Aviatrix for Microsoft Azure

Aviatrix for Microsoft Azure

Aviatrix provides a comprehensive cloud networking capability to simplify the way you connect Azure VNets to VNets, sites to Azure cloud, users to Azure cloud.

Aviatrix Cloud Interconnect (ACX) for Azure enables Enterprises to adopt, build and scale their Azure environment. Unlike traditional on-prem virtual networking appliances that can run in the cloud requiring complex manual configuration and deep networking knowledge, Aviatrix Cloud Interconnect System is purpose built for Azure to enable DevOps and CloudOps professionals to rapidly build and scale their Azure cloud environments with point-and-click simplicity and agility.

Aviatrix for Azure consists of two components: Aviatrix Cloud Controller, which is deployed in Azure Cloud or on premises in an Enterprise data center; and the Aviatrix Gateway deployed in Azure VNets or on-prem as a virtual appliance or in other Cloud Providers VPCs.

Aviatrix Cloud Controller integrates with Azure through its APIs and provides centralized orchestration and management for one or more Aviatrix Gateways. Aviatrix Gateways provide various cloud routing, security, NAT and firewall services and functions, allowing cloud operators to rapidly build secure connectivity across their enterprise’s Azure footprint (VNets) as well as their enterprise sites (data centers, branches) and End Users. ACX automates many complex, cloud network deployment and configuration tasks thus, making cloud networking as simple and straight forward as cloud compute and storage deployment and operations.

Aviatrix for Azure consists of two components: the Aviatrix Gateway, which is deployed on-premises or in the VNet; and the Aviatrix Cloud Controller, which provides centralized orchestration and management of one or more Gateways.

Why Customers Choose Aviatrix

Comprehensive Cloud Networking Solution

Built for Azure, addressing many cloud networking scenarios and use cases enabling rapid cloud adoption, migration, global scaling, multi-cloud combined with hybrid cloud and secure remote access capabilities.


Centrally managed, point and click networking solution that can be deployed in minutes. Integrated with Azure IAAS layer and Services.

Highly Available

Built-in gateway redundancy supports hot standby and failover in seconds. The solution does not require a unique public IP address on the hub gateway connecting to each spoke gateway. No limits on the number of spoke VNets can be connected to the hub VNet.

Intra-cloud and Inter-cloud Visibility

Central dashboard monitors, displays end to cloud network topology and status while providing comprehensive logging and monitoring at the network and user level resources and usage.

End-to-End Security

Stateful firewall and software defined routing at the gateway to enforce across VNet and across cloud security policies. Integrated OpenVPN based SSL Remote Access service that allows remote end users to connect to their Azure Cloud Environments directly.

Cost Saving

Aviatrix Cloud Networking solution for Azure requires no new hardware, increases operations efficiency and reduces complexity in building and operationalizing Azure Cloud and Hybrid Cloud and Multi Cloud Environments.

Secure Inter-region VNet Peering and Multi-Cloud Peering for Azure (Global Transit Hub Architecture)

Simplify the way you inter-connect VNets across Azure regions, connect your data center to a VNet, and connect Azure VNets to other Cloud Providers such as AWS and GCloud. Easy to set up, fully encrypted, and peering based on policy. Highlights include:

  • Enables centrally controlled, point and click deployment of Global Transit Hub VNet Architecture for VNet connectivity
  • Enables centralized multi-cloud networking and multi-cloud use cases.
  • Automatic discovery of Cloud Network in-service inventory such as VNets, Routing and Security infrastructure and configurations.
  • High availability support for Controller, Gateway and connections.
  • Automatic configuration of routing across VNet networks; no static routes necessary
  • Policy-based routing
  • Integrated Stateful Firewall
  • Integrated NAT for addressing complex IP overlap and hybrid networking scenarios.

