Frequently Asked Questions

Similar documents
VMware AirWatch Certificate Authentication for Cisco IPSec VPN

BMC Remedyforce Integration with Remote Support

App Orchestration 2.6

BMC Remedyforce Integration with Bomgar Remote Support

Launching Xacta 360 Marketplace AMI Guide June 2017

Date: October User guide. Integration through ONVIF driver. Partner Self-test. Prepared By: Devices & Integrations Team, Milestone Systems

Getting Started with the SDAccel Environment on Nimbix Cloud

Frequently Asked Questions

CounterSnipe Software Installation Guide Software Version 10.x.x. Initial Set-up- Note: An internet connection is required for installation.

Dynamic Storage (ECS)

VMware AirWatch SDK Plugin for Apache Cordova Instructions Add AirWatch Functionality to Enterprise Applicataions with SDK Plugins

Virtual Office

NiceLabel LMS. Installation Guide for Single Server Deployment. Rev-1702 NiceLabel

2. When logging is used, which severity level indicates that a device is unusable?

Dolby Conference Phone Support Frequently Asked Questions

Admin Report Kit for Exchange Server

Campuses that access the SFS nvision Windows-based client need to allow outbound traffic to:

ClassFlow Administrator User Guide

Secure File Transfer Protocol (SFTP) Interface for Data Intake User Guide

CNS-222-1I: NetScaler for Apps and Desktops

Welcome to Remote Access Services (RAS) Virtual Desktop vs Extended Network. General

SafeDispatch SDR Gateway for MOTOROLA TETRA

September 24, Release Notes

CCNA Security v2.0 Chapter 3 Exam Answers

CaseWare Working Papers. Data Store user guide

EVALUATION GUIDE - OCTOBER 2018 VMWARE CLOUD ON AWS. Evaluation Guide

Enterprise Installation

HPE AppPulse Mobile. Software Version: 2.1. IT Operations Management Integration Guide

Please contact technical support if you have questions about the directory that your organization uses for user management.

CCNA Security v2.0 Chapter 9 Exam Answers

AvePoint Perimeter Pro 1.9

Password Reset for Remote Users

Quick Start Guide for EAB Campus Advisors

UC Mobile Admin Guide. Release Android, ios. Document Version Maryland Way, Suite 300 Brentwood, TN Tel

SmartPass User Guide Page 1 of 50

UDS Enterprise Configuring UDS Enterprise in HA

Packet Tracer - Skills Integration Challenge Topology

Bitnami LAMP for Huawei Enterprise Cloud

Quick Guide on implementing SQL Manage for SAP Business One

These tasks can now be performed by a special program called FTP clients.

Amazon Lab: Deploying applications on AWS

CCNA Security v2.0 Chapter 2 Exam Answers

Packet Tracer - Configuring a Zone-Based Policy Firewall (ZPF)

Additional License Authorizations

User Guide. Document Version: 1.0. Solution Version:

Spectrum Enterprise SIP Trunking Service Zultys MX Phone System v9.0.4 IP PBX Configuration Guide

Your New Service Request Process: Technical Support Reference Guide for Cisco Customer Journey Platform

Using Virtek CommBox over FleetBroadband

Secure Mobile Access to the Local ICS Network. Jan Vossaert Veilige industriële netwerken 29/09/2016

DELL EMC VxRAIL vcenter SERVER PLANNING GUIDE

Deploy Your First Cloud Foundry App to Any Cloud Foundry Service Provider

Planning, installing, and configuring IBM CMIS for Content Manager OnDemand

NSE 8 Certification. Exam Description for FortiGate 5.2 and higher

Investor Services Online Quick Reference Guide FTP Delivery

Course Overview Basic Linux commands like working with files and directories is desired.

