SlideShare una empresa de Scribd logo

Securely Connecting Your Customers to Their Cloud-Hosted App – In Minutes

K
Khash Nakhostin

This document summarizes a presentation about securely connecting customers' sites to cloud-hosted applications. It discusses the challenges of connectivity, operational readiness, and security/compliance when onboarding customers. Specifically, it outlines limitations of native AWS/Azure VPN solutions and the lack of visibility, automation, and security controls. The presentation promotes using a communication module that can automate provisioning IPsec or SSL tunnels without requiring changes to customer edge devices or opening firewall ports. This provides centralized management of connectivity and compliance reporting across customer environments.

Tecnología
1 de 11
Descargar para leer sin conexión
Securely Connecting Customers’ Sites To Your Cloud Hosted Apps – In Minutes AWS Bootcamp #6 – May 24, 2018 Sherry Wei, Founder & CTO Neel Kamal, Head of Field Operations Frank Cabri, VP Product Marketing
© 2018 AVIATRIX SYSTEMS, INC. | 2 • Use Cases for App Providers • Understanding the Challenges of Customer On-Boarding - Connectivity - Operational Readiness - Security & Compliance • Demo • Live Q & A Welcome & Agenda SHERRY WEI Founder & CTO NEEL KAMAL Head of Field Operations FEATURED SPEAKERS
© 2018 AVIATRIX SYSTEMS, INC. | 3 Check Out More Bootcamps – Available On-Demand www.aviatrix.com/bootcamps
© 2018 AVIATRIX SYSTEMS, INC. | 4 Networking Use Cases for Hosted Apps Providers AND Managing Your Internal PaaS Operation Onboarding Your Customers Customers YOU Users
© 2018 AVIATRIX SYSTEMS, INC. | 5 1. Connectivity Challenges - Building IPsec connectivity to the customer environment - Handling overlapping CIDR blocks - Supporting connectivity from the hosted environment to customer environment, which can be on-prem, AWS, Azure, Google Cloud, etc. 2. Operational Challenges - Lack of monitoring/insights into customer experience: latency, performance - Lack of alerting and troubleshooting ability - Lack of automation, which leads to delays and errors 3. Security & Compliance Challenges - Policy-based, remote user access to separate internal staff from customer staff - Isolate and segmenting VPCs to tighten the security perimeter and reduce audit scope Challenges in Connecting Customers’ Sites to Cloud Hosted Apps Onboarding Your Customers Customers YOU Users
© 2018 AVIATRIX SYSTEMS, INC. | 6 Challenges in Connecting Customers’ Sites to Cloud Hosted Apps 3. Security & Compliance 2. Operational Readiness 1. Connectivity
© 2018 AVIATRIX SYSTEMS, INC. | 7 Why Is It So Complex? - Requires involving customers’ network & security teams - Hits customers’ change control process when touching an edge device (for IPsec) and their perimeter security appliance - Requires your team to have expertise on a variety of customer edge routers What Does AWS/Azure Provide Natively? - AWS Virtual GW (VGW) & Azure VPN What’s Missing? - AWS VPN Gateway Limitation (supports 10 connections per VPC.) - Azure VPN Gateway Limitation (supports only 1 VPN connection for IKEv1) - Overlapping IP addresses - Traffic Direction Problem - Encryption Algorithm Mismatch 1. Connectivity Considerations
© 2018 AVIATRIX SYSTEMS, INC. | 8 Why Is It So Complex? - No visibility into your customer’s environment - Requires deep network expertise by the internal staff who supports connectivity to the customer environment (BGP, IPsec) - Committed SLAs impossible to prove What Does AWS/Azure Provide Natively? - No tools What’s Missing? - No Visibility: Cloud provider’s VPN gateway is a blackbox, there is no visibility - Automated Configuration: manually configuring traditional vRouter for 100s of IPSEC tunnel is not possible) - Too Slow to Onboard a Customer: VPN runs on UDP port 500/4500 which require opening corporate firewall ports) - Downtime Problem: When you add new IPsec tunnel, it will reset all existing tunnels 2. Operational Considerations
© 2018 AVIATRIX SYSTEMS, INC. | 9 Why Is It So Complex? - Giving customer users/groups limited access to your cloud- hosted app is just hard - SOC2-compliant reports (“who accessed what, at what time”) is even harder What Does AWS Provide Natively? - No AWS-native services What’s Missing? - A cloud-native User VPN solution - Profile-based access control with MFA - Audit logs that are exportable to your tool of choice 3. Security and Compliance Considerations for Remote Users
© 2018 AVIATRIX SYSTEMS, INC. | 10 • A communication module that you can include with your product to your customers: • Works in every type of customer environment: data center, private cloud, etc. • Does not require changes to edge routers or security appliances (opening ports) • Can sit inside the DMZ • Supports both IPsec and SSL termination • Provisioning and configuring these modules can be automated centrally • Does not require deep network expertise on your site as well as on your customer site A Better Approach for Connecting Customers’ Sites to Cloud- Hosted Apps
© 2018 AVIATRIX SYSTEMS, INC. | 11 • You’ll receive email w/ a link to a replay and slides • Take 10 minutes and start a free 14-day trial …. https://www.aviatrix.com • To view other bootcamps: https://www.aviatrix.com/bootcamps Next Steps with Aviatrix

