Manage (Protect) Spoke VPCs in Hub Mode¶
Valtix takes care of all the orchestration of the Service VNet and can perform VNet peering to all your Spoke VNets. Valtix can make route changes so your Spoke VNets traffic is routed to Valtix Gateway for inspection. This is a fully managed solution that makes it very easy to deploy and secure workloads.
Tech Notes
- Wait for the Service VPC be created successfully and state is ACTIVE before proceeding with the following steps
- Valtix Gateway can be deployed later in Service VPC that you just created
To protect Spoke VNets, we need to perform VNet peering between Spoke VNets and Service VNet. This allows Valtix to orchestrate the routing and VNet peering for Spoke VNet's traffic to be inspected by Valtix. There are two ways to associate VNets to the Service VNet.
- Add Spoke VNets from Service VPCs/VNets Menu
- Add Spoke VNets from Inventory Menu
Add Spoke VPCs from Service VPC Menu¶
- Navigate to Manage -> Service VPCs/VNets
- Select Service VNet and click on Manage Spoke VPC/VNet
- Add all the Spoke VNets in the Spoke table.
- Click on View/Edit link under the Route Tables column
- Select the route table to update default route to Valtix Gateway for inspection
- Click Save Locally
- Click Save
Add Spoke VPCs from Inventory Menu¶
- Navigate to Manage -> Cloud Accounts -> Inventory
- Click on VPCs/VNets. This will list all the VNets in your cloud accounts.
- Click on the Secure button to secure VNet.
- Select Service VNet.
- Select the route table to update default route to Valtix Gateway for inpsection.
- Click Save.
Tech Notes
When enabling Protected VNets, Valtix Controller orchestrates the following:
- Create VNet peering between Valtix Service VNet and Spoke VNet
- Add/Update default route in the spoke route table to point to Valtix Gateway