How To Use Transit Gateways To Monitor Traffic

Uploaded on 2021-10-12 in FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Amazon Web Services ( AWS) cloud network connectivity is something many businesses have begun using, as it allows them to create run different network architectures. It has made migration of on premises services to the cloud a lot easier overall. 

In the past, businesses would need to use Virtual Private Cloud (VPC)  peering or Transit VPCs to create a system that allowed for connectivity between between on site centers and applications running in the cloud. This wasn't scalable though, and didn't allow for increased connectivity. 

Transit gateways are a new way of managing traffic through different VPCs and AWS accounts, making it a lot easier to use. Here's how the system works. 

What Is A Transit Gateway?

A transit gateway is a hub that connects up VPCs and on premises networks. It can support all kinds of attachments, from VPCs to VPN connections, SD-WAN network appliances, and AWS gateways too. 

There are several features a network gateway can offer you, so they're worth looking into:

Availability zone: A VPC attachment will create a network interface in the Availability Zone. When this has been enabled, you can use any subnet to route traffic through the transit gateway. 

Routing: You can handle complex routing needs with a transit gateway. You can have both dynamic and static routing tables, according to your needs. Static routes and black hole routes are available to uses, when you need to isolate attachments from each other. 

Inter region peering: Using an inter region attachment, you can peer transit gateways in different regions. This allows you to create global networks and take advantage of low latency communication, essential when your business is spread across different regions. 

Cross account connectivity: An AWS resource access manager can be used to share a transit gateway, and control communication between accounts. 

On premises connection: As a user, you can connect to the transit gateway by using a direct connect gateway. That allows you to connect while being on premises. It also allows for the creation of a backup, if needed. 

Multicast communication: A multicast protocol will allow you to deliver a single stream of data to several hosts at the same time. This is something that's highly useful in several fields, such as those working in video transcoding on the financial fields. 

How To Put Together Transit Gateway Topologies

One of the best things about a transit gateway is that there are lots of different ways you can use them, so you can create topologies according to your needs. Here are some examples you can use. 

Centralized router: This is one of the simplest ways to use a transit gateway. The gateway is used as a centralized router, which connects all attached VPCs, direct connects and so on. This allows all attachments to route packets to each other, and support transitive connectivity. 

Isolated VPCs: There are two different ways you can set up this topology. Firstly, you can use an isolated VPC with shared services. This gives you the addition of a shared services VPC. Each VPC can connect to on site services, but not each other. The other way is to use a peering transit gateways topology. The transit gateways used in different regions are peered together, allowing them to route traffic between them. You can also route traffic from an on site location to VPCs in different regions. 

Appliance shared services VPC: You can use this topology to host an appliance in a VPC, and have all your traffic routed through it. This is a good way to monitor traffic that's being used this way. 

Centralized outbound routing: This allows you to set up all outbound routing to go through a centralized VPC with an internet gateway attached. With this, you won't need an internet gateway for any other VPC that you use. This is often used for enterprise grade deployments. 

There are all kinds of ways you can use a transit gateway in your business. They allow you to change up your network in accordance with your needs, and allow for much easier working. They also help increase connectivity between on premises and cloud based systems. With all this information, you are now in a position set up a network that works for you. 

Emily Henry is a professional writer currently working with Dissertation Abstract UK writing service.

You Might Also Read: 

Incident Response In The AWS Cloud:

 

« Google’s DeepMind Faces Legal Action Over Data Misuse
Russian Cyber Security Chief Charged »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

AlgoSec

AlgoSec

The AlgoSec platform enables the world’s most complex organizations to gain visibility, reduce risk and process changes at zero-touch across the hybrid network.

Micron Technology

Micron Technology

Micron is a global leader in the semiconductor industry providing memory and secure storage devices for Networks, Mobile devices and IoT applications.

Ministry of Defence Georgia - Cyber Security Bureau

Ministry of Defence Georgia - Cyber Security Bureau

The aim of the Cyber Security Bureau is to establish and develop stable, effective and secure Information and Communication Technology systems for the Civil Office of MoD of Georgia.

Comtact

Comtact

Comtact is a government-approved Cyber Security and IT Managed Service Provider, supporting clients 24x7x365 from our ISO27001-accredited UK Network & Security Operations Centre (NOC/SOC).

NetLib Security

NetLib Security

NetLib Security’s powerful, patented data security platform helps companies control data loss prevention (DLP) by managing what data can be transferred outside of their network.

FedRAMP

FedRAMP

FedRAMP, is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services.

SIGA

SIGA

SIGA provides cyber security solutions for Industrial Control Systems SCADA systems used in critical infrastructures and industrial processes.

SKKU Security Lab (seclab)

SKKU Security Lab (seclab)

SKKU Security Lab supports research and education in information security engineering. The lab is a part of the College of Software, Sungkyunkwan University.

RCDevs

RCDevs

RCDevs is an award-winning Software company providing security solutions designed for modern enterprise technologies and suited for SMEs to large corporations.

GuardRails

GuardRails

GuardRails provides continuous security feedback that empowers developers to find, fix, and prevent vulnerabilities.

X-Ways Software Technology

X-Ways Software Technology

X-Ways provide software for computer forensics, electronic discovery, data recovery, low-level data processing, and IT security.

Imageware

Imageware

Imageware is a leader in biometric cybersecurity. Protect against costly, damaging ransomware hacks by employing biometric cybersecurity solutions.

Cider Security

Cider Security

Cider Security - It’s time to revolutionize the way Security, Dev and DevOps teams work together to supercharge security at the speed of engineering.

Apono

Apono

Apono enables DevOps and security teams to manage access to sensitive cloud assets and data repositories in a frictionless and compliant way.

Tsaaro Academy

Tsaaro Academy

Tsaaro Academy is a unique privacy certification training platform and here you earn a privacy certification CEH, CISM and DPO from India’s No.1 Privacy training platform.

Sev1Tech

Sev1Tech

Sev1Tech is a leading provider of IT modernization, cloud, cybersecurity, engineering, fielding, training, and program support services.