Building a Scalable and Secure AWS Network Infrastructure

Aokumo helped a FinTech company build a hybrid cloud using AWS Direct Connect to provide low-latency and reliable network infrastructure.

SUMMARY

The Client

Based in Sydney, the client is an award-winning and fast-growing global financial institution providing Prime Services to institutional clients across the globe.

The Challenge

The client had entered into a relationship with a vendor, which required a leased line connection from their AWS environment to the vendor’s data center on very short notice.

The Impact

The client engaged Aokumo to architect a solution that met the delivery date and satisfied the strict specifications while ensuring the solution adhered to the highest security standards.

Client

Invast Financial Services Pty Ltd.

Industry

Financial Services

Website Link

https://www.26degreesglobalmarkets.com

Featured Services

Building a Scalable and Secure AWS Network Infrastructure

Aokumo helped a FinTech company build a hybrid cloud using AWS Direct Connect to provide low-latency and reliable network infrastructure.

Client

Invast Financial Services Pty Ltd.

Industry

Financial Services

Website Link

https://www.26degreesglobalmarkets.com

Featured Services

SUMMARY

The Client

Based in Sydney, the client is an award-winning and fast-growing global financial institution providing Prime Services to institutional clients across the globe.

The Need

The client had entered into a relationship with a vendor, which required a leased line connection from their AWS environment to the vendor’s data center on very short notice.

The Results

The client engaged Aokumo to architect a solution that met the delivery date and satisfied the strict specifications while ensuring the solution adhered to the highest security standards.

2

X

simplified network configuration

100

%

scalable network topology

99.99

%

availability achieved

5

X

faster client onboarding

Use case

The Summary

The client needed to set up an AWS Direct Connect connection to route traffic from multiple AWS accounts and use source NAT IP translation to conform to the vendor’s networking specifications.

The client also wanted a scalable solution to provide this connectivity to their customers quickly and cost-effectively.

The client engaged Aokumo to architect a solution that met the delivery date and satisfied the strict specifications.

Before

The network specifications were restrictive, which increased the complexity of the project.

The source and destination targets had several hops to traverse, which added to the round trip time.

The solution needed to be highly available in case of service degradation in a single availability zone.

There was no “off-the-shelf” solution available from AWS that met the specific requirements of the infrastructure.

After

Aokumo implemented a new VPC in the client’s centralized networking account with Direct Connect attached. The implementation satisfied the strict requirements and followed the well-architecture framework and the highest security standards.

Aokumo team deployed a private NAT Gateway in the new VPC, which would provide the source network address translation needed.

The team added Transit Gateway routes, routing the vendor’s destination IP range via the private NAT Gateway.

Aokumo team deployed an Istio TCP Ingress Gateway as a reverse proxy in EKS to allow the client to provide this same connectivity to their external clients.

The Outcome

2

X

simplified network configuration

Infrastructure as code makes it easy to configure and expand the network topology faster and securely.

100

%

scalable network topology

Connecting thousands of VPCs in a centralized manner for better control.

99.99

%

availability achieved

Using a dedicated line with stable throughput and redundancy significantly improved the network availability.

5

X

faster client onboarding

Integrating Istio to provide the connectivity externally has made it easier to make additional connections instantly.

Tools & Technologies

Aokumo leverages several Amazon services

AWS Direct Connect

- An AWS service that allows users to extend their dedicated infrastructure into the AWS cloud securely and efficiently.

AWS Transit Gateway

- An AWS networking service that connects VPCs and on-premises networks through a central hub acting as a cloud router.

Amazon VPC

- A service that lets users launch AWS resources in a logically isolated virtual network that they define and allows them to manage the entire resources.

Private NAT Gateway

- Connects instances in a private subnet to the internet using Amazon NAT Gateway, and prevent the internet from initiating connections.

Amazon EKS

- A managed Kubernetes cluster that allows to run and scale of containerized workloads in the AWS cloud at scale.

Istio

- An open-source service mesh that provides a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies, and aggregate telemetry data.

Terraform

- An open-source Infrastructure as Code tool developed by HashiCorp to define and provision infrastructure using an easy-to-learn declarative language.