AWS Partner Network (APN) Blog
Bringing Scale to Zero Trust Network Access with CylanceGATEWAY Using AWS Global Accelerator
By Sriram Krishnan, Sr. Director Product Management – BlackBerry
By Noah Campbell, Technical Marketing Specialist – BlackBerry
By Chavi Gupta, Partner Solutions Architect – AWS
By Mehran Najafi, Sr. Solutions Architect – AWS
 |
| BlackBerry |
 |
Zero trust security is about achieving continuous security without slowing or complicating workflows. BlackBerry’s collaboration with Amazon Web Services (AWS) unlocks the benefits of this approach for organizations of any size.
Scale, simplicity, and security are important factors to an effective Zero Trust Network Access (ZTNA) platform. CylanceGATEWAY, powered by AWS Global Accelerator, brings this ideal state to reality.
BlackBerry is an AWS Partner and enterprise software and services company that provides intelligent security software and services to enterprises and governments around the world.
BlackBerry and AWS collaborated to utilize the extensive points of presence, provided by AWS, with CylanceGATEWAY to support their customers. This technology helps to make CylanceGATEWAY faster and more readily available worldwide, even in challenging geographies and remote work environments.
CylanceGATEWAY is an innovative ZTNA solution that effectively replaces traditional virtual private network (VPN) technologies, which can lack adequate security and user experience in the context of increasing digital transformation and remote work-from-home considerations.
As a cloud-native solution, CylanceGATEWAY’s modern scalable system architecture—accessed via the anycast IPs of the AWS Global Accelerator—delivers both strong security and better performance for end users.
Leveraging AWS Global Accelerator
AWS Global Accelerator improves the performance of user traffic up to 60% using AWS’s global network infrastructure. When a network becomes congested, Global Accelerator optimizes the path to an application to minimize packet loss, jitter, and consistently keep latency low.
AWS Global Accelerator provides two global static public IP addresses that act as fixed entry points to an application, thus improving availability. On the back end, users can add or remove AWS application endpoints such as Application Load Balancers, Network Load Balancers, Amazon Elastic Compute Cloud (Amazon EC2) instances, and Elastic IP addresses without making disruptive user-facing changes.
Global Accelerator then automatically re-routes application traffic to the nearest healthy available endpoint to mitigate endpoint failure.
Benefits of AWS Global Accelerator
The benefits of the AWS Global Accelerator are deeply rooted in enhanced application performance and security, which makes the service an ideal fit for BlackBerry.
These benefits include:
- Accelerate latency-sensitive applications: Network latency is driven by the number of networks user data needs to hop and the bandwidth available along its path, creating opportunities for congestion and delay. AWS Global Accelerator terminates TCP connections at AWS locations closest to users, accelerating data transfers globally. Once on the AWS network, automated routing directs user traffic to the optimal AWS endpoint.
- Simplified global traffic management: As an organization grows, the number of endpoints and IP addresses that need to be managed increases. AWS Global Accelerator simplifies global traffic management by providing two static anycast IP addresses that only need to be configured by users once. Behind these IP addresses, administrators can add or remove AWS origins, opening up uses such as endpoint failover, scaling, or testing without any user-side changes.
- Improved resiliency and availability: Wherever administrators route traffic on the AWS network with Global Accelerator, failover between application endpoints happens automatically and within seconds. If Global Accelerator detects a failure of an application endpoint, it instantly triggers traffic re-routing to the next available and closest endpoint in another region.
- Protected applications: Exposing applications to public internet traffic creates an opportunity for malicious incidents. AWS Global Accelerator decreases risk by masking applications behind two static entry points. These are protected by default from Distributed Denial of Service (DDoS) attacks with AWS Shield. Global Accelerator creates a peering connection with Amazon Virtual Private Cloud (VPC) using private IP addresses, keeping connections to internal Application Load Balancer or private EC2 instance off the public internet.
AWS and BlackBerry: Scale, Simplicity, and Security
By leveraging AWS Global Accelerator, CylanceGATEWAY scales securely as an organization grows without compromising user experience.
AWS Global Accelerator exposes CylanceGATEWAY services at AWS edge regions. This exposure provides an optimized network path by bringing CylanceGATEWAY services closer to users.
By reducing the number of hops required on the path using AWS Global Accelerator tunnels, network connectivity speeds are improved between CylanceGATEWAY infrastructure and the customer’s private network.
Figure 1 – AWS Global Accelerator interfacing with CylanceGATEWAY.
By leveraging AWS Global Accelerator in this fashion, CylanceGATEWAY users reap the following benefits:
- Lower latency that promotes a reliable network connection and reduces the chance for a connection loss or delay.
- Higher throughput which fosters more efficient network performance.
- Improved remote end-user experience made possible by multiple points of presence on a global network rather than isolated VPNs.
- More impactful deployments of CylanceGATEWAY reduces the need to deploy the Gateway Connector or Agent on every end-user device.
- Improved security for end users because traffic is moved from public internet to AWS’s global private network.
- Protection from DDoS attacks with reinforced protection offered by AWS Global Accelerator.
Deploying CylanceGATEWAY Through AWS Marketplace
BlackBerry’s CylanceGATEWAY is available on AWS Marketplace, a curated digital catalog with thousands of software listings from independent software vendors (ISVs) that make it easy to find, test, buy, and deploy software on AWS.
The availability of CylanceGATEWAY in AWS Marketplace enables more businesses to secure remote access from any device to any application, across any network.
Learn more about CylanceGATEWAY and AWS Global Accelerator.
Related reading:
- Confronting the pitfalls of broken authentication and session management with zero trust
- Employee-targeted social engineering continues to infiltrate corporate systems—how ZTNA can help
- Transforming network security through Zero Trust Network Access
.
.
BlackBerry – AWS Partner Spotlight
BlackBerry is an AWS Partner and enterprise software and services company that provides intelligent security software and services to enterprises and governments around the world.