Overview¶
Valtix provides security solutions for Ingress, Egress and East-West for the applications running your VPCs/VNets. The Valtix Gateways can be deployed in each of the VPCs/VNets where your apps run, or as a Centralized (Hub Mode) in a Security VPC/VNet and connect the spoke VPCs/VNets to the Security VPC/VNet using AWS Transit Gateway in AWS or VNet/VPC peering in Azure and GCP.
Valtix Gateway is a Network Load Balancer/Gateway Load Balancer with a cluster of Valtix Firewall virtual machine instances as target-groups of the NLB. It is an auto-scale cluster that scales out and in depending on the traffic load. Valtix Controller and Gateway instances exchange constant and continuous information about the state, health and telemetry. The Valtix Controller makes the decision to scale out/in by measuring the telemetry data received from the Gateway instances.
The Gateways can be configured to run in multiple Availability Zones for a highly available, resilient architecture. This ensures that a single AZ failure from a Cloud Service Provider does not compromise the security posture for running applications.
Use Cases¶
Ingress¶
An application running in your VPC/VNet is accessed by the users on the Internet. You would like to secure this application.
Egress¶
An application running in your VPC/VNet is accessing URL's on the Internet (e.g payment gateways, github repos etc). You would like to secure this application to prevent Data Loss (DLP), using URL filtering to restrict the URLs the application accesses.
East-West¶
An application running in your VPC/VNet is accessing another application in a different VPC/VNet. You would like to create segmentation to allow communication between applications only if necessary.
Deployment Model¶
Distributed¶
You have applications running in multiple VPC/VNets. Deploy a Valtix Gateway in each of the VPCs/VNets.
Centralized / Hub¶
You have applications running in multiple VPCs/VNet. You would like to secure all the applications through a centralized security Services VPC/VNet. This model deploys the Valtix Gateway in a Services VPC. You attach all the application VPCs (Spoke VPCs) and the Services VPC to the AWS Transit Gateway or VNet/VPC peering in Azure and GCP. Valtix provides an option to orchestrate the AWS Transit Gateway, Services VPC and the Spoke VPC Attachments. This is the recommended solution for ease of deployment, removing the complexity of multiple route tables and Transit Gateway Attachments.
AWS - Using AWS Transit Gateway
Azure - VNet Peering
GCP - VPC Peering