Cloud Network Architecture for Online and Mobile Gaming

By Sherry Wei
Founder and CTO, Aviatrix
April 2, 2017

If your job is to build infrastructure for a gaming company, your priority is to keep the games up and running with great performance — making sure all event logs are properly setup, those logs are forwarded for analytics, and using scripting tools to manage new games as well as new software releases. And as such, networking in the cloud may be the last thing on your mind, indeed, cloud networking should become a substrate that you don’t have to worry about so you may focus your time on the real stuff, the games.

Where would you start?

How do you build a cloud network for gaming? What is a good network architecture?

You should consider the following dimensions beyond agility, connectivity and security.

  • Shared Resources: What are my common DevOps tools and which region should they be hosted? For example, I use chef to build images and Jenkins for continue testing. Which region should these tools be hosted?
  • Cost Metrics: This is related to managing the life cycle of games. How do I help my team gain knowledge of how much it costs to develop a game, test a game, and run a game?
  • Performance: Where should I host the games so that gamers have the best experience playing the games
  • Access: How do my DevOps engineers access the tools and resources in VPCs? How do developers access gaming applications in VPCs for development and testing? How do I restrict developers from accessing production database?

Be it a public cloud or hybrid cloud deployment, these key metrics are the pillars that build a successful cloud infrastructure for mobile and online game development/publishing. The vital constructs Aviatrix uses to enable such a productive cloud architecture are the following:

  • Management VPC: Shared Resources call for a management VPC where all tools and common applications are hosted.
  • Multi Accounts: Assigning each game project a separate AWS account automatically insulates Cost Metrics, unmasking analytical clarity. Each AWS account should have multiple VPCs. For example, a Dev, Test and Production.
  • Multi Regions: Deploying games in multiple AWS regions ensures shortest latency to your users around the world. For example, if you have a large gamer-community in Europe, setting up a production VPC in AWS-Ireland or -Frankfurt will relate to a better user experience for your European customer base. Taking it one step further, adding game applications for those users in VPC’s in those regions will further increase the user experience leading to better understanding of a growing market space.
  • Profile Based VPN Access: Give DevOps and developers SSL VPN access to VPCs. Profile based VPN solution dynamically pushes access policies when a user connects, thus gives different privileges to administrators, developers and contractors.

Examples of best practices in designing a cloud network architecture in the gaming industry are illustrated in Figures 1, 2, and 3. Instead of each game project being a standalone VPC, each game is assigned an account with multiple VPCs. A VPC is stood up based on development, user, and cost metrics that provides the necessary visibility to constantly improve your organization’s success. The common denominator to reach a successful architecture is to instantiate a Management VPC embedded with a gateway with the ability to route transitively. This Management VPC hosts all tools and networks securely to all other VPCs for software updates, administration and to ensure access control.

Fig 1: Best practices for online/mobile game developer’s cloud architecture

For production VPCs where actual games and applications are hosted in the case for gaming publishers; multi-region deployments are important for best user experience by users. User metrics become extremely important in this case.

Fig 2: Best practices for an online/mobile game publisher’s cloud architecture

In both diagrams, one Aviatrix Controller is launched in the management VPC. From the controller’s web console, you can:

  • Create AWS accounts
  • Launch Aviatrix gateways
  • Build inter-region VPC peering

DevOps and developers access all VPCs directly through an Elastics Load Balanced Aviatrix VPN gateways in the management VPC as privileges permit.

Summarizing all of the concepts discussed, the most successful gaming companies that have found success in scaling their cloud platform utilized a variation of the following architecture.


Comments are closed for this post.

Latest Posts

Aviatrix Now Provides FIPS 140-2 Validated Encryption
By Sam Ghardashem, June 14, 2019

How Aviatrix’s intelligent orchestration and control eliminates unwanted tradeoffs encountered when deploying Palo Alto Networks VM-Series Firewalls with AWS Transit Gateway
By Sam Ghardashem, June 7, 2019

How to Use Aviatrix SD Cloud Routing to Build Azure Networks
By Karthik Balachandran, March 20, 2019

The Cloud in 2019 and Beyond: More of the Same, Only Better
By Steven Mih, December 6, 2018

Understanding AWS VPC Egress Filtering Methods
By Khash Nakhostin, November 14, 2018

Top Tags

Active Directory (AD)Amazon Partner Network (APN)Amazon Virtual Private Cloud (Amazon VPC)Amazon Web Services (AWS)Amazon WorkSpacesApplication VisibilityAviatrix Cloud InterconnectAviatrix ControllerAviatrix FireNetAviatrix Firewall Network ServiceAviatrix FlightPathAviatrix Hosted ServiceAWS Direct ConnectAWS Egress ControlAWS Transit Gateway (TGW)AWS VPNAzure ExpressRouteCasachekChefCiscoCisco Live 2018Cloud Architectscloud burstingCloud ComputingCloud Gatewaycloud governanceCloud MigrationCloud NetworkingCloudOpsCSRDevOpsEgress TrafficElon MuskEnterprise Strategy Group (ESG)FIPS 140-2GartnerGCP Next 16Google Cloud PlatformHub-and-Spoke NetworkHybrid CloudHyperFlex Multi-Cloud EcosystemInternational Data Corporation (IDC)Intrusion Detection System (IDS)Intrusion Preventions Systems (IPS)IPmotionJenkinsMalware DetectionMesh NetworkMicrosoft AzureMulticloudNetworking as a Servicenetworking infrastructureNext Generation Firewalls (NGFW)NiciraNoOpsNutanixNutanix CalmOpenVPN Access ServerPalo Alto NetworksPCI CompliancePci DssPublic CloudPublic Cloud NetworkingPuppetRemote AccessSafeLogicSD Cloud RouterSD-WANSoftware Defined Cloud RoutingSoftware-Defined Cloud RoutersSquidSSL VPN to AWSstorage and computeTransit DMZ Architecturetransit networkTransit VPCURL FilteringUse Casesvalidated encryptionVirtual Cloud NetworkVirtual Desktop Infrastructure (VDI)Virtual RoutersVMwareVNet ConnectivityVPCVPC PeeringVPN