How to Use Aviatrix SD Cloud Routing to Build Azure Networks

By Karthik Balachandran
Cloud System Engineer, Aviatrix
March 20, 2019

Azure networking constructs provide you many different options to build and host your applications. With a wide choice of regions, network configurations, resource management options, Azure customers can easily architect for high availability and performance.

But, as enterprises migrate more and more mission critical applications to the cloud, there are many connectivity and security requirements that are not natively available in Azure. In this post, we’ll look at a few of these requirements.

The diagram below shows at a high level how Azure customers deploy Aviatrix today.

Let’s dive deeper into each Azure use case:

On-premise to VNet Connectivity at Scale (See diagram below)

While Azure provides the capability to create a regional hub to connect on-prem to many VNets, Aviatrix provides the capabilities to build a global transit network across regions. For example, if you had a Shared Services VNet that needs to connect across regional hubs, you can easy peer the transit hubs using aviatrix. For more information visit:

Simple and Manageable VNet to VNet Connectivity at Scale (See diagram below)

Aviatrix allows hundreds to VNETs to be connected efficiently in a hub and spoke model allowing central visibility and control across all your traffic. Aviatrix solution also overcome security policy limitations like VNet level firewalling. Also, at the instance level, native Azure policies are limited to 250 IP address based rules.

VNet to internet Egress Security (See diagram below)

Azure allows filtering internet bound traffic based on domain-names. But, there is no for support for non http/https traffic. For example, you cannot allow ftp or ssh traffic to a specific domain name. Aviatrix fills this gap with a cost effiective NAT gateway. These Gateways can also be run a “discovery” mode to discover domain names that are currently being accessed from your VNets.

VNet to AWS VPC Connectivity (See diagram below)

Customers that want to connect their VPCs to VNets often try to route traffic via an on-prem datacenter. This makes connectivity complex (and expensive). It also puts burden on your cloud operations to coordinate changes with on-prem network teams. Aviatrix solves this problem through its multi-cloud controller that can orchestrate encrypted peering across clouds, regions and accounts.

User to VNet Connectivity (See diagram below)

Azure P2S works only with Windows clients • Aviatrix is the solution of choice for hundreds of customers that want support for general SSL VPN clients with strong authentication like LDAP, SAML, Okta, Duo, MFA, etc. Aviatrix UserVPN feature also provides Network-level authorization based on user profile. Finally, the Aviatrix gateways can log user vpn activity for auditing reporting purposes (track who accessed what, from where, and when).

Aviatrix is a trusted multi-cloud partner that can simplify networking in the cloud. Through its central controller and cloud-native constructs, aviatrix has made hundreds of enterprises successful in their public cloud endeavors.

To try out some of these use cases, you can launch the aviatrix controller from the Azure marketplace by following these instructions:

You can then add the Azure subscription to your controller by registering the app in Azure Active Directory:


Comments are closed for this post.

Latest Posts

Aviatrix Now Provides FIPS 140-2 Validated Encryption
By Sam Ghardashem, June 14, 2019

How Aviatrix’s intelligent orchestration and control eliminates unwanted tradeoffs encountered when deploying Palo Alto Networks VM-Series Firewalls with AWS Transit Gateway
By Sam Ghardashem, June 7, 2019

How to Use Aviatrix SD Cloud Routing to Build Azure Networks
By Karthik Balachandran, March 20, 2019

The Cloud in 2019 and Beyond: More of the Same, Only Better
By Steven Mih, December 6, 2018

Understanding AWS VPC Egress Filtering Methods
By Khash Nakhostin, November 14, 2018

Top Tags

Active Directory (AD)Amazon Partner Network (APN)Amazon Virtual Private Cloud (Amazon VPC)Amazon Web Services (AWS)Amazon WorkSpacesApplication VisibilityAviatrix Cloud InterconnectAviatrix ControllerAviatrix FireNetAviatrix Firewall Network ServiceAviatrix FlightPathAviatrix Hosted ServiceAWS Direct ConnectAWS Egress ControlAWS Transit Gateway (TGW)AWS VPNAzure ExpressRouteCasachekChefCiscoCisco Live 2018Cloud Architectscloud burstingCloud ComputingCloud Gatewaycloud governanceCloud MigrationCloud NetworkingCloudOpsCSRDevOpsEgress TrafficElon MuskEnterprise Strategy Group (ESG)FIPS 140-2GartnerGCP Next 16Google Cloud PlatformHub-and-Spoke NetworkHybrid CloudHyperFlex Multi-Cloud EcosystemInternational Data Corporation (IDC)Intrusion Detection System (IDS)Intrusion Preventions Systems (IPS)IPmotionJenkinsMalware DetectionMesh NetworkMicrosoft AzureMulticloudNetworking as a Servicenetworking infrastructureNext Generation Firewalls (NGFW)NiciraNoOpsNutanixNutanix CalmOpenVPN Access ServerPalo Alto NetworksPCI CompliancePci DssPublic CloudPublic Cloud NetworkingPuppetRemote AccessSafeLogicSD Cloud RouterSD-WANSoftware Defined Cloud RoutingSoftware-Defined Cloud RoutersSquidSSL VPN to AWSstorage and computeTransit DMZ Architecturetransit networkTransit VPCURL FilteringUse Casesvalidated encryptionVirtual Cloud NetworkVirtual Desktop Infrastructure (VDI)Virtual RoutersVMwareVNet ConnectivityVPCVPC PeeringVPN