Recomendados

Securing Your AWS Global Transit Network: Are You Asking the Right Questions?
Securing Your AWS Global Transit Network: Are You Asking the Right Questions?Securing Your AWS Global Transit Network: Are You Asking the Right Questions?
Securing Your AWS Global Transit Network: Are You Asking the Right Questions?Khash Nakhostin
 
Five Connectivity and Security Use Cases for Azure VNets
Five Connectivity and Security Use Cases for Azure VNetsFive Connectivity and Security Use Cases for Azure VNets
Five Connectivity and Security Use Cases for Azure VNetsKhash Nakhostin
 
Seven Criteria for Building an AWS Global Transit Network
Seven Criteria for Building an AWS Global Transit NetworkSeven Criteria for Building an AWS Global Transit Network
Seven Criteria for Building an AWS Global Transit NetworkKhash Nakhostin
 
Security Requirements and Tradeoffs for Controlling VPC-to-Internet Egress Tr...
Security Requirements and Tradeoffs for Controlling VPC-to-Internet Egress Tr...Security Requirements and Tradeoffs for Controlling VPC-to-Internet Egress Tr...
Security Requirements and Tradeoffs for Controlling VPC-to-Internet Egress Tr...Khash Nakhostin
 
Getting the Most Value from Your Aviatrix Controller & Gateways
Getting the Most Value from Your Aviatrix Controller & GatewaysGetting the Most Value from Your Aviatrix Controller & Gateways
Getting the Most Value from Your Aviatrix Controller & GatewaysKhash Nakhostin
 
Three Innovations that Define a “Next-Generation Global Transit Hub”
Three Innovations that Define a “Next-Generation Global Transit Hub”Three Innovations that Define a “Next-Generation Global Transit Hub”
Three Innovations that Define a “Next-Generation Global Transit Hub”Khash Nakhostin
 
Secure Remote Access to AWS: Why OpenVPN & Jump Hosts Aren’t Enough
Secure Remote Access to AWS: Why OpenVPN & Jump Hosts Aren’t EnoughSecure Remote Access to AWS: Why OpenVPN & Jump Hosts Aren’t Enough
Secure Remote Access to AWS: Why OpenVPN & Jump Hosts Aren’t EnoughKhash Nakhostin
 
Network Troubleshooting in the Cloud: Tools, Techniques and Gotchas
Network Troubleshooting in the Cloud: Tools, Techniques and GotchasNetwork Troubleshooting in the Cloud: Tools, Techniques and Gotchas
Network Troubleshooting in the Cloud: Tools, Techniques and GotchasKhash Nakhostin
 

Recomendados

Securing Your AWS Global Transit Network: Are You Asking the Right Questions?
Securing Your AWS Global Transit Network: Are You Asking the Right Questions?Securing Your AWS Global Transit Network: Are You Asking the Right Questions?
Securing Your AWS Global Transit Network: Are You Asking the Right Questions?Khash Nakhostin
 
Five Connectivity and Security Use Cases for Azure VNets
Five Connectivity and Security Use Cases for Azure VNetsFive Connectivity and Security Use Cases for Azure VNets
Five Connectivity and Security Use Cases for Azure VNetsKhash Nakhostin
 
Seven Criteria for Building an AWS Global Transit Network
Seven Criteria for Building an AWS Global Transit NetworkSeven Criteria for Building an AWS Global Transit Network
Seven Criteria for Building an AWS Global Transit NetworkKhash Nakhostin
 
Security Requirements and Tradeoffs for Controlling VPC-to-Internet Egress Tr...
Security Requirements and Tradeoffs for Controlling VPC-to-Internet Egress Tr...Security Requirements and Tradeoffs for Controlling VPC-to-Internet Egress Tr...
Security Requirements and Tradeoffs for Controlling VPC-to-Internet Egress Tr...Khash Nakhostin
 
Getting the Most Value from Your Aviatrix Controller & Gateways
Getting the Most Value from Your Aviatrix Controller & GatewaysGetting the Most Value from Your Aviatrix Controller & Gateways
Getting the Most Value from Your Aviatrix Controller & GatewaysKhash Nakhostin
 
Three Innovations that Define a “Next-Generation Global Transit Hub”
Three Innovations that Define a “Next-Generation Global Transit Hub”Three Innovations that Define a “Next-Generation Global Transit Hub”
Three Innovations that Define a “Next-Generation Global Transit Hub”Khash Nakhostin
 
Secure Remote Access to AWS: Why OpenVPN & Jump Hosts Aren’t Enough
Secure Remote Access to AWS: Why OpenVPN & Jump Hosts Aren’t EnoughSecure Remote Access to AWS: Why OpenVPN & Jump Hosts Aren’t Enough
Secure Remote Access to AWS: Why OpenVPN & Jump Hosts Aren’t EnoughKhash Nakhostin
 
