reference deployment

Cohesive Networks VNS3 on AWS

Deploy an overlay network for regulated and sensitive workloads on AWS

This Quick Start deploys a Cohesive Networks VNS3 overlay network on the AWS Cloud in about 15 minutes, following best practices from AWS and Cohesive Networks. It helps organizations with sensitive and regulated workloads in verticals such as healthcare and life sciences, financial services, power and utilities, retail, and hospitality.

This Quick Start also includes a security controls reference for use cases that fall within the scope of the U.S. Health Insurance Portability and Accountability Act (HIPAA). It addresses certain technical requirements in the Privacy, Security, and Breach Notification Rules (45 C.F.R. Parts 160 and 164) under the HIPAA Administrative Simplification Regulations.

This Quick Start is for users interested in a generalized method for encrypting all data in motion between Amazon Elastic Compute Cloud (Amazon EC2) instances, connecting AWS virtual private clouds (VPCs) securely to other networks, and securing traffic with firewalling and network function virtualization.

cohesive networks logo

This Quick Start was developed by Cohesive Networks in collaboration with AWS. Cohesive Networks is an APN Partner.

AWS Service Catalog administrators can add this architecture to their own catalog.

This Quick Start supports the AWS GovCloud (US) Region.
  •  What you'll build
  • Use this Quick Start to automatically set up the following environment on AWS:

    • A highly available architecture that spans two Availability Zones.*
    • A VPC configured with public and private subnets according to AWS best practices, to provide you with your own virtual network on AWS.*
    • In the public subnets:
      • Managed network address translation (NAT) gateways to allow outbound internet access for resources in the private subnets.*
      • A Linux bastion host in an Auto Scaling group to allow inbound Secure Shell (SSH) access to EC2 instances in public and private subnets.*
      • In one of the public subnets, a VNS3 network controller.
    • In one of the private subnets, three Amazon Linux hosts (VNS3 client instances), configured to the VNS3 overlay network. Each VNS3 client instance is in an isolated Auto Scaling group to provide fault tolerance and recovery.**
    • In another of the private subnets, two Amazon Linux hosts (VNS3 client instances), configured to the VNS3 overlay network. Each VNS3 client instance is in an isolated Auto Scaling group to provide fault tolerance and recovery.**
    • An Amazon CloudWatch alarm that will recover the VNS3 instance, if AWS deletes the instance because of circumstances beyond the end user's control.

    *  The template that deploys the Quick Start into an existing VPC skips the components marked by asterisks and prompts you for your existing VPC configuration.

    ** For illustration purposes, the architecture diagram depicts only one instance in its own Auto Scaling group, rather than five separate instances and five Auto Scaling groups.

  •  How to deploy
  • Before you deploy the Quick Start with protected health information (PHI), you must accept the AWS Business Associate Addendum (BAA) and configure your AWS accounts as required by the BAA. For details, see the deployment guide.

    After you complete these prerequisites, you can build the Quick Start reference environment in about 15 minutes by following the instructions in the deployment guide. The deployment process includes these steps:

    1. If you don't already have an AWS account, sign up at, and sign in to your account.
    2. Subscribe to the Amazon Machine Image (AMI) for VNS3 in AWS Marketplace.
    3. Launch the Quick Start, choosing from the following options:
    4. Test your deployment by logging in to the VNS3 controller graphical user interface (GUI), changing passwords for the web admin and API users, and then verifying network connections between the five Linux hosts.

    Amazon may share user-deployment information with the AWS Partner that collaborated with AWS on this solution.  

  •  Cost and licenses
  • You are responsible for the cost of the AWS services used while running this Quick Start reference deployment. There is no additional cost for using the Quick Start.

    The AWS CloudFormation templates for this Quick Start include configuration parameters that you can customize. Some of these settings, such as instance type, will affect the cost of deployment. For cost estimates, see the pricing pages for each AWS service you will be using. Prices are subject to change.

    Tip     After you deploy the Quick Start, we recommend that you enable the AWS Cost and Usage Report to track costs associated with the Quick Start. This report delivers billing metrics to an S3 bucket in your account. It provides cost estimates based on usage throughout each month, and finalizes the data at the end of the month. For more information about the report, see the AWS documentation.

    This Quick Start requires a subscription to the Amazon Machine Image (AMI) for VNS3, which is available from AWS Marketplace. Additional pricing, terms, and conditions may apply. This Quick Start uses the Cohesive Networks VNS3 Free Edition of the network appliance and doesn't require a license.