Unity EdgeConnect Simplifies and Automates Connectivity to AWS Transit Gateway Network Manager

Enterprises experience a fully scalable and automated cloud experience when using the Unity EdgeConnect SD-WAN edge platform to connect to the AWS Transit Gateway Network Manager, assuring secure branch-to-cloud and branch-tobranch connectivity


  • • Simplified, automated deployment of large-scale branch connectivity across the global AWS network using secure IPsec tunnels and automated route exchange
  • • Faster onboarding to applications and workloads — both to and from AWS, on-premises data center resources and branch locations
  • • Secure,optimizedbranch-to-branch connectivity leveraging the global AWS network across the same or multiple regions

The Modern Enterprise WAN Today

Adopting cloud services and platforms as part of a digital transformation strategy is no longer optional. Enterprises are under growing pressure to rapidly innovate to increase agility, outpace the competition and automate processes to satisfy customers and achieve financial growth. But in order to achieve a successful digital transformation and realize the full benefit of cloud investments, enterprises must transform their existing network infrastructure.

Enterprises with geographically distributed locations that are dependent on traditional WAN architectures that used leased lines or MPLS connectivity are fast-realizing that this approach is no longer practical for managing cloud-destined traffic. Backhauling cloud-destined traffic to data centers introduces latency and negatively impacts application performance. Furthermore, traditional WAN architectures simply can’t keep pace with the dynamic nature of multi-cloud traffic flows, thus increasing operational complexity when it comes to provisioning, deployment and management. Enterprises need a cloud-first, secure and application-aware solution that makes it easy to connect branch locations to the cloud while meeting performance needs and keeping costs in check.

A new approach: Introducing Amazon Transit Gateway Network Manager

Global enterprise networks tend to be hybrid in nature and include applications and workloads hosted in on-premise data centers as well as the cloud. To avoid increased costs resulting from missed insights into their respective networks, enterprises need real-time monitoring of their entire global network.

The AWS Transit Gateway Network Manager (TGNM) as shown in Figure 1, provides enterprises with complete observability of their entire network, including applications and workloads running in the cloud, all from a centralized, operational dashboard. Enterprises can visualize their global network via a topology diagram and/or a geographical map.

Some of the key benefits of the AWS Transit Gateway Network Manager include:

> Centralized Network Monitoring: Includes events and metrics to monitor the quality of the enterprise global network, both in AWS and on premises. Event alerts specify changes in the topology, routing, and connection status. Usage metrics provide information on up/down connections, bytes in/out, packets in/out, and packets dropped.

> Global Network Visibility: Visualize and monitor the enterprise global network from a single dashboard using the AWS TGNM. Customers receive access to multiple views: list view, logical view, and map view of their network resources and connectivity. The AWS TGNM provides pro-active notification of unhealthy connections, changes in availability and performance across AWS Regions and on-premises sites.

> SD-WAN Integration: Seamless integration with the Unity EdgeConnectTM SD-WAN edge platform provides a unified interface to manage the entire global network across AWS and on-premises locations. Silver Peak Unity OrchestratorTM management software supports automated configuration of AWS site-to-site VPN connections from enterprise locations to AWS.

Figure 1: Branch-to-cloud and branch-to-branch connectivity using AWS TGNM.

Silver Peak and AWS enable Automated Network Deployments

The Silver Peak and AWS integrated solution automates network deployments, removing the complexity of manual, time-consuming, step-by-step configuration and connectivity of individual branch offices to local AWS Points of Presence (PoPs). Enterprise customers can use the EdgeConnect platform to automate the onboarding of new locations to the AWS cloud while using any combination of underlying transport: MPLS, broadband internet or 4G/LTE connectivity. This results in operational efficiency and faster time-to-market, all without compromising security.

The solution enables customers to optimize routing within the AWS global network, speeding up access to cloud resources across the globe. Additionally, this joint solution offers new levels of operational flexibility. Cohesive policy configuration and deep analytics simplify network expansion and troubleshooting. EdgeConnect uses AWS TGNM APIs to provide automation to speed and simplify network deployments of any size.

Unity Orchestrator uses the TGNM WAN API to target the branches in the network, and associate them to a Transit Gateway, configuring both ends of the tunnel endpoints for each branch as shown below in Figure 2. The EdgeConnect appliance in the branch then establishes standards-based IPSec tunnels that terminate at the head-end gateway in AWS. Orchestrator continuously monitors the status of the connections and redirects traffic to alternate tunnels or gateways as needed.

Benefits of the Integrated Silver Peak and AWS TGNM Solution

This integrated solution automates connectivity to AWS and reduces enterprise branch cloud onboarding time from days/hours to a few minutes per site. In the absence of this automation, network administrators would need to revert to a manual process repeating multiple time-consuming steps to connect each branch office to the AWS network, resulting in increased operational complexity and support costs.

Figure 2: The Unity Orchestrator dashboard provides a single view with easy configuration and provisioning for enterprise connectivity to AWS TGNM.

Orchestrator automates the following functions as part of connecting to the AWS TGNM:

  • > Identifies which branch connects to which AWS TGNM instance, including automatic configuration of the tunnel endpoints
  • > Monitors the state of connections and automatically steers traffic to alternate tunnels/links depending on the link quality and the application requirements
  • > Secures and optimizes branch-to-branch connectivity leveraging the global AWS network in the same or multiple regions
  • > Scales operations for tens of thousands of branch locations

The Silver Peak SD-WAN cloud onramp provides an automated way to integrate public cloud infrastructure into the SD-WAN fabric. The EdgeConnect SD-WAN edge platform enables multi-cloud infrastructure fully integrated into the SD-WAN with common policy, segmentation, and security. Silver Peak enables enterprises to become more agile as they move to the cloud through operational efficiency and simplifying how IT deploys new cloud-based applications, while maintaining a high level of security and delivering a consistent user experience.

Appliance, Application Visibility & Control, Best Practices, Business Intent Overlays, Cloud Intelligence, Customer, Dynamic Path Control, EdgeConnect, Internet Breakout, Latency, Measuring Results, Network Monitoring, Path Conditioning, Real-Time Monitoring, Replication Acceleration, Reporting, SD-WAN, Security, Unity Architecture, Unity Boost, Unity Orchestrator