Manage (Protect) Spoke VPCs in Hub Mode¶
Valtix will orchestration the creation of Service VPC, and also create VPC peering to your Spoke VPCs. Valtix can be made to make route table changes to your Spoke VPCs, so that traffic is routed to the Valtix Gateway for inspection. This Valtix orchestration makes it very easy to deploy and secure workloads.
Tech Notes
- Please wait a few minutes for the Service VPC to be created, and state to become ACTIVE before proceeding with the following steps
To protect Spoke VPCs, we need to create VPC peering between Spoke VPCs and Service VPC. This allows Valtix to orchestrate the routing change in the Spoke VPCs so that traffic will be sent to the Valtix Gateway for inspection. There are two ways to make this configuration:
- Add Spoke VPCs from Service VPCs/VNets Menu
- Add Spoke VPCs from Inventory Menu
Add Spoke VPCs from Service VPC Menu¶
- Navigate to Manage -> Service VPCs/VNets
- Select Service VPC and click on Actions -> Manage Spoke VPC/VNet
- Add all Spoke VPCs to protect to the Spoke table.
- Click on View/Edit link under the Route Tables column
- Checkbox "Send Traffic via Valtix Gateway" to update default route to point to Valtix Gateway for inspection
- Click Update routes
- Click Save
Add Spoke VPCs from Inventory Menu¶
- Navigate to Manage -> Cloud Accounts -> Inventory
- Click on VPCs/VNets. This will list all the VPCs in your cloud accounts.
- Click on the Secure button to secure VPC.
- Select Service VPC.
- Checkbox "Send Traffic via Valtix Gateway". This will configure default route for spoke VPC to Valtix
- Click Save.
Tech Notes
When enabling Protected VPCs, Valtix Controller orchestrates the following:
- Create VPC peering between Valtix Service VPC (datapath) and Spoke VPC
- Add/Update default route to redirect spoke traffic to Valtix Gateway