Securing Large Scale AWS Deployments with a Transit VPC

Matt Keil


Category: Cloud Computing

As your AWS deployment grows, your workloads are commonly accessing other resources within another VPC, on the web, in the corporate data center. As the number of AWS accounts and VPCs grows, you are faced with two challenges. First, managing the many individual workload and resource connections becomes complex and difficult to manage, often slowing deployments. Second, you need to ensure that the process of protecting applications and data doesn’t become a bottleneck for new application deployments.

A commonly used approach to securing many VPCs is to backhaul all traffic to a physical, on-premises firewall. This approach rapidly becomes costly and cumbersome in terms of bandwidth consumption and management. Yet another approach is to deploy security for each VPC or workload. This approach can inject friction into the application deployment process, and as the number of VPCs expands, management becomes challenging.

 

Transit VPC with the VM-Series

A third and more cost-effective approach is to deploy a Transit VPC that utilizes a hub and spoke architecture to centralize common services such as connectivity and security. The spokes will house workloads, application development projects, and so on. All spoke traffic will “transit” the hub for connectivity and security via our VM-Series.

REAN Cloud and Palo Alto Networks have collaborated to create a fully automated Transit VPC with the VM-Series on AWS. To learn more, please join us on for a webinar on Thursday May 3 at 10:00 AM PST. We’ll cover:

  • Transit VPC architecture and components
  • Automating the deployment of the hub
  • How spokes are automatically added and removed

Register now for Strengthening Your Security Posture With a Transit VPC

A key benefit of using AWS to deploy enterprise class workloads is the ability to quickly scale your environment, adding new workloads, VPCs or accounts in an automated manner. Growing large scale AWS deployments can introduce security and connectivity management challenges. The Transit VPC with the VM-Series allows security teams to build a centralized security architecture that becomes part of the application development fabric, scaling as needed yet transparently protecting applications and data from threats.

Got something to say?

Get updates: Unit 42

Sign up to receive the latest news, cyber threat intelligence and research from Unit42

By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement.


© 2018 Palo Alto Networks, Inc. All rights reserved.