Network Troubleshooting in the Cloud: Tools, Techniques and Gotchas
Network Troubleshooting in the Cloud: Tools, Techniques and GotchasNetwork Troubleshooting in the Cloud: Tools, Techniques and Gotchas
Network Troubleshooting in the Cloud: Tools, Techniques and GotchasKhash Nakhostin
 
What You Need to Know About Operationalizing Your AWS Transit Hub
What You Need to Know About Operationalizing Your AWS Transit HubWhat You Need to Know About Operationalizing Your AWS Transit Hub
What You Need to Know About Operationalizing Your AWS Transit HubKhash Nakhostin
 
Understanding the New Enterprise Multi-Cloud Backbone for DevOps Engineers
Understanding the New Enterprise Multi-Cloud Backbone for DevOps EngineersUnderstanding the New Enterprise Multi-Cloud Backbone for DevOps Engineers
Understanding the New Enterprise Multi-Cloud Backbone for DevOps EngineersDevOps.com
 
How Intuit Monitors Connectivity to AWS
How Intuit Monitors Connectivity to AWS How Intuit Monitors Connectivity to AWS
How Intuit Monitors Connectivity to AWS ThousandEyes
 
Demystifying Service Mesh
Demystifying Service MeshDemystifying Service Mesh
Demystifying Service MeshMitchell Pronschinske
 
CDN Performance at eBay from Thousandeyes Connect
CDN Performance at eBay from Thousandeyes ConnectCDN Performance at eBay from Thousandeyes Connect
CDN Performance at eBay from Thousandeyes ConnectThousandEyes
 
Cisco IT and ThousandEyes
Cisco IT and ThousandEyesCisco IT and ThousandEyes
Cisco IT and ThousandEyesThousandEyes
 
Network monitoring for the modern wan webinar
Network monitoring for the modern wan webinarNetwork monitoring for the modern wan webinar
Network monitoring for the modern wan webinarThousandEyes
 
Centurylink - Acceleration and securing modern applications!
Centurylink - Acceleration and securing modern applications!Centurylink - Acceleration and securing modern applications!
Centurylink - Acceleration and securing modern applications!Regis Allen
 
Istio Service Mesh
Istio Service MeshIstio Service Mesh
Istio Service MeshLew Tucker
 
The Internet of things for integration people - UKCSUG - public version
The Internet of things for integration people - UKCSUG - public versionThe Internet of things for integration people - UKCSUG - public version
The Internet of things for integration people - UKCSUG - public versionSam Vanhoutte
 
WWT: NFV Solutions Presentation from Cisco Live 2017
WWT: NFV Solutions Presentation from Cisco Live 2017WWT: NFV Solutions Presentation from Cisco Live 2017
WWT: NFV Solutions Presentation from Cisco Live 2017World Wide Technology
 
VPC and Datacenter Connectivity Options
VPC and Datacenter Connectivity OptionsVPC and Datacenter Connectivity Options
VPC and Datacenter Connectivity Optionsjohn homer alvero
 
How ThousandEyes Helps Atlassian Operate in the Public Cloud
How ThousandEyes Helps Atlassian Operate in the Public Cloud How ThousandEyes Helps Atlassian Operate in the Public Cloud
How ThousandEyes Helps Atlassian Operate in the Public Cloud ThousandEyes
 
Getting Started with Kubernetes and Consul
Getting Started with Kubernetes and ConsulGetting Started with Kubernetes and Consul
Getting Started with Kubernetes and ConsulMitchell Pronschinske
 
Layer 7 Observability and Centralized Configuration with Consul Service Mesh
Layer 7 Observability and Centralized Configuration with Consul Service MeshLayer 7 Observability and Centralized Configuration with Consul Service Mesh
Layer 7 Observability and Centralized Configuration with Consul Service MeshMitchell Pronschinske
 
apidays LIVE Paris - Serverless security: how to protect what you don't see? ...
apidays LIVE Paris - Serverless security: how to protect what you don't see? ...apidays LIVE Paris - Serverless security: how to protect what you don't see? ...
apidays LIVE Paris - Serverless security: how to protect what you don't see? ...apidays
 
NGINX DevSecOps Workshop
NGINX DevSecOps WorkshopNGINX DevSecOps Workshop
NGINX DevSecOps WorkshopNGINX, Inc.
 
