AWS Networking Tag

AWS Partner Network
March 28, 2024by Sunil MitthintiBlog

5 Benefits of Working with an AWS Partner Company

AWS Partner Network (APN): Overview and Functionality

The AWS Partner Network (APN) constitutes a worldwide coalition of technology and consulting enterprises, delivering an array of services and solutions centered around Amazon Web Services (AWS). APN partners specialize in various domains including cloud migration, application development, and infrastructure optimization. Through collaboration with APN partners, businesses harness specialized expertise and resources, expediting their adoption of AWS and realizing digital transformation objectives. APN serves as a catalyst for collaboration, innovation, and expansion, linking AWS clients with a global network of reliable partners.

Why work with an AWS Partner?

In business, standing out always grants an additional advantage! Partnering with an AWS Partner Company is essential in today’s business landscape, as the partner company provides specialized expertise in AWS for innovation and competitiveness. These firms dedicate a team that comprehends the unique needs, ensuring seamless communication and effective issue resolution. This collaboration enables a focus on core objectives while skilled professionals manage cloud complexities. Furthermore, AWS Partner Companies provide invaluable guidance on cloud adoption and optimization, fostering innovation and enriching customer value. With support from certified experts dedicated to satisfaction, partnering guarantees sustained growth and success in the digital era.

Benefits of Collaborating with an AWS Partner Company

Teaming up with an AWS partner company provides a host of benefits that greatly enhance business operations and outcomes, as their expertise guides in resolving any issue. Their mission is to simplify and guide. Here’s an overview of these advantages:

Efficient Cloud Transformation: