- Hi, this is Mike. I'm a solution architect with Aviatrix, and today I'm gonna show you how to use Aviatrix to solve a common cloud networking challenge, connecting your corporate data center, with many VPCs often in multiple cloud providers in various accounts and regions spread across the globe. We use the controller we set up in our previous video to build out a solution. AWS promotes using a global transit architecture to solve this problem, and recommends Aviatrix for implementing the solution. With the global transit architecture, we can share a single direct connection with many VPCs, reducing the friction of on-premise teams while providing the agility cloud teams have come to expect. Our final architecture will look like this. We'll build out each component and connection using a wizard provided in the Aviatrix controller. Let's start by logging into our controller and going to the transit network wizard. You can read about these steps in more detail from our documentation. Let's take a look at step one. Our first step is provision Aviatrix gateway and its HA counterpart, and place it in the transit EPC. To start off, you'll need to provide a name for this gateway and select the appropriate AWS account, region, VPC, and subnet. We are gonna deploy this gateway. Finally, select the size of the gateway. The gateway size can be changed at any time, so we often recommend starting with something small, like a t2.micro, and adjusting as your needs require. Next, enable HA by selecting the transit gateway we just created and a subnet in a different availability zone and clicking enable. When that's complete, let's connect our transit gateway to the VGW where your direct connect connection terminates. The transit gateway will exchange routes using VGP with your data center and the cloud using this tunnel. Once the routes are exchanged, the controller will propagate the routes to the connected VPCs and AWIs or any other connected cloud environments. We'll provide a name in ASN, then select the account and region where your VGW resides. Once ready, click okay to make the connection. Now we're ready to prepare our spoke VPCs for connectivity to the data center. Let's start with our first spoke, the production VPC. First we'll deploy an Aviatrix gateway in this VPC. Give it a name and then select the account, region, VPC, and subnet from the drop-downs. And then click okay once you're ready to deploy it. Once the gateway is deployed, we can enable HA for this spoke. If there's a problem, the controller will detect it, fill over automatically, and alert you, so you never have to worry about downtime on this gateway or any other tunnels that are connected. Now we'll complete the same steps for the other two VPCs. We'll start with the staging, followed by development. These steps can be repeated for each VPC you have that needs connectivity to the data center. Whenever a VPC needs connectivity, you can either come back here and repeat these steps or automate them using Terraform, CloudFormation, Python Go SDKs, or even use the REST APIs directly. With a centralized controller, Aviatrix contains everything you need in one place. There are no external scripts to manage and maintain, and no confusion over who to call for support when there's a problem. Centralized management also means a central place to go for logging, monitoring, alerting, so you always know the health of your gateways. You can also forward these logs to other systems with built-in integration, with Sumo Logic Datadog, for example. Aviatrix is built from the ground up using cloud native approaches, with cloud teams in mind, so it's simple to use and simple to manage. With a gateway in each spoke and HA-enabled, we're ready for these instances to be connected to our data center via the transit VPC. In order for this connectivity to be established, we'll attach our VPCs to the transit one-by-one. This can be done whenever you're ready to establish connectivity, either earlier with the steps of creating the gateway or now or at a later date, whenever you prefer. Remember, there is no VTP in the cloud. It's all software-defined. If a problem occurs, a cloud operations team member can easily handle the troubleshooting without worrying about learning a new protocol. There's a convenient table that shows you the current display of spokes in HA. And that's it. In just a few short minutes, you've set up AWS's recommended global transit architecture in your environment. This architecture makes it easy to add new VPCs that require connectivity to the data center without requiring changes to your on-premise firewall or router. Routes are automatically propagated between the cloud and your on-premise environment. Give Aviatrix a try today at aviatrix.com/trial. Thanks for watching.

Lectures:

• Cloud Networking - The Common Journey
• The Common Patterns with VPC Design
• Designing a Transitive VPC Architecture
• Managing Network Security at Scale
• DEMO - Setting up a Transitive Controller
• DEMO - Setting up a Transitive Hub