Automating Performance Monitoring at Microsoft
Automating Performance Monitoring at MicrosoftAutomating Performance Monitoring at Microsoft
Automating Performance Monitoring at MicrosoftThousandEyes
 
Gain multi-cloud versatility with software load balancing designed for cloud-...
Gain multi-cloud versatility with software load balancing designed for cloud-...Gain multi-cloud versatility with software load balancing designed for cloud-...
Gain multi-cloud versatility with software load balancing designed for cloud-...Ashnikbiz
 
Visibility for a Global Network
Visibility for a Global NetworkVisibility for a Global Network
Visibility for a Global NetworkThousandEyes
 
Citrix Synergy 2014 - Syn231 Why cloud projects fail
Citrix Synergy 2014 - Syn231 Why cloud projects failCitrix Synergy 2014 - Syn231 Why cloud projects fail
Citrix Synergy 2014 - Syn231 Why cloud projects failCitrix
 
Primend Praktiline Konverents - Rakenduse keskne IT infrastruktuur / Cisco Ap...
Primend Praktiline Konverents - Rakenduse keskne IT infrastruktuur / Cisco Ap...Primend Praktiline Konverents - Rakenduse keskne IT infrastruktuur / Cisco Ap...
Primend Praktiline Konverents - Rakenduse keskne IT infrastruktuur / Cisco Ap...Primend
 

Más contenido relacionado

La actualidad más candente

What You Need to Know About Operationalizing Your AWS Transit Hub
What You Need to Know About Operationalizing Your AWS Transit HubWhat You Need to Know About Operationalizing Your AWS Transit Hub
What You Need to Know About Operationalizing Your AWS Transit HubKhash Nakhostin
 
Understanding the New Enterprise Multi-Cloud Backbone for DevOps Engineers
Understanding the New Enterprise Multi-Cloud Backbone for DevOps EngineersUnderstanding the New Enterprise Multi-Cloud Backbone for DevOps Engineers
Understanding the New Enterprise Multi-Cloud Backbone for DevOps EngineersDevOps.com
 
How Intuit Monitors Connectivity to AWS
How Intuit Monitors Connectivity to AWS How Intuit Monitors Connectivity to AWS
How Intuit Monitors Connectivity to AWS ThousandEyes
 
CDN Performance at eBay from Thousandeyes Connect
CDN Performance at eBay from Thousandeyes ConnectCDN Performance at eBay from Thousandeyes Connect
CDN Performance at eBay from Thousandeyes ConnectThousandEyes
 
Cisco IT and ThousandEyes
Cisco IT and ThousandEyesCisco IT and ThousandEyes
Cisco IT and ThousandEyesThousandEyes
 
Network monitoring for the modern wan webinar
Network monitoring for the modern wan webinarNetwork monitoring for the modern wan webinar
Network monitoring for the modern wan webinarThousandEyes
 
Centurylink - Acceleration and securing modern applications!
Centurylink - Acceleration and securing modern applications!Centurylink - Acceleration and securing modern applications!
Centurylink - Acceleration and securing modern applications!Regis Allen
 
Istio Service Mesh
Istio Service MeshIstio Service Mesh
Istio Service MeshLew Tucker
 
The Internet of things for integration people - UKCSUG - public version
The Internet of things for integration people - UKCSUG - public versionThe Internet of things for integration people - UKCSUG - public version
The Internet of things for integration people - UKCSUG - public versionSam Vanhoutte
 
WWT: NFV Solutions Presentation from Cisco Live 2017
WWT: NFV Solutions Presentation from Cisco Live 2017WWT: NFV Solutions Presentation from Cisco Live 2017
WWT: NFV Solutions Presentation from Cisco Live 2017World Wide Technology
 
VPC and Datacenter Connectivity Options
VPC and Datacenter Connectivity OptionsVPC and Datacenter Connectivity Options
VPC and Datacenter Connectivity Optionsjohn homer alvero
 
How ThousandEyes Helps Atlassian Operate in the Public Cloud
How ThousandEyes Helps Atlassian Operate in the Public Cloud How ThousandEyes Helps Atlassian Operate in the Public Cloud
How ThousandEyes Helps Atlassian Operate in the Public Cloud ThousandEyes
 
Getting Started with Kubernetes and Consul
Getting Started with Kubernetes and ConsulGetting Started with Kubernetes and Consul
Getting Started with Kubernetes and ConsulMitchell Pronschinske
 
Layer 7 Observability and Centralized Configuration with Consul Service Mesh
Layer 7 Observability and Centralized Configuration with Consul Service MeshLayer 7 Observability and Centralized Configuration with Consul Service Mesh
Layer 7 Observability and Centralized Configuration with Consul Service MeshMitchell Pronschinske
 
apidays LIVE Paris - Serverless security: how to protect what you don't see? ...
apidays LIVE Paris - Serverless security: how to protect what you don't see? ...apidays LIVE Paris - Serverless security: how to protect what you don't see? ...
apidays LIVE Paris - Serverless security: how to protect what you don't see? ...apidays
 
NGINX DevSecOps Workshop
NGINX DevSecOps WorkshopNGINX DevSecOps Workshop
NGINX DevSecOps WorkshopNGINX, Inc.
 