Knowledge Exchange (KE) System Cyber Security Plan

TPP: Date: October, 2012 Product: ShoreTel PathSolutions System version: ShoreTel 13.x

Introduction to Mindjet on-premise

Quest InTrust Connector for Microsoft System Center Operations Manager User

Cisco Nexus Data Broker Embedded: Implementation Quick- Start Guide

TMS myclouddata SDK DEVELOPERS GUIDE

Telkom VPN-Lite router setup User Manual Billion 800VGT

Telkom VPN-Lite router setup User Manual Billion 810VGTX

Imagine for MSDNAA Student SetUp Instructions

Exosoft Backup Manager

Mission Antyodaya Android Mobile & Web Application. Frequently Asked Questions

SAS Viya 3.2 Administration: Mobile Devices

Wave IP 4.5. CRMLink Desktop User Guide

LiveEngage and Microsoft Dynamics Integration Guide Document Version: 1.0 September 2017

Cisco Smart Software Manager satellite

CCNA 1 Chapter v5.1 Answers 100%

Virtual Server Protection (VSP)

High Security SaaS Concept Software as a Service (SaaS) for Life Science

Firmware Download Anybus X-gateway Modbus-TCP

CCNA 1 Chapter v5.1 Answers 100%

Creating an Online Account

DIVAR IP 3000 Field Installation Guide

SMART Room System for Microsoft Lync. Software configuration guide

1 Getting and Extracting the Upgrader

VMware AirWatch Directory Services Guide Integrating your Directory Services

Power365. Quick Start Guide

Client Configurations

Web Application Security Version 13.0 Training Course

Using the Swiftpage Connect List Manager

Performance of usage of MindSphere depends on the bandwidth of your internet connection.

Using the Swiftpage Connect List Manager

Managing Your Access To The Open Banking Directory How To Guide

Max 8/16 and T1/E1 Gateway, Version FAQs

What's New 3. Install DocuSign for SharePoint 5. DocuSign for SharePoint Settings 11. Send Documents using DocuSign for SharePoint 23

Dear Milestone Customer,

Questions and Answers

Stock Affiliate API workflow

DocAve 6 Control Panel

UPGRADING TO DISCOVERY 2005

Demand Forecasting. For. Microsoft Dynamics 365 for Operations. Technical Guide. Release 7.1. December 2017

Service Level Agreement

UnivRS Information Guide: CV Activities and Contributions

Pexip Infinity Secure Mode Deployment Guide

How to set up Dell SonicWALL Aventail SRA Appliance with OPSWAT GEARS Client

Privacy Policy. Information We Collect. Information You Choose to Give Us. Information We Get When You Use Our Services

Transcription:

Frequently Asked Questins Versin 10-21-2016 Cpyright 2014-2016 Aviatrix Systems, Inc. All rights reserved. Aviatrix Clud Gateway What can it d fr me? Aviatrix Clud Gateway prvides an end t end secure netwrk slutin fr AWS, Azure and Ggle GClud. The slutin includes an enterprise OpenVPN access t VPC/VNet, encrypted ruting amng VPC/VNets and mnitring and lgging f link status and latency. The slutin enables yu t build a secure private netwrk spanning ne r mre public cluds where a user access any instance/vm with a private IP address directly. N mre bastin statins and jump hsts, the slutin gives user the seamless experience that they enjy when using the n-prem netwrk. In additin, Aviatrix Clud Gateway supprts encryptin ver AWS Direct Cnnect and Azure Express Rute. Architecturally, Aviatrix slutin is a centrally managed, lsely cupled and glbally deplyed platfrm built fr the clud frm the grund up. Key benefits? Scalable and highly available user VPN slutin. Integrated with clud prvider native ELB, the slutin scales ut t unlimited number f users and bandwidth. Supprts multi factr authenticatin: DUO, LDAP and OKTA. User prfile defined dynamic security access rules that allw administratr t determine access privilege f any given user t any resurces at the netwrk perimeter. Supprts Ge VPN fr a glbal VPN slutin deplyment where a VPN user autmatically cnnects t a nearest VPC. Supprts wide range f clients: Windws, OSX, Linux, Andrid, ios, and Chrmebk. Supprts event lgging with SumLgic, Lgstash, Splunk and remte syslg server. Supprts Split tunnel and full tunnel mde. N extra hp t ther VPC/VNets.

