Many cloud networking solutions can feel similar to walking with a rock in your shoe.
While these two concepts seem far from associated, this metaphor can be understood by everyone from a 5 year old child to anyone who has spent time walking outdoor trails.
The analogy rings true because similar to the way a person might continue walking with an uncomfortable rock under their foot, organizations move forward, covering up flaws and dealing with inadequacies, using existing technology solutions because they are moving too fast and don’t make time to stop and ask, “is there a better way?”.
Cloud environments have changed the way that applications are hosted and delivered. Their scalability and flexibility have enabled businesses to transform development processes, operations and the way they deliver value to customers. But many times the applications hosted in these cloud environments require access to data housed in a customer’s on-premise environments.
Often one of the biggest challenges of migrating an organization’s application to the cloud, is that they require the use of IPSec VPNs for their connectivity.
Building customer data connections via individual VPN tunnels breaks down as a cloud-hosted application scales. Network software updates and lack of network experienced staff onsite makes the management of these connections difficult for an application provider who relies on customer connectivity as a critical part of the application but doesn’t want to be in the business of managing that connectivity.
All of these things can affect the operations, customer experience and ultimately the profitability of an application.
Last fall AWS took a step in trying to relieve some of this pain when it released an improved way of handling multiple virtual private clouds (VPC) in AWS.
Acting as a network hub for AWS instances, Transit Gateway works to simplify the management of cloud network connections to all of an application’s AWS virtual private clouds.
This hub and spoke model creates a single transit VPC that all on-premise networks can connect to. This greatly eases the deployment and management issues that arise when connecting multiple on-premise networks to applications hosted across multiple AWS VPCs.
This is a significant step forward in managing multiple VPCs. But one of the problems that AWS Transit Gateway doesn’t yet solve are configuration and management complexities of the IPSec VPNs connecting to Transit Gateway.
Anyone who has configured and supported large numbers of VPN connections to sites that you don’t control has experienced the joys of managing firewall issues, overlapping private subnets (RFC 1918) and manually pushing security updates to all network devices.
Trustgrid enhances AWS Transit Gateway by giving application providers a far easier way to connect all on-premise customer environments to a Transit Gateway VPC.
When using the two solutions together, applications are able to deploy new customers in a fraction of the time, manage existing connections with less resources and improve the overall customer experience.
Trustgrid’s software-defined connectivity creates containerized network endpoints that seamlessly integrate with AWS Transit Gateway but eliminate much of the pain of VPN connections.
Additionally, it adds a cloud-based control plane that enables a range of security management features to optimize the administration of large numbers of on-premise network connections.
Similar to walking around with a rock in your shoe, the use of IPSec VPNs has limped along as a necessary, but often frustrating, technology. While throwing additional resources and living with a less than optimal experience has been the way that companies have ‘walked around’ the issue for years, that is no longer necessary.
If there was a better way to handle AWS to on-premise data connections, would that be worth stopping to take a look at?
Is it time for you to stop, take a moment, and pull that rock out of your shoe?
If so, a more comfortable path lies ahead.