Automating Performance Monitoring at Microsoft
Automating Performance Monitoring at MicrosoftAutomating Performance Monitoring at Microsoft
Automating Performance Monitoring at MicrosoftThousandEyes
 
Gain multi-cloud versatility with software load balancing designed for cloud-...
Gain multi-cloud versatility with software load balancing designed for cloud-...Gain multi-cloud versatility with software load balancing designed for cloud-...
Gain multi-cloud versatility with software load balancing designed for cloud-...Ashnikbiz
 
Visibility for a Global Network
Visibility for a Global NetworkVisibility for a Global Network
Visibility for a Global NetworkThousandEyes
 

La actualidad más candente (20)

What You Need to Know About Operationalizing Your AWS Transit Hub
What You Need to Know About Operationalizing Your AWS Transit HubWhat You Need to Know About Operationalizing Your AWS Transit Hub
What You Need to Know About Operationalizing Your AWS Transit Hub
 
Understanding the New Enterprise Multi-Cloud Backbone for DevOps Engineers
Understanding the New Enterprise Multi-Cloud Backbone for DevOps EngineersUnderstanding the New Enterprise Multi-Cloud Backbone for DevOps Engineers
Understanding the New Enterprise Multi-Cloud Backbone for DevOps Engineers
 
How Intuit Monitors Connectivity to AWS
How Intuit Monitors Connectivity to AWS How Intuit Monitors Connectivity to AWS
How Intuit Monitors Connectivity to AWS
 
Demystifying Service Mesh
Demystifying Service MeshDemystifying Service Mesh
Demystifying Service Mesh
 
CDN Performance at eBay from Thousandeyes Connect
CDN Performance at eBay from Thousandeyes ConnectCDN Performance at eBay from Thousandeyes Connect
CDN Performance at eBay from Thousandeyes Connect
 
Cisco IT and ThousandEyes
Cisco IT and ThousandEyesCisco IT and ThousandEyes
Cisco IT and ThousandEyes
 
Network monitoring for the modern wan webinar
Network monitoring for the modern wan webinarNetwork monitoring for the modern wan webinar
Network monitoring for the modern wan webinar
 
Centurylink - Acceleration and securing modern applications!
Centurylink - Acceleration and securing modern applications!Centurylink - Acceleration and securing modern applications!
Centurylink - Acceleration and securing modern applications!
 
Istio Service Mesh
Istio Service MeshIstio Service Mesh
Istio Service Mesh
 
The Internet of things for integration people - UKCSUG - public version
The Internet of things for integration people - UKCSUG - public versionThe Internet of things for integration people - UKCSUG - public version
The Internet of things for integration people - UKCSUG - public version
 
WWT: NFV Solutions Presentation from Cisco Live 2017
WWT: NFV Solutions Presentation from Cisco Live 2017WWT: NFV Solutions Presentation from Cisco Live 2017
WWT: NFV Solutions Presentation from Cisco Live 2017
 
VPC and Datacenter Connectivity Options
VPC and Datacenter Connectivity OptionsVPC and Datacenter Connectivity Options
VPC and Datacenter Connectivity Options
 
How ThousandEyes Helps Atlassian Operate in the Public Cloud
How ThousandEyes Helps Atlassian Operate in the Public Cloud How ThousandEyes Helps Atlassian Operate in the Public Cloud
How ThousandEyes Helps Atlassian Operate in the Public Cloud
 
Getting Started with Kubernetes and Consul
Getting Started with Kubernetes and ConsulGetting Started with Kubernetes and Consul
Getting Started with Kubernetes and Consul
 
Layer 7 Observability and Centralized Configuration with Consul Service Mesh
Layer 7 Observability and Centralized Configuration with Consul Service MeshLayer 7 Observability and Centralized Configuration with Consul Service Mesh
Layer 7 Observability and Centralized Configuration with Consul Service Mesh
 
apidays LIVE Paris - Serverless security: how to protect what you don't see? ...
apidays LIVE Paris - Serverless security: how to protect what you don't see? ...apidays LIVE Paris - Serverless security: how to protect what you don't see? ...
apidays LIVE Paris - Serverless security: how to protect what you don't see? ...
 
NGINX DevSecOps Workshop
NGINX DevSecOps WorkshopNGINX DevSecOps Workshop
NGINX DevSecOps Workshop
 
Automating Performance Monitoring at Microsoft
Automating Performance Monitoring at MicrosoftAutomating Performance Monitoring at Microsoft
Automating Performance Monitoring at Microsoft
 
Gain multi-cloud versatility with software load balancing designed for cloud-...
Gain multi-cloud versatility with software load balancing designed for cloud-...Gain multi-cloud versatility with software load balancing designed for cloud-...
Gain multi-cloud versatility with software load balancing designed for cloud-...
 