multi VPC, multi regin and multi clud (AWS, Azure and GClud) encrypted peering enables yu t build a full mesh secure netwrk in the clud with a single click. Plicy based stateful firewall at the VPC level fr bth access and deny t apps. Envirnment Stamping slutin fr repeatable enterprise SaaS deplyment. Create identical VPC envirnments with ne click fr each custmer. Uniquely mapping and addressing instances fr CludOps and develpers access. Integrate AWS Rute 53 DNS name service fr each accessing. Secure cnnectin t remte branch sites and interperability with legacy ruter/firewall device. Encryptin ver AWS Direct Cnnect and Azure Express Rute. Hw d I launch the prduct? The prduct cnsists f tw cmpnents, the cntrller and ne r mre gateways. The gateway is launched frm the cntrller. The cntrller prvides a central cnsle fr all prvisining, mnitring and upgrades f the services. The cntrller is available in AWS and Azure marketplace. It is als available as a GClud cmmunity image. Fr marketplace launch, search fr Aviatrix in marketplace. The cntrller shuld have an EIP (best practice) address and inbund TCP prt 443 pen fr it t wrk. Hw d I access the cntrller? Once yu have launched the instance, yu access the Cntrller instance via a web brwser. https://public_ip_address_f_the_cntrller_instance Lgin with username admin. The first time passwrd is the private IP address f the cntrller instance. Yu are required t change the passwrd at yur first lgin. Hw d I secure the cntrller? Only TCP prt 443 needs t be pened fr inbund traffic t the cntrller. If yu wish t reduce the scpe f surce addresses by specifying custm IP address, yu must include all gateway public IP addresses, in additin t yur wn public IP address. This is because gateways launched frm the cntrller use its public IP address t cmmunicate back t cntrller. Is Aviatrix Clud Gateway a SaaS ffer? N. Aviatrix Clud Gateway is a sftware prduct that is deplyed in yur wn netwrk perimeter. Onbarding Where d I start? The first time when yu lgin, cmplete Onbarding prcess. It takes a few steps. If yu have a BYOL license r use a cmmunity image, yu need t have a custmer ID prvided by Aviatrix t be able t use the prduct. Cntact supprt@aviatrix.cm if yu d nt have a custmer ID.

What is an Aviatrix Clud Accunt? An Aviatrix Clud Accunt is specific and unique n the cntrller. It cntains clud credentials, fr example, yur AWS IAM Access Key ID and Secret Key. The cntrller uses these credential t launch Aviatrix gateways by using clud APIs. An Aviatrix Clud Accunt can crrespnd t multiple clud accunt. Fr example, it can cntain credentials fr an AWS IAM accunt, Azure accunt and GClud accunt. Hw d I upgrade sftware? Click Settings -> Upgrade. This upgrades t the latest release f the cntrller sftware. When a new release becmes available, an alert message appears n Dashbard. Is there a reference design example? Check ut multiple Reference Designs under Help menu. What is the supprt mdel? Fr supprt, send email t supprt@aviatrix.cm. T request a feature, click Make a wish buttn at the bttm f each page. Scale Out VPN Slutins Hw d I launch a VPN gateway? Click Gateways -> Create Gateway -> Create The cntrller launches an Aviatrix gateway instance in AWS/Azure/GClud. The gateway instance must be launched frm a public subnet. Yu need t give it a name (The name is presented as a Gateway Name field), this name becmes part f the instance name with a prefix CludOps. In the Create page, select VPN Access t enable OpenVPN server capability. There is a default VPN CIDR 192.168.43.0/24. But yu can change it, make sure the CIDR is utside the existing and future VPC CIDR range. This VPN CIDR is where VPN server assign virtual IP address t each user when she cnnects. Yu can select Save Template t save the gateway template. When yu cme t the page the next time, mst f the fields are pre ppulated. Yu may change any f the fields. Hw d I scale ut VPN slutin? Yu can launch multiple VPN gateways in the same VPC at the Create Gateway time. While launching a gateway, select yes fr Enable AWS ELB. This will autmatically create an AWS ELB (fr the first gateway) and register the gateway with the newly created lad balancer. VPN traffic will be lad balanced acrss these multiple gateways. It is required t have cnsistent gateway cnfiguratin when ELB is enabled. Fr example, authenticatin methds, tunnel mdes and PBR cnfiguratins shuld be identical. Hw d I setup Okta authenticatin fr VPN? Fllw the link: Hw t setup Okta fr Aviatrix VPN gateway

