Aokumo helped a FinTech company build a hybrid cloud using AWS Direct Connect to provide low-latency and reliable network infrastructure.
The client had entered into a relationship with a vendor, which required a leased line connection from their AWS environment to the vendor’s data center on very short notice.
Aokumo helped a FinTech company build a hybrid cloud using AWS Direct Connect to provide low-latency and reliable network infrastructure.
simplified network configuration
scalable network topology
availability achieved
faster client onboarding
The client needed to set up an AWS Direct Connect connection to route traffic from multiple AWS accounts and use source NAT IP translation to conform to the vendor’s networking specifications.
The client also wanted a scalable solution to provide this connectivity to their customers quickly and cost-effectively.
The client engaged Aokumo to architect a solution that met the delivery date and satisfied the strict specifications.
The network specifications were restrictive, which increased the complexity of the project.
The source and destination targets had several hops to traverse, which added to the round trip time.
The solution needed to be highly available in case of service degradation in a single availability zone.
There was no “off-the-shelf” solution available from AWS that met the specific requirements of the infrastructure.
Aokumo implemented a new VPC in the client’s centralized networking account with Direct Connect attached. The implementation satisfied the strict requirements and followed the well-architecture framework and the highest security standards.
Aokumo team deployed a private NAT Gateway in the new VPC, which would provide the source network address translation needed.
The team added Transit Gateway routes, routing the vendor’s destination IP range via the private NAT Gateway.
Aokumo team deployed an Istio TCP Ingress Gateway as a reverse proxy in EKS to allow the client to provide this same connectivity to their external clients.
Infrastructure as code makes it easy to configure and expand the network topology faster and securely.
Connecting thousands of VPCs in a centralized manner for better control.
Using a dedicated line with stable throughput and redundancy significantly improved the network availability.
Integrating Istio to provide the connectivity externally has made it easier to make additional connections instantly.
- An AWS service that allows users to extend their dedicated infrastructure into the AWS cloud securely and efficiently.
- An AWS networking service that connects VPCs and on-premises networks through a central hub acting as a cloud router.
- A service that lets users launch AWS resources in a logically isolated virtual network that they define and allows them to manage the entire resources.
- Connects instances in a private subnet to the internet using Amazon NAT Gateway, and prevent the internet from initiating connections.
- A managed Kubernetes cluster that allows to run and scale of containerized workloads in the AWS cloud at scale.
- An open-source service mesh that provides a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies, and aggregate telemetry data.
- An open-source Infrastructure as Code tool developed by HashiCorp to define and provision infrastructure using an easy-to-learn declarative language.