Visibility for a Global Network
Visibility for a Global NetworkVisibility for a Global Network
Visibility for a Global Network
 

Similar a Securely Connecting Your Customers to Their Cloud-Hosted App – In Minutes

Citrix Synergy 2014 - Syn231 Why cloud projects fail
Citrix Synergy 2014 - Syn231 Why cloud projects failCitrix Synergy 2014 - Syn231 Why cloud projects fail
Citrix Synergy 2014 - Syn231 Why cloud projects failCitrix
 
Primend Praktiline Konverents - Rakenduse keskne IT infrastruktuur / Cisco Ap...
Primend Praktiline Konverents - Rakenduse keskne IT infrastruktuur / Cisco Ap...Primend Praktiline Konverents - Rakenduse keskne IT infrastruktuur / Cisco Ap...
Primend Praktiline Konverents - Rakenduse keskne IT infrastruktuur / Cisco Ap...Primend
 
VM Farms Thrive with Dedicated IP Storage Networks
VM Farms Thrive with Dedicated IP Storage NetworksVM Farms Thrive with Dedicated IP Storage Networks
VM Farms Thrive with Dedicated IP Storage NetworksBrocade
 
Faster, simpler, more secure remote access to apps in aws
Faster, simpler, more secure remote access to apps in awsFaster, simpler, more secure remote access to apps in aws
Faster, simpler, more secure remote access to apps in awsZscaler
 
CNCF On-Demand Webinar_ LitmusChaos Project Updates.pdf
CNCF On-Demand Webinar_ LitmusChaos Project Updates.pdfCNCF On-Demand Webinar_ LitmusChaos Project Updates.pdf
CNCF On-Demand Webinar_ LitmusChaos Project Updates.pdfLibbySchulze
 
Nieuwe onderwijs- en onderzoekstoepassingen door slimme wifi-netwerken - Roy ...
Nieuwe onderwijs- en onderzoekstoepassingen door slimme wifi-netwerken - Roy ...Nieuwe onderwijs- en onderzoekstoepassingen door slimme wifi-netwerken - Roy ...
Nieuwe onderwijs- en onderzoekstoepassingen door slimme wifi-netwerken - Roy ...SURFnet
 
ciscothousandeyesusecase
ciscothousandeyesusecaseciscothousandeyesusecase
ciscothousandeyesusecaseRENJITHKNAIR5
 
Getting Started With ThousandEyes Proof of Concepts: End User Digital Experience
Getting Started With ThousandEyes Proof of Concepts: End User Digital ExperienceGetting Started With ThousandEyes Proof of Concepts: End User Digital Experience
Getting Started With ThousandEyes Proof of Concepts: End User Digital ExperienceThousandEyes
 
Get the Most Out of Kubernetes with NGINX
Get the Most Out of Kubernetes with NGINXGet the Most Out of Kubernetes with NGINX
Get the Most Out of Kubernetes with NGINXNGINX, Inc.
 
VMworld 2013: NSX PCI Reference Architecture Workshop Session 3 - Operational...
VMworld 2013: NSX PCI Reference Architecture Workshop Session 3 - Operational...VMworld 2013: NSX PCI Reference Architecture Workshop Session 3 - Operational...
VMworld 2013: NSX PCI Reference Architecture Workshop Session 3 - Operational...VMworld
 
From Pivotal to VMware Tanzu: What you need to know
From Pivotal to VMware Tanzu: What you need to knowFrom Pivotal to VMware Tanzu: What you need to know
From Pivotal to VMware Tanzu: What you need to knowVMware Tanzu
 
PCI DSS Compliance in the Cloud
PCI DSS Compliance in the CloudPCI DSS Compliance in the Cloud
PCI DSS Compliance in the CloudControlCase
 
Getting Started with ThousandEyes Proof of Concepts
Getting Started with ThousandEyes Proof of ConceptsGetting Started with ThousandEyes Proof of Concepts
Getting Started with ThousandEyes Proof of ConceptsThousandEyes
 
VMware Workspace ONE a synergie s Microsoftem
VMware Workspace ONE a synergie s MicrosoftemVMware Workspace ONE a synergie s Microsoftem
VMware Workspace ONE a synergie s MicrosoftemMarketingArrowECS_CZ
 
Getting Started with ThousandEyes Proof of Concepts
Getting Started with ThousandEyes Proof of ConceptsGetting Started with ThousandEyes Proof of Concepts
Getting Started with ThousandEyes Proof of ConceptsThousandEyes
 
Cisco Connect Ottawa 2018 multi cloud
Cisco Connect Ottawa 2018 multi cloudCisco Connect Ottawa 2018 multi cloud
Cisco Connect Ottawa 2018 multi cloudCisco Canada
 
Secure remote access to AWS your users will love
Secure remote access to AWS your users will loveSecure remote access to AWS your users will love
Secure remote access to AWS your users will loveZscaler
 
IBM API Connect Deployment `Good Practices - IBM Think 2018
IBM API Connect Deployment `Good Practices - IBM Think 2018IBM API Connect Deployment `Good Practices - IBM Think 2018
IBM API Connect Deployment `Good Practices - IBM Think 2018Chris Phillips
 
Securing Kubernetes Clusters with NGINX Plus Ingress Controller & NAP
Securing Kubernetes Clusters with NGINX Plus Ingress Controller & NAPSecuring Kubernetes Clusters with NGINX Plus Ingress Controller & NAP
Securing Kubernetes Clusters with NGINX Plus Ingress Controller & NAPOlivia LaMar
 

Similar a Securely Connecting Your Customers to Their Cloud-Hosted App – In Minutes (20)

Citrix Synergy 2014 - Syn231 Why cloud projects fail
Citrix Synergy 2014 - Syn231 Why cloud projects failCitrix Synergy 2014 - Syn231 Why cloud projects fail
Citrix Synergy 2014 - Syn231 Why cloud projects fail
 
Primend Praktiline Konverents - Rakenduse keskne IT infrastruktuur / Cisco Ap...
Primend Praktiline Konverents - Rakenduse keskne IT infrastruktuur / Cisco Ap...Primend Praktiline Konverents - Rakenduse keskne IT infrastruktuur / Cisco Ap...
Primend Praktiline Konverents - Rakenduse keskne IT infrastruktuur / Cisco Ap...
 