Hw d I enable Ge VPN? If yu have glbal wrkfrce that needs t access the clud, Ge VPN ffers a superir slutin. Ge VPN enables a VPN user t cnnect t a nearest VPC that hsts Aviatrix VPN gateway. T enable Ge VPN, g t VPC/VNet -> VPN Access -> Ge VPN. Hw d I add a VPN user? After at least ne gateway is created, yu can add VPN users. Click VPCs -> VPN Access -> Users -> Add t add a VPN user. When a user is added, an email is sent t the user with instructins n hw t dwnlad client sftware and cnnect t VPN server. If yu like t assign user prfile based plicies, yu need t create prfiles first, see the next sectin. What user devices are VPN client sftware supprted? Windws, MAC, Linux, Chrmebk, Andrid and ios devices are supprted. Is NAT capability supprted n the gateway? Yes, yu can enable NAT functin at gateway launch time. When enabled, instances n the private subnet can access Internet directly. If full tunnel mde is selected, yu may want t enable NAT t allw instances in the VPC t have direct Internet access. Is full tunnel mde supprted n the gateway? Yes, bth split tunnel and full tunnel mdes are supprted. Yu can specify the mde at the gateway launch time. Full tunnel means all user traffic is carried thrugh the VPN tunnel t the gateway, including Internet bund traffic. Split tunnel means nly traffic destined t the VPC and any additinal netwrk range is carried thrugh the VPN tunnel t the gateway. Any Internet bund traffic des nt g thrugh the tunnel. Can the maximum number f simultaneus cnnectins t VPN gateway be cnfigured? Yes, yu can set the maximum number f cnnectins at the gateway launch time. User Prfile Based Security Plicies What is user prfile based security plicy? In VPN access, a user is dynamically assigned a virtual IP address when cnnected t a gateway. It is highly desirable t define resurce access plicies based n the users. Fr example, yu may want t have a plicy fr all emplyees, a different plicy fr partners and a still different plicy fr cntractrs. Yu may even give different plicies t different departments and business grups.

The prfile based security plicy lets yu define security rules t a target address, prtcl and prts. The default rule fr a prfile can be cnfigured as deny all r allw all during prfile creatin. This capability allws flexible firewall rules based n the users, instead f a surce IP address. Hw d I setup prfile based security plicies? When a user cnnects t a VPC, the security plicies assciated with the prfile that the user is assigned t are applied t the VPN gateway instance that user lgs in. This effectively blcks traffic frm entering the netwrk. Click VPCs -> VPN Access -> Prfiles t create prfiles, then click Edit Plicies t add rules. Yu can add multiple f them, then click n Save. Hw d I assign a user t a prfile? When yu create a VPN user at VPCs -> VPN Access -> Users -> Add, yu can select prfile ptin t assign the user t a specific prfile. What if I want t change prfile plicies? Yu can change prfile plicies any time. Hwever, the users wh are currently active in sessin will nt receive the new plicy. The user need t discnnect and recnnect t VPN fr the new plicy t take effect. Hw d I change a user s prfile prgrammatically? The cntrller prvides a REST API which can be invked t change a user s prfile. Refer t API dcument under Help menu. During this peratin, the user s existing VPN sessin will be terminated. The new prfile plicy will take effect when he r she lgs in again. The use case fr this feature is t allw administratr t quarantine a VPN user fr security reasns. User Authenticatin Is DUO multi-factr authenticatin supprted? Yes. If yur enterprise has a DUO accunt with multi-factr authenticatin, it can be integrated int the VPN slutin. Frm Gateways tab, click Create. At tw-step authenticatin drp dwn menu, select DUO, then enter yur cmpany Integratin Key, Secret Key and API hstname. T btain Integratin Key, Secret key and API hstname, lgin t DUO website as an admin, www.du.cm, click n the left panel Applicatins, click Prtect an Applicatin belw. Scrll dwn the applicatin list and select OpenVPN (click Prtect this Applicatin), the next screen shuld reveal the credentials yu need t cnfigure n the Aviatrix cntrller. Currently advanced feature such as Trusted Device and Trusted Netwrks are nt supprted. Send us a request if yu like t integrate these features. Hw d I cnfigure LDAP authenticatin? LDAP cnfiguratin is part f the Gateway creatin when VPN Access is enabled. Enter the necessary parameters and click Enable buttn t enable LDAP authenticatin fr VPN clients. If yur LDAP server is cnfigured t demand client certificates fr incming TLS cnnectins, uplad a client certificate in PEM frmat (This certificate shuld cntain a public and private key pair).

