Public cloud solutions offer a lot of well-known benefits, but they also pose the occasional challenge. For example, organizations are used to having precise control over all the network traffic in their data centers, and they count on that level of control to perform critical security checks. As corporate workloads move to the public cloud, IT operators are challenged to ensure that their security measures come along as well.
To deliver comprehensive security, IT administrators often will create a manually-configured daisy chain that links multiple security products, each providing a key element or capability to the overall security stack. In light of the fact that most network traffic is encrypted, these security products need the ability to either decrypt traffic before inspection or to accept decrypted traffic from another device.
That’s where F5 SSL Orchestrator comes in. De-encryption and re-encryption take a lot of computational power, so it doesn’t make sense for each device in the chain to undertake these tasks irrespective of whether or not other devices are doing so. SSL Orchestrator streamlines the process by decrypting traffic once and passing it to one or more security devices in a dynamic service chain. When all relevant devices in the security stack have had their turn with that decrypted traffic, SSL Orchestrator re-encrypts it and sends it along to the original destination. By eliminating multiple instances of de- and re-encryption, security checks are performed at optimal speed and with no noticeable latency or delay to the user.
This is fairly standard stuff for on-premises or data center traffic, but IT operators may find it more difficult to configure for public cloud. It can be done, but depending on the architecture, it may require manually creating and managing a complex set of routing table rules.
To help bypass the difficult, tedious, and error-prone task of manually maintaining these route tables for public cloud deployments, F5 partners with Aviatrix. Aviatrix is a leader in cloud network platforms and delivers a range of products designed to dramatically simplify cloud networking at large scale. Aviatrix gateways manage traffic as it enters and exits to and from your cloud deployments in AWS, Azure, Google Cloud, and Oracle Cloud.
For SSL Orchestrator administrators, Aviatrix provides a simple interface to public cloud APIs and dynamically defines and adjusts routing tables as needed. Aviatrix significantly simplifies insertion of F5 SSL Orchestrator into the traffic flow, and the combined solution eliminates the need for administrators to manually propagate and update routing tables with every small change to the environment.
“The Aviatrix cloud network platform and FireNet reference design simplifies F5 SSL Orchestrator integration for customers in public clouds. The integrated solution also drives increased performance and multi-cloud visibility. Aviatrix automates traffic routing and route table updates, while F5 streamline SSL decryption, together supporting the entire service chain and improving cloud operational efficiency.”
– Rod Stuhlmuller, Vice President of Product Marketing, Aviatrix
To learn more about how Aviatrix handles multi-cloud complexity so that you don’t have to, please see the use case, Enhancing F5 SSL Orchestrator deployments in the public cloud with Aviatrix.
About the Author
Related Blog Posts
The everywhere attack surface: EDR in the network is no longer optional
All endpoints can become an attacker’s entry point. That’s why your network needs true endpoint detection and response (EDR), delivered by F5 and CrowdStrike.
F5 NGINX Gateway Fabric is a certified solution for Red Hat OpenShift
F5 collaborates with Red Hat to deliver a solution that combines the high-performance app delivery of F5 NGINX with Red Hat OpenShift’s enterprise Kubernetes capabilities.
F5 accelerates and secures AI inference at scale with NVIDIA Cloud Partner reference architecture
F5’s inclusion within the NVIDIA Cloud Partner (NCP) reference architecture enables secure, high-performance AI infrastructure that scales efficiently to support advanced AI workloads.
F5 Silverline Mitigates Record-Breaking DDoS Attacks
Malicious attacks are increasing in scale and complexity, threatening to overwhelm and breach the internal resources of businesses globally. Often, these attacks combine high-volume traffic with stealthy, low-and-slow, application-targeted attack techniques, powered by either automated botnets or human-driven tools.
Volterra and the Power of the Distributed Cloud (Video)
How can organizations fully harness the power of multi-cloud and edge computing? VPs Mark Weiner and James Feger join the DevCentral team for a video discussion on how F5 and Volterra can help.
Phishing Attacks Soar 220% During COVID-19 Peak as Cybercriminal Opportunism Intensifies
David Warburton, author of the F5 Labs 2020 Phishing and Fraud Report, describes how fraudsters are adapting to the pandemic and maps out the trends ahead in this video, with summary comments.