VM Farms Thrive with Dedicated IP Storage Networks
VM Farms Thrive with Dedicated IP Storage NetworksVM Farms Thrive with Dedicated IP Storage Networks
VM Farms Thrive with Dedicated IP Storage Networks
 
Check Point and Accenture Webinar
Check Point and Accenture Webinar Check Point and Accenture Webinar
Check Point and Accenture Webinar
 
Faster, simpler, more secure remote access to apps in aws
Faster, simpler, more secure remote access to apps in awsFaster, simpler, more secure remote access to apps in aws
Faster, simpler, more secure remote access to apps in aws
 
CNCF On-Demand Webinar_ LitmusChaos Project Updates.pdf
CNCF On-Demand Webinar_ LitmusChaos Project Updates.pdfCNCF On-Demand Webinar_ LitmusChaos Project Updates.pdf
CNCF On-Demand Webinar_ LitmusChaos Project Updates.pdf
 
Nieuwe onderwijs- en onderzoekstoepassingen door slimme wifi-netwerken - Roy ...
Nieuwe onderwijs- en onderzoekstoepassingen door slimme wifi-netwerken - Roy ...Nieuwe onderwijs- en onderzoekstoepassingen door slimme wifi-netwerken - Roy ...
Nieuwe onderwijs- en onderzoekstoepassingen door slimme wifi-netwerken - Roy ...
 
ciscothousandeyesusecase
ciscothousandeyesusecaseciscothousandeyesusecase
ciscothousandeyesusecase
 
Getting Started With ThousandEyes Proof of Concepts: End User Digital Experience
Getting Started With ThousandEyes Proof of Concepts: End User Digital ExperienceGetting Started With ThousandEyes Proof of Concepts: End User Digital Experience
Getting Started With ThousandEyes Proof of Concepts: End User Digital Experience
 
Get the Most Out of Kubernetes with NGINX
Get the Most Out of Kubernetes with NGINXGet the Most Out of Kubernetes with NGINX
Get the Most Out of Kubernetes with NGINX
 
VMworld 2013: NSX PCI Reference Architecture Workshop Session 3 - Operational...
VMworld 2013: NSX PCI Reference Architecture Workshop Session 3 - Operational...VMworld 2013: NSX PCI Reference Architecture Workshop Session 3 - Operational...
VMworld 2013: NSX PCI Reference Architecture Workshop Session 3 - Operational...
 
From Pivotal to VMware Tanzu: What you need to know
From Pivotal to VMware Tanzu: What you need to knowFrom Pivotal to VMware Tanzu: What you need to know
From Pivotal to VMware Tanzu: What you need to know
 
PCI DSS Compliance in the Cloud
PCI DSS Compliance in the CloudPCI DSS Compliance in the Cloud
PCI DSS Compliance in the Cloud
 
Getting Started with ThousandEyes Proof of Concepts
Getting Started with ThousandEyes Proof of ConceptsGetting Started with ThousandEyes Proof of Concepts
Getting Started with ThousandEyes Proof of Concepts
 
VMware Workspace ONE a synergie s Microsoftem
VMware Workspace ONE a synergie s MicrosoftemVMware Workspace ONE a synergie s Microsoftem
VMware Workspace ONE a synergie s Microsoftem
 
Getting Started with ThousandEyes Proof of Concepts
Getting Started with ThousandEyes Proof of ConceptsGetting Started with ThousandEyes Proof of Concepts
Getting Started with ThousandEyes Proof of Concepts
 
Cisco Connect Ottawa 2018 multi cloud
Cisco Connect Ottawa 2018 multi cloudCisco Connect Ottawa 2018 multi cloud
Cisco Connect Ottawa 2018 multi cloud
 
Secure remote access to AWS your users will love
Secure remote access to AWS your users will loveSecure remote access to AWS your users will love
Secure remote access to AWS your users will love
 
IBM API Connect Deployment `Good Practices - IBM Think 2018
IBM API Connect Deployment `Good Practices - IBM Think 2018IBM API Connect Deployment `Good Practices - IBM Think 2018
IBM API Connect Deployment `Good Practices - IBM Think 2018
 
Securing Kubernetes Clusters with NGINX Plus Ingress Controller & NAP
Securing Kubernetes Clusters with NGINX Plus Ingress Controller & NAPSecuring Kubernetes Clusters with NGINX Plus Ingress Controller & NAP
Securing Kubernetes Clusters with NGINX Plus Ingress Controller & NAP
 