Can I cmbine LDAP and DUO authenticatin? Yes. With bth LDAP and DUO authenticatin methds enabled n a gateway, when launching the VPN client, a remte user will have t enter his r her LDAP user credentials and then apprve the authenticatin request received n a registered mbile device t lgin t VPN. Is OKTA supprted? Yes. OKTA with MFA is als supprted. Fllw the instructins Plicy Based Ruting Hw des Plicy Based Ruting (PBR) wrk? When PBR is enabled at gateway launch time, all VPN user traffic arrives at the gateway will be frwarded t a specified IP address defined as PBR default gateway. User must specify the PBR Subnet which in AWS must be in the same availability zne as Ethernet 0 interface f the gateway. When PBR feature is cmbined with encrypted peering capability, VPN user shuld be able t access any instances in the peered VPC/VNets. This helps build an end t end clud netwrking envirnment. Fr details, check ut ur reference design. Anther use case fr Plicy Based Ruting is if yu like t rute all Internet bund traffic back t yur wn firewall device n Prem, r lg all user VPN traffic t a specific lgging device, PBR lets yu accmplish that. Lgging and Mnitring Hw d I frward syslg events t my Lgstash server? Click n Settings-> Lgging ->LgStash lgging and input the required parameters t enable frwarding f cntrller syslg events and all gateways syslg and auth lg t a Lgstash server. SUMO Lgic, Splunk and rsyslg are als supprted. What are the mnitring capabilities? Active VPN users are displayed n the Dashbard. Click n any username, the user VPN cnnectivity histry is displayed. Yu can als discnnect a user frm the dashbard. Is there an Operatr accunt? Yes, yu can create an peratr accunt. This peratr accunt can nly view dashbard and discnnect an active user frm the dashbard. T create an Operatr accunt, g t Settings -> Accunts -> Add. At the accunt name, type in Operatr and give it a passwrd and email ntificatin address. Yu d nt need t enter AWS credentials.

Encrypted peering What can Aviatrix encrypted peering d? Aviatrix encrypted peering builds an encrypted tunnel between tw VPC/VNet with a single click. The VPC and/r VNet can be acrss regin and acrss clud. The slutin enables yu t build a full mesh encrypted netwrk. Yu can enable stateful firewalls n each VPC/VNet t add additinal security measures. Hw d I cnfigure encrypted peering? Step 1: At Gateway menu, create a gateway in ne existing VPC/VNet. VPN access may be disabled. Step 2: Repeat Step 1 with a different VPC ID r VNet Name. Step 3: At VPC/VNet Menu -> Encrypted Peering -> Add. Select the tw gateway names and click Save. Envirnment Stamping Netwrking What des Envirnment Stamping netwrking feature d? Envirnment Stamping (envstamping) takes advantage f the unique nature f Virtual Private Clud (VPC) and ffers a deplyment architecture that is secure and scalable. envstamping prvides a deplyment slutin where yu can create identical envirnments such as identical VPC CIDRs and access instances in the VPC seamlessly and securely via encrypted tunnel, as shwn in the picture belw: In the abve picture, each managed VPC shares identical CIDRs, instances private IP addresses and security grups. CludOps and develpers access VPC instances by cnnecting t the gateway in the management VPC via Aviatrix VPN capability.

Wh shuld be deplying this mdel? This deplyment mdel allws fr infinite scale f deplyment, it is suitable fr SaaS prviders, develpment and testing. With this mdel, SaaS prvider can ffer secure and single tenant t its enterprise custmers, while being able t access instances fr maintenance and supprt. Fr example, a SaaS prvider can ffer an enterprise custmer its wn AWS accunt and VPC envirnment. Custmer data is cmpletely islated frm thers. Only authrized persnal can access custmer instances fr maintenance and trubleshting. What is the wrkflw t enable this feature? Refer t this link fr wrkflw steps. Administratin Can there be multiple admins? Yes. Username admin is the default admin user. But yu can create multiple users with admin privilege. Check ut a reference design under Help t learn mre abut setting up multiple admin users. Is there 2FA supprt t lg in t the cnsle? Yes. In additin t passwrd lgin, DUO authenticatin is supprted.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback