reference deployment

Aviatrix Next-Gen Global Transit Hub on AWS

Hub-and-spoke transit VPC for routing between spoke networks through a central hub

View deployment guide

This Quick Start builds a highly available, encrypted, and secure global transit network on the Amazon Web Services (AWS) Cloud in about 5 minutes. (For a transit solution that’s based on AWS Transit Gateway, see the Aviatrix Orchestrator for AWS Transit Gateway on AWS Quick Start.)

It deploys Aviatrix Controller and Aviatrix Gateways in a central virtual private cloud (VPC) on AWS to manage routing between remote networks (spoke VPCs) in a hub-and-spoke model.

After you deploy the Aviatrix Controller using this Quick Start, you can use the Aviatrix Global Transit Network Wizard in the Aviatrix Controller to deploy the Hub Gateway instances into a VPC that will be designated as the Next-Gen Global Transit Hub. The wizard allows you to launch and configure two Aviatrix Gateways in the transit hub VPC and the designated spoke VPCs. The gateway instances allow for IPsec VPN termination, routing, and security policies, and provide ongoing monitoring.

Once you've established your transit VPC, you can extend beyond the AWS Cloud and automatically configure VPN connections to on-premises infrastructure or other network providers with the Aviatrix Controller.

This Quick Start was developed by Aviatrix Systems in collaboration with AWS. Aviatrix Systems is an
APN Partner.

Contact partner

AWS Service Catalog administrators can add this architecture to their own catalog.

Use in AWS Service Catalog
  •  What you'll build

  • This Quick Start sets up a secure Aviatrix Next-Gen Global Transit Hub architecture that includes the Aviatrix Controller and Aviatrix Gateways in a highly available configuration. You can create a new VPC or use an existing VPC for the transit hub.

    The architecture also contains a Shared Services VPC that can be optionally configured to extend your Next-Gen Global Transit Hub architecture to a Next-Gen Global Transit and Services Hub architecture.

    The Quick Start creates, deploys, and configures the following functional and automation components and services:

    • An EC2 instance for Aviatrix Controller
    • An Aviatrix security group (named AviatrixSecurityGroup)
    • An Elastic IP (EIP) assigned to Aviatrix Controller
    • An Aviatrix IAM EC2 role and attached policy
    • An Aviatrix IAM App role and attached policy
    • An AWS Key Management Service (KMS) key

     

     

    Quick Start architecture for Aviatrix Global Transit Hub on the AWS Cloud

    Switch to full-screen view

  •  How to deploy

  • To build Aviatrix Next-Gen Global Transit Hub on AWS in about 5 minutes:

    1. If you don't already have an AWS account, sign up at https://aws.amazon.com.
    2. Subscribe to the Amazon Machine Image (AMI) for Aviatrix in AWS Marketplace. Choose the Aviatrix Secure Networking Platform PAYG - Metered license.
    3. Launch the Quick Start. You can choose from two options:
    4. Set up the Aviatrix Controller.
    5. Create a primary access account.
    6. Deploy AWS Global Transit Network. Set up a transit network using the Aviatrix Global Transit Network Wizard. See the Aviatrix documentation.

    Amazon may share user-deployment information with the AWS Partner that collaborated with AWS on this solution.  

    View deployment guide for details
  •  Cost and licenses

  • You are responsible for the cost of the AWS services used while running this Quick Start reference deployment. There is no additional cost for using this Quick Start.

    The AWS CloudFormation template for this Quick Start includes configuration parameters that you can customize. Some of these settings, such as instance type, will affect the cost of deployment. For cost estimates, see the pricing pages for each AWS service you will be using. Prices are subject to change.

    Additionally, the solution creates a unique AWS Key Management Service (AWS KMS) customer master key (CMK), which has a low monthly cost, to protect network configuration information. For details, see the AWS KMS pricing webpage.

    You are also responsible for the Aviatrix license that is required to deploy the Aviatrix Next-Gen Global Transit Hub. Subscribe to an Amazon Machine Image (AMI) for Aviatrix software in AWS Marketplace, choosing the following licensing option:

    • Aviatrix Secure Networking Platform PAYG - Metered – Hourly subscription license based on the prices listed on the AWS Marketplace webpage. This pay-as-you-grow license allows you to build and scale your Next-Gen Global Transit Hub network to any size, consisting of one transit hub VPC and many spoke VPCs.