SOLUTION BRIEF
Extending Azure Cloud Native Services for Cloud Networking
With Prosimo, organizations have the flexibility to leverage various networking services Azure provides to construct a cloud network. Additionally, they can implement a range of use cases using advanced networking features inherent to the platform.
BY CHINEDU EGONU
Challenge
Organizations commonly opt for Azure as their predominant cloud service provider, leveraging its extensive range of services to accelerate their digital transformation initiatives. Regarded as the preferred cloud platform for corporate IT, particularly in organizations with a significant Windows presence, the Azure platform offers many services that can be customized to meet an organization’s specific network architecture requirements.
Despite Gartner recognizing the significance of native networking capabilities as foundational, enterprise teams often grapple with complexities in navigating numerous services to establish a cohesive and scalable architecture. Facing challenges such as overlapping IP addresses, application layer segmentation, B2B access, and Zero Trust Network Access (ZTNA), enterprises seek cloud networking software solutions for deploying and managing architecture at scale.
Commencing their journey into the cloud, companies harness Azure’s built-in networking services as foundational components for diverse use cases. This underscores the focus on establishing connectivity and segmentation within and across Azure regions and data centers.
Azure’s networking services encompass the following categories:
- Network Layer Connectivity: Accomplished through Azure Virtual WAN, peering, ExpressRoute, etc., meeting connectivity and routing needs for VNets and network segments in data centers.
- App Layer Connectivity: Established using Azure Private Link, Azure Load Balancer, etc.
- Security: Ensured through native functions like traffic encryption, NSGs, Azure Security Center, and Azure Firewall.
- Fault Tolerance and High Availability: Achieved with Azure Kubernetes Service (AKS), Azure Load Balancers, etc.
- Traffic Optimization: Leveraging the Azure backbone, Azure Front Door.
Effectively using these cloud-native networking services demands specialized expertise, leading to learning curves that can cause delays in project schedules. Manual integration may result in complex networks that become challenging to manage, particularly when covering multiple VNets across diverse regions. Concerns raised by Prosimo’s enterprise customers encompass issues like inconsistent security measures, sub-optimal traffic routing, and diminished application performance or user experience during the cloud network construction phase.
To address these challenges, enterprises leverage a cloud networking software solution, which Gartner identified as the MCNS market. This solution excels in cloud-native services and incorporates a suitable abstraction layer, effectively concealing complexity and delivering added value by tackling advanced use cases. Customers of Prosimo benefit significantly when implementing the Prosimo Platform in their cloud environment.
The Prosimo platform stands as a comprehensive cloud-native multicloud networking solution, fostering connectivity through collaboration with the most efficient network services from individual cloud providers, unconstrained by the limitations of monolithic virtual appliances.
Key features of the Prosimo Platform encompass:
- Orchestrating connectivity through native network functions within the cloud provider’s environment.
- Addressing advanced use cases such as overlapping IP and service insertion.
- Establish a unified architecture to link networks, FQDNs, and PaaS endpoints.
- Determining the optimal traffic path across regions and data centers.
Prosimo and Azure - Unified Cloud-Native Transit
The Prosimo platform seamlessly integrates with the Azure cloud environment, coordinating various native networking services across regions. This ensures the availability of crucial cloud networking components. Consequently, organizations can utilize the advanced networking features the Prosimo platform provides to address specific use cases.
This ranges from securing user access to cloud resources following Zero Trust (ZT) principles to establishing a secure and optimized network structure for app-to-app and network-to-network communication. Prosimo effectively orchestrates the foundational elements within Azure, offering added value, as detailed in the following sections
Service Layer Connectivity and Segmentation
- Enables transit by configuring Azure Private Link and service endpoints, linking application endpoints or services (such as Fully Qualified Domain Names, Platform-as-a-Service offerings, and serverless applications).
- Organizations are relieved from concerns about applications with overlapping addresses and can implement scenarios like B2B access where network layer access may not be viable.
