Arrow down
arrow down
Arrow down
Arrow down
Arrow down
Cloud/Multi-Cloud
 | Nov 29, 2018

Why should data centers have all the fun? Network verification now available for AWS

What’s been the biggest change to networking in the past decade? While there have been tremendous improvements in automation, capacity and mobility, nothing has had a greater impact on IT organizations than cloud migration. We all know the business drivers behind this evolution, from cost efficiency and resource elasticity, to backup and disaster recovery. But […]

What’s been the biggest change to networking in the past decade? While there have been tremendous improvements in automation, capacity and mobility, nothing has had a greater impact on IT organizations than cloud migration. We all know the business drivers behind this evolution, from cost efficiency and resource elasticity, to backup and disaster recovery. But there are still concerns and hurdles in migrating a vast majority of mission critical workloads and traffic to the cloud.

The biggest challenges have to do with loss of control and visibility; of data, network policies and security. Cloud platforms are easy to spin up and are architected to be pretty generic in nature for simplicity and flexibility. But to network engineers, they tend to look like black boxes, where the activity and outputs are clear, but you don’t have the same visibility to network policy details as on-prem infrastructure. Ultimately, this can lead to potential security breaches and data loss, or resistance to migrate to the public cloud.

Simplicity as a Trade-off for Visibility and Control

The Console Wizard for AWS Virtual Private Cloud (VPC), for example, is a very straightforward, streamlined tool for setting up a sophisticated hosted private network. It allows IT teams to design dedicated subnets with security policies, load balancers and routing protocols to front-end application workloads. But, it does not provide the visibility and control of end-to-end paths or the ability to analyze and verify traffic patterns and security controls that network and compliance teams require. Even basic tools, like traceroute, through an AWS VPC, is not available. Not to mention more stringent tests for network isolation, sophisticated access controls, NAT rules, routing behavior, or VPN policies. Trying to determine actual network and security policies from the AWS console is frequently an exercise in futility.

This contrast between on-premises networks and cloud is even more acute in hybrid cloud deployments. For application networks and traffic that span on-prem and cloud infrastructure, why do we have to lose visibility to our infrastructure at the gateway to our provider? This is where Forward Networks comes in.

Forward Networks for Hybrid Cloud

Forward Networks has pioneered the ability to verify the end-to-end behavior of networks and then compare that behavior to defined intent, security policies and compliance requirements. We can quickly verify all possible paths through a network that comply with a policy or network intent, or we can confirm the proper isolation (lack of access) between subnets and devices. We shift focus from individual box-by-box testing to analyzing paths through the network end-to-end and the policy behaviors they allow. This moves network troubleshooting from a reactive (after the fact) activity, to a proactive, error isolation and removal (before an incident) methodology for the first time.

The path-oriented focus that Forward Networks provides is only natural to now extend to hybrid cloud environments. Having the same visibility and policy verification for the cloud component of your infrastructure will greatly accelerate adoption of hybrid and public cloud deployments and simplify network operations. We are starting with AWS VPC support, which is now available in our latest Forward Enterprise release.

Amazon Virtual Private Clouds are implemented as subnets within AWS with virtual network devices such as load balancers, routing tables, security policy groups, access control lists, NAT gateways, VPN gateways and access layer switches that interface to each EC2 virtual workload. Imagine if instead of a “black box” subnet view, each of these virtual devices could be represented as an extension of your physical infrastructure on an always up-to-date topology diagram. And not only having easy access to individual device configurations and state details, but to analyze and verify the end-to-end path behaviors flowing from any on-premises device all the way through to any cloud edge switch and application workload.

Forward Enterprise supports connectivity to AWS through VPN connections (AWS Virtual Private Gateway – VPG), direct connect through VLAN encapsulation or through public internet. Ensuring proper VPN security posture and connectivity is critical for security conscious organizations that are hesitant to migrate. And that’s just one of many security and policy checks that we can enable for the first time.

Now the Cloud Includes Industry-Leading Verification and Compliance

What kind of policy checks and behaviors are we talking about for a hybrid cloud? Forward Enterprise can verify that only a specific port from on-premises devices can reach the public cloud. Or verify that there is complete network isolation from the public cloud to any on-premises subnet or device. If you are familiar with Forward Enterprise search and verify capabilities, you know that the policy checks are almost limitless when you take into account all the IP networking attributes and parameters that can be designed into search queries.

Moving this level of visibility to individual public cloud virtual devices and subnets promises to alleviate many of the compliance concerns for public cloud adoption. A primary use case for AWS VPC visibility, in fact, is to verify the accurate implementation of business and security policies pre- and post-migration when migrating services to the cloud. Forward Enterprise can verify policy requirements are met consistently in the cloud as when completely on-premises. With no guessing, risk or roll-back.

The end result will be a dramatically new method for viewing, analyzing and controlling AWS-deployed services, consistent with the superior path-based analysis Forward Networks has already achieved with on-premises networks. IT organizations will finally be able to combine elasticity and efficiency of the public cloud with complete confidence and control.

Want to learn more? Reach out to us or watch our video demo:

Do you have any comments for us? Share them on social media

Chiara Regale

Chiara Regale is the SVP of Product and User Experience at Forward Networks. Prior to Forward, Chiara was a Director of Product Management for the Insieme business unit at Cisco Systems. She was also a Director of Product Management at Riverbed Technology.

Related Posts

Browse all posts
Industry Recognition

Awards

Winner of over 20 industry awards, Forward Enterprise is the best-in-class network modeling software that customers love.
2022 Synergy Award
2023 Mobile Breakthrough Award
2023 Cloud Computing Award
2024 Globee Awards Winner for Cybersecurity
2022 Customer Service Award
2024 Globee Award Winner - Disruptor
2023 Stratus Award
Security Today Award
The Security Awards
2023 Cyber Defense Magazine
Broadband Award
The Golden Bridge Award
2022 Cyber Security Award
GSMA 100 Award
Global Infosec Awards Winner 2023 - Cyber Defense Magazine
Target Tech Innovation Award
Info Security Gold and Silver Award
Gartner Cool Vendor Award
visit our press room

Subscribe to our newsletter

Make sure you don't miss a post by signing up here for our monthly 'Moving Forward' newsletter
Top cross linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram