TCPWave Solutions for Cloud Networking

Introduction

TCPWave's enterprise DDI solution provides the mission-critical services necessary to run a business. However, disruptions in an enterprise's DDI service can be catastrophic, leading to an entire network shutdown that may include internet access, service outages of your critical IT applications, such as email, websites, VoIP, and software as a service (SaaS). Modern tech-savvy organizations are increasingly adopting cloud solutions and services for faster innovation and flexible resources. The cloud services you use in any form (SaaS/PaaS/IaaS) of solution helps to lower operational costs, run your infrastructure more efficiently and scale as your business needs change. Still thinking to try cloud solutions. Then, check out the reasons why an enterprise should adopt cloud solutions.

Cloud Computing Challenges in DDI

The core foundational services of any enterprise network are its DNS, DHCP, and IPAM; if they stop, the enterprise stops. Therefore, finding an enterprise-grade DDI solution that can drive the cloud adoption approach by automating DDI services is challenging for most organizations. There can be multiple problems that an organization may face while implementing the cloud concerning DDI; a few of them include:

Sluggish DNS and DHCP services in public and hybrid cloud environments.
Lack of centralized DDI management, multiple management platforms for tracking DDI logs and analysis.
IP conflicts, outages, and downtime.
Plumbing between core infrastructure and cloud.

TCPWave Approach to Cloud DDI Challenges

TCPWave offers core foundational services with the ability to allocate and de-allocate IP addresses on-demand within any cloud environment (public/ private/hybrid) to drive efficiencies, thus eliminating hidden costs of IP conflicts, outages, and downtime. TCPWave provides the critical nature of having visibility and interconnectivity between the core network and IP address space and cloud.
TCPWave cloud computing can detect, collect, and manage information about active hosts in predefined networks as well as virtual entities in private, public, and hybrid clouds managed through CMPs (Cloud Management Platforms) such as VMware vCenter servers and vSphere Hypervisor, OpenStack, and AWS (Amazon Web Services).
TCPWave's cloud solutions provide the following benefits:
- Get centralized visibility into devices and DNS-based threat vectors across on-premises, virtual, and cloud deployments, including VMware, AWS, Azure, Cisco ACI, and OpenStack.
- Decrease time to remediation by up to two-thirds.
- Make threat analysts up to 3x more effective.
- Reduce costs associated with manual intervention and human error.
- Ease the burden on perimeter defenses by blocking threats at the DNS control point.
TCPWave's public cloud DNS management feature automates the DNS updates to your public cloud, including Google DNS, Amazon Route53, and Azure DNS. In addition, TCPWave management appliances make sure that the internal and external DNS data are always in sync.
TCPWave also provides customizable IaaS images for public cloud deployments, thus answering your needs for a hybrid cloud approach.
By deploying TCPWave's cloud solutions, the enterprises can manage, compute, network, and perform storage management in multiple clouds with centralized visibility and automation of DNS/IPAM services for a multi-cloud strategy.

Key Use Cases

The following use cases define why TCPWave should be considered as an enterprises one-stop solution in public/hybrid cloud space:

Zero-touch provisioning of workloads to any public cloud using DevOps tools

TCPWave's IPAM appliance acts as a proxy and single pane of glass to manage all your cloud providers. With just a few clicks on an easy-to-use GUI, you can execute:

Multi-cloud management using a single template through the TIMS Terraform plugin.
Execute from anywhere using token-based authentication.
Create the next available VPC in the cloud.
Create the next available subnet in VPC.
External DNS data is always kept in sync.

Manage Route53 of multiple AWS accounts using IAM based authentication

DNS TCPWave bridges the gap by enabling role-based authentication across AWS accounts so that one account can manage Route53 of various accounts without the need to switch to accounts manually.

IAM role is created in AWS as the management account with a policy defined to access Route53 of that account and other accounts.
An EC2 instance is created with TCPWave IPAM AMI with the role attached.
An AWS cloud provider is created in IPAM. There is no need to provide AccessKey and SecretKey while creating cloud providers, as the temporary credentials are provided by the role assigned to the EC2 instance.
While creating a cloud provider, import the zone to account mapping details to let the cloud provider know the account and role that manages the imported zone.
While creating/updating/deleting a zone, the cloud provider gets the account and role for that zone from the zone to account mapping. If a mapping is found, the zone will be managed in the other account. Otherwise, the zone is managed in the management account.
Cloud provider connects to Route53 of the account, and the zone is added/updated/deleted in the corresponding account.
External DNS data is always in sync with the internal DNS data.

TCPWave automation with AWS Lambda

Combining AWS Lambda, CloudFormation and CloudTrail - TCPWave appliances runs within an AWS VPC to alter VM provisioning with no API calls ever leaving the AWS environment. This approach brings the full DNS and IP address management automation even when using the native AWS provisioning tools.

TCPWave remote appliance automatically creates AWS EC2 instances and DNS records that can be later scheduled to discover and populate the central management appliance. This procedure allows on-call provisioning for a wide variety of AWS items and offerings. In addition, it also allows to customize the naming and addressing schemes at the cost of a few extra attempts in scripting and customization.