- Expand regional structures like Azure Private Link to accommodate applications in any region or cloud, including data centers.
- Organizations with shared services concentrated in one region or cloud can leverage Prosimo to coordinate private link connectivity for applications in other regions or clouds requiring shared service access.
- Delivers Layer 7 visibility and insights, encompassing the total response time at the HTTP layer and a breakdown of response times at each hop (Cloud Ingress, backbone, and application VNet).
- Configures and oversees Private DNS zones in Azure DNS Service Directory to guide traffic at the DNS layer from source VNets to target destinations.
- Establishes a dedicated segment for each application/FQDN and allows authorized access strictly based on policies.
Network Connectivity and Segmentation
- Orchestrates new Azure Virtual WAN (VWAN) Hub in any region.
- Discovers existing VWANs and their attached VNETs in brownfield scenarios.
- Updates VWAN Hub and attached VNET routing tables to ensure network reachability to/from VNETs based on connectivity policy.
- Manages exception handling and alerts if duplicate IPs are detected during onboarding.
- Orchestrates attachment of Azure ExpressRoute Gateway to Virtual WAN as an underlay.
- Enables seamless cross-account peering between app/infra accounts.
- Implements a high-performance encrypted overlay abstracted over any underlying transport.
- Establishes network-layer segmentation using the Prosimo policy engine.
- This ensures that only authorized traffic flows not only between entire VNETs but also between specific subnets.
Fault Tolerance
- Leverages Azure Kubernetes Service (AKS) as the cloud-native data path.
- This empowers the platform to provide horizontal auto-scaling and auto-failover capabilities, eliminating the necessity for manually managing multiple appliances and scaling them separately.
- Utilizes Azure Service Principal to orchestrate or deploy regional Kubernetes clusters with autoscaling to ensure gateway High Availability.
- Coordinates Azure Load Balancers to guarantee network High Availability.
Security
- Ensures a TLS-encrypted data path across transit established over native peerings, private links, and Azure Virtual WAN (VWAN) attachments.
- Implements multiple layers of security (Geo-fencing, IP, certificates, Device posture, etc.) native to the platform.
- Organizations establish a secure boundary around each application and implement Zero Trust Network Access (ZTNA) based on various access criteria.
- Incorporates Embedded Web Application Firewall (WAF) to safeguard against cyber threats at the application layer (SQLi, XSS, etc.).
- Optionally, a Connector can be deployed for micro-segmentation within a Virtual Network (VNet).
- Enables seamless firewall insertion for east-west traffic within a region or across other regions/clouds
Optimization
- Utilizes the Azure backbone to establish express lanes that balance performance and cost requirements.
- Orchestrates Azure Front Door service to optimize the performance of latency-sensitive applications.
- Incorporates additional L4-L7 optimization capabilities, including caching and compression, embedded within the Prosimo platform.
Enhance visibility and boost uptime: The Prosimo platform evaluates the quality of the network across Azure network segments and monitors application response times. This enables the platform to differentiate between network and application issues, substantially reducing Mean Time to Resolution (MTTR).
Ensure consistent segmentation across the cloud: Once deployed, Prosimo sets up the foundation to uniformly configure and deploy segmentation policies across various VNets and regions in the cloud. This ensures that authorized endpoints and networks participate in a bidirectional communication flow.
Autonomous Cloud Networking: Prosimo’s Autonomous Cloud Networking integrates machine learning and AI functionalities to analyze the network fabric. It delivers recommendations for enhancing performance or reducing egress charges every 24 hours.
A network as adaptable as the cloud: Embracing daily recommendations or making intentional changes to the transit fabric is smooth and executed within minutes. This is made possible by a cloud-native network fabric that upholds consistent policies irrespective of modifications to the network path.
Summary
With Prosimo, organizations have the flexibility to leverage various networking services Azure provides to construct a cloud network. Additionally, they can implement a range of use cases using advanced networking features inherent to the platform.
To witness Prosimo in action, sign up for a trial in the Azure Marketplace.