Public cloud solutions offer a lot of well-known benefits, but they also pose the occasional challenge. For example, organizations are used to having precise control over all the network traffic in their data centers, and they count on that level of control to perform critical security checks. As corporate workloads move to the public cloud, IT operators are challenged to ensure that their security measures come along as well.
To deliver comprehensive security, IT administrators often will create a manually-configured daisy chain that links multiple security products, each providing a key element or capability to the overall security stack. In light of the fact that most network traffic is encrypted, these security products need the ability to either decrypt traffic before inspection or to accept decrypted traffic from another device.
That’s where F5 SSL Orchestrator comes in. De-encryption and re-encryption take a lot of computational power, so it doesn’t make sense for each device in the chain to undertake these tasks irrespective of whether or not other devices are doing so. SSL Orchestrator streamlines the process by decrypting traffic once and passing it to one or more security devices in a dynamic service chain. When all relevant devices in the security stack have had their turn with that decrypted traffic, SSL Orchestrator re-encrypts it and sends it along to the original destination. By eliminating multiple instances of de- and re-encryption, security checks are performed at optimal speed and with no noticeable latency or delay to the user.
This is fairly standard stuff for on-premises or data center traffic, but IT operators may find it more difficult to configure for public cloud. It can be done, but depending on the architecture, it may require manually creating and managing a complex set of routing table rules.
To help bypass the difficult, tedious, and error-prone task of manually maintaining these route tables for public cloud deployments, F5 partners with Aviatrix. Aviatrix is a leader in cloud network platforms and delivers a range of products designed to dramatically simplify cloud networking at large scale. Aviatrix gateways manage traffic as it enters and exits to and from your cloud deployments in AWS, Azure, Google Cloud, and Oracle Cloud.
For SSL Orchestrator administrators, Aviatrix provides a simple interface to public cloud APIs and dynamically defines and adjusts routing tables as needed. Aviatrix significantly simplifies insertion of F5 SSL Orchestrator into the traffic flow, and the combined solution eliminates the need for administrators to manually propagate and update routing tables with every small change to the environment.
“The Aviatrix cloud network platform and FireNet reference design simplifies F5 SSL Orchestrator integration for customers in public clouds. The integrated solution also drives increased performance and multi-cloud visibility. Aviatrix automates traffic routing and route table updates, while F5 streamline SSL decryption, together supporting the entire service chain and improving cloud operational efficiency.”
– Rod Stuhlmuller, Vice President of Product Marketing, Aviatrix
To learn more about how Aviatrix handles multi-cloud complexity so that you don’t have to, please see the use case, Enhancing F5 SSL Orchestrator deployments in the public cloud with Aviatrix.