Secure Remote Access to Azure: SSL VPN

Aviatrix Cloud Interconnect System (ACX) enables enterprise-class secure remote access to Azure. Aviatrix SSL VPN to Azure offers global-scale, full-function remote access VPN capabilities, enabling enterprise end users and partners to directly connect to Azure from their Windows, Mac, and Android devices.
Azure Remote Access

Combined with Aviatrix cloud to cloud peering, Aviatrix remote access VPN allows users to securely access their environments with a single certificate, even if they are distriburted across multiple VNets, regions, and cloud providers. This capability greatly reduces user VPN management time for Cloud teams:

  • Supports remote access for end users to connect to the cloud directly.
  • Supports wide range of clients: Windows, OS X, Linux, Chromebook, Android, and iOS.
  • Supports a scalable and highly available Cloud VPN solution.
  • Integrated with Azure load balancing, the solution scales to large number of VPN gateways to serve thousands of users and bandwidth.
  • Supports multi-factor authentication: Duo, LDAP, and Okta.
  • Supports SAML authentication with Aviatrix proprietary VPN clients for Windows, OS X, and Linux.
  • Supports user-profile based access rules that allow administrators to define and enforce access privilege to any resources (network, protocols, and ports) in Azure VNet at the perimeter of the enterprise cloud network.
  • Supports the following log forwarders for remote logging: Logstash, Splunk, Sumo Logic, and rsyslog.
  • Supports split-tunnel and full-tunnel mode.
  • Supports modular configuration to support incremental configuration as your environment scales.
  • Supports active user dashboard and user browsing activity.
  • Requires no extra hop to access instances in different VNetS.
  • Supports multiple accounts for different business groups and projects.

Encryption on Azure Express Route

Azure ExpressRoute provides a high speed, low latency connectivity to Azure. These connections are terminated on the cloud edge gateways provided by Azure.

These connections enable private, high bandwidth and low latency link between customer’s on-prem or Co-lo based network and the cloud without going through the Internet. However, the traffic moving on these links is not encrypted creating security and compliance challenges.

Many enterprises, specifically in the financial and healthcare sectors, require all traffic leaving the premises to be encrypted even when connecting directly to their own private environments in the public cloud.

Aviatrix provides a unique and powerful solution to enable high performance encryption on top of an established Express Route link between Azure VNets and customer site or customer Co-lo site.

With the Aviatrix solution, an encrypted IPSec tunnel is established between the Aviatrix gateway and customer’s edge network or Aviatrix Virtual Appliance over an established Express Route connection. Features include:

  • No additional hardware is required to encrypt traffic.
  • The Aviatrix central controller offers point-and-click deployment.
  • The Aviatrix Gateway interoperates with third-party IPsec-enabled routing and firewall devices.
  • Aviatrix gateways support 1:1 redundancy for high availability. The controller monitors all IPsec tunnel status. If the tunnel goes down, the controller automatically re-programs the cloud infrastructure routing table to switch to a standby gateway instance.
  • The controller provides diagnostic capabilities for troubleshooting the gateway and IPsec tunnel status.
  • Extensive logging allows administrators to have complete visibility of network traffic.
GCP Encryption

One-Click Hybrid Cloud to Azure

Aviatrix CloudN is a virtual appliance deployed inside an enterprise datacenter to build and scale hybrid cloud environments to Azure without making any changes to your enterprise edge routers or security devices. Features include:

  • Manage Cloud Address Space: No more spreadsheets to manage your cloud address space.
  • Easy to Deploy: Deployed without touching existing edge network infrastructure.
  • Fast to Provision: Provision a VNet with secure tunnel to datacenter in minutes.
  • Simple to Use: 1-click operation to create and delete VNet with secure tunnels.
  • Rapid Scaling: Creates multiple VNets in any region with secure connectivity.
  • Full Mesh Connectivity: Inter-region VNet can be securely peered in minutes.
  • IT Supported Self Service: Workflow allows multiple users to create VNets.
  • Billing Visibility: Support Multiple Azure accounts for chargeback to different internal departments