Written by Allyn Crowe, Nexum Senior Security Engineer
If you’ve been following me on LinkedIn for any amount of time you know I’m a huge fan of Aviatrix.
I think what they bring to cloud deployments is critical for ongoing operations, especially as companies start maturing in their cloud adoption. If you’re not familiar with Aviatrix, they are a cloud networking and security platform. They work with the major cloud service providers (CSP), currently, AWS, Azure, GCP, and OCI, and provide an independent way of architecting your cloud infrastructure. This allows you to build assets in each CSP to leverage their strengths without either compromising on the design or having to have a design specific to each CSP. Their multi-cloud network architecture (MCNA) gives you a CSP independent architecture that allows you to document and define where different assets will operate.
With that said, this post is all about the new features they’ve just released in their CoPilot 1.4 release. CoPilot is their Day 2 operations tool that puts the tools at your fingertips that you’re used to as an on-prem network engineer, along with the tools you want as you look into cloud networks. These tools include things like Dynamic Topology Mapping (with bouncy physics!), Network Flow visualization, packet captures, etc. In the roughly 10 months since its introduction (it went GA in April of 2020) CoPilot has added tools and features to make it more useful, all deployed automatically through automated upgrades. This new 1.4 release is no different. I want to give you a quick insight into what I see as the top 3 new features in this release.
First up is Dark Mode. I know, this seems silly, but as a “Dark Mode” fan for all of my apps, adding this into copilot is fantastic for me. And being able to easily toggle between the 2 is great for when you need to show things to other folks who may not be as big of a fan. By simply clicking on the sun/moon icon in the menu bar you can toggle between the 2. This lets it blend into the other screens I have up and am working on.
Next is a new Transit view of the topology map. This takes the topology map that has been in CoPilot and gives you just the Aviatrix transit nodes so that you can quickly see the “backbone” of your network. Focusing on only this layer lets you see what region each transit node sits in and how it’s connected, while still giving you a quick double click option to get into the details of the VPC/VNET attached to each transit node.
Finally, and the biggest of the 3 to me, Topology Replay. It is a visual timeline for logging changes in your cloud environment. Or, to put it simpler, it’s a DVR of what happened in your cloud. You can zoom in and out, scroll, and move the timeline to limit what is shown on the visual and changes section above. This lets you not only see a listing of what happened but find and drill down into those changes you want to look at. You can see the condition of your network before during each change, and after. Both in a list view on the right (broken down by change type) and the visual topology view.
To wrap things up, these are just 3 of the new features of the 1.4 release of CoPilot. There are a few others and one of them is just as cool, but my lab wasn’t set up to play with it yet. Keep an eye out for a post on Multi-Cloud Network Segmentation. MCNS is a way to see which spokes can talk to each other based on the Aviatrix Security Domains. And as always if you want to see any of these features more in-depth drop me a line. I would be happy to chat with you about this. Plus coming VERY soon there will be a new ACE course from Aviatrix called Cloud Operations where you’ll get hands-on with these tools!
Check Out More Resources
There are three technologies that can help prevent ransomware: Cloud access security broker (CASB), secure web gateway (SWG), and data loss prevention (DLP). These components have converged into a single solution for what has now been coined the secure access service edge (SASE) architecture.