Último

Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 

Último (20)

Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 

Securely Connecting Your Customers to Their Cloud-Hosted App – In Minutes

  • 1. Securely Connecting Customers’ Sites To Your Cloud Hosted Apps – In Minutes AWS Bootcamp #6 – May 24, 2018 Sherry Wei, Founder & CTO Neel Kamal, Head of Field Operations Frank Cabri, VP Product Marketing
  • 2. © 2018 AVIATRIX SYSTEMS, INC. | 2 • Use Cases for App Providers • Understanding the Challenges of Customer On-Boarding - Connectivity - Operational Readiness - Security & Compliance • Demo • Live Q & A Welcome & Agenda SHERRY WEI Founder & CTO NEEL KAMAL Head of Field Operations FEATURED SPEAKERS
  • 3. © 2018 AVIATRIX SYSTEMS, INC. | 3 Check Out More Bootcamps – Available On-Demand www.aviatrix.com/bootcamps
  • 4. © 2018 AVIATRIX SYSTEMS, INC. | 4 Networking Use Cases for Hosted Apps Providers AND Managing Your Internal PaaS Operation Onboarding Your Customers Customers YOU Users
  • 5. © 2018 AVIATRIX SYSTEMS, INC. | 5 1. Connectivity Challenges - Building IPsec connectivity to the customer environment - Handling overlapping CIDR blocks - Supporting connectivity from the hosted environment to customer environment, which can be on-prem, AWS, Azure, Google Cloud, etc. 2. Operational Challenges - Lack of monitoring/insights into customer experience: latency, performance - Lack of alerting and troubleshooting ability - Lack of automation, which leads to delays and errors 3. Security & Compliance Challenges - Policy-based, remote user access to separate internal staff from customer staff - Isolate and segmenting VPCs to tighten the security perimeter and reduce audit scope Challenges in Connecting Customers’ Sites to Cloud Hosted Apps Onboarding Your Customers Customers YOU Users
  • 6. © 2018 AVIATRIX SYSTEMS, INC. | 6 Challenges in Connecting Customers’ Sites to Cloud Hosted Apps 3. Security & Compliance 2. Operational Readiness 1. Connectivity
  • 7. © 2018 AVIATRIX SYSTEMS, INC. | 7 Why Is It So Complex? - Requires involving customers’ network & security teams - Hits customers’ change control process when touching an edge device (for IPsec) and their perimeter security appliance - Requires your team to have expertise on a variety of customer edge routers What Does AWS/Azure Provide Natively? - AWS Virtual GW (VGW) & Azure VPN What’s Missing? - AWS VPN Gateway Limitation (supports 10 connections per VPC.) - Azure VPN Gateway Limitation (supports only 1 VPN connection for IKEv1) - Overlapping IP addresses - Traffic Direction Problem - Encryption Algorithm Mismatch 1. Connectivity Considerations
  • 8. © 2018 AVIATRIX SYSTEMS, INC. | 8 Why Is It So Complex? - No visibility into your customer’s environment - Requires deep network expertise by the internal staff who supports connectivity to the customer environment (BGP, IPsec) - Committed SLAs impossible to prove What Does AWS/Azure Provide Natively? - No tools What’s Missing? - No Visibility: Cloud provider’s VPN gateway is a blackbox, there is no visibility - Automated Configuration: manually configuring traditional vRouter for 100s of IPSEC tunnel is not possible) - Too Slow to Onboard a Customer: VPN runs on UDP port 500/4500 which require opening corporate firewall ports) - Downtime Problem: When you add new IPsec tunnel, it will reset all existing tunnels 2. Operational Considerations
  • 9. © 2018 AVIATRIX SYSTEMS, INC. | 9 Why Is It So Complex? - Giving customer users/groups limited access to your cloud- hosted app is just hard - SOC2-compliant reports (“who accessed what, at what time”) is even harder What Does AWS Provide Natively? - No AWS-native services What’s Missing? - A cloud-native User VPN solution - Profile-based access control with MFA - Audit logs that are exportable to your tool of choice 3. Security and Compliance Considerations for Remote Users
  • 10. © 2018 AVIATRIX SYSTEMS, INC. | 10 • A communication module that you can include with your product to your customers: • Works in every type of customer environment: data center, private cloud, etc. • Does not require changes to edge routers or security appliances (opening ports) • Can sit inside the DMZ • Supports both IPsec and SSL termination • Provisioning and configuring these modules can be automated centrally • Does not require deep network expertise on your site as well as on your customer site A Better Approach for Connecting Customers’ Sites to Cloud- Hosted Apps
  • 11. © 2018 AVIATRIX SYSTEMS, INC. | 11 • You’ll receive email w/ a link to a replay and slides • Take 10 minutes and start a free 14-day trial …. https://www.aviatrix.com • To view other bootcamps: https://www.aviatrix.com/bootcamps Next Steps with Aviatrix