a private network
that spans two or more
AWS Regions
Common transit VPC use cases on AWS
A data-driven rationale for cloud adoption

8. Build a transit VPC with AWS Marketplace offerings
ISVs in AWS Marketplace can help you design and implement a
transit VPC:
Find and deploy
the solution you
need in minutes
Save money with
pay-as-you-go
pricing
Scale globally
across all
AWS Regions

9. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Secure automated connectivity
meets cloud agility
Scott Sneddon, Senior Director and Chief Evangelist,
Cloud, Juniper Networks

10. AWS shared responsibility model

11.  Feature-rich router and virtual firewall
 Seamless L3 extension to AWS
 Integrated VPN / advanced security
 Consistent security across hybrid environments
 Unified management and visibility
 Simple, scalable, flexible licensing
Juniper Networks vSRX Next Generation Firewall

12. Key Capabilities
 Hub-and-spoke topology securely
connects distributed environments
 vSRX serves as a data flow hub
 Inter-VPC traffic is secured with IDS,
IPS, and NGFW
 Highly automated operations
Transit VPC

13. AWS CloudFormation template
Simplifies resource
provisioning and
management of the
transit VPC deployment
Makes deploying
new transit VPCs
quick, easy, and
repeatable
Allows you to
treat network
infrastructure
as code

14. Use case: enterprise global expansion
 Unified policy and management
 Unified threat and intrusion prevention
 Advanced threat prevention
 Secure connectivity

15. SDSN adaptive security for AWS workloads

16.  Supporting agile workloads with
security policies
 Complying with regulatory requirements
 Lateral threat propagation inside Amazon
VPC
SDSN adaptive security for AWS workloads
Challenges:
 Instantiates and manages Amazon VPC specific vSRX
instances
 Policy Enforcer supports meta-data based policies to
support agile workloads
 vSRX access control (L3, L7 FW), IPS and threat
policies based on meta-data
 AWS workload inventory and meta-data sync up with
Security Director
 Threat remediation: infected AWS VMs quarantined
by placing them in specified AWS security group
Solution:

17. Better together
Unified
management
Lower
TCO
Carrier-class
routing
Extensive
programmability
Simple, intuitive
management for
enforcing and
monitoring security
across AWS and
hybrid networks
vSRX reduces your
resource
requirements, directly
translating
to lower
infrastructure costs
Single JUNOS® across
all platforms with
carrier-class routing
built in
Extensive
programming
capabilities are
critical to DevOps
deployment
Combined
security
Bolster security with
the combination of
native AWS services
and Juniper Networks
security and
enhanced routing

18. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
CBT Nuggets
Kurt Engle, Network Engineer and DevOps Architect, CBT Nuggets

19. Founded in 1999
Based in Eugene, OR
Provider of innovative, online learning
experiences for IT professionals:
 On-demand training videos, quizzes and
practice certification exams, virtual labs, online
Learner Community, and more
About CBT Nuggets

20. Rapid expansion of learning materials drove CBT
Nuggets to modernize its cloud architecture:
 Before: Handful of local developers using a
monolithic setup
 Now: 75+ global developers leveraging
CICD pipelines
This growth resulted in numerous developer
environments operating in their own Amazon VPC
CBT Nuggets evolution

21. New architecture leads to complex management
Manual processes depleted network agility
Lack of automation increased the risk of human error
CBT Nuggets’ new, modern architecture streamlined development,
but legacy routing solutions complicated network management

22. CBT Nuggets implemented a Juniper Networks
Transit VPC to simplify network management
and drive agility
With this solution, CBT Nuggets gained:
 Dynamic routing
 Next-generation firewall capabilities
 Secure connectivity between resources
AWS + Juniper Networks solution

23. AWS + Juniper Networks solution

24. AWS + Juniper Networks solution

25. AWS + Juniper Networks solution

26. AWS + Juniper Networks solution
Now, CBT Nuggets can add
network infrastructure in a
matter of minutes

27. Amazon Web Services Engagement Models
Free Trials Available
 Bring Your Own License (BYOL)  AWS Marketplace Subscription (Annual)
 AWS Marketplace (Hourly)
AWSJuniper Networks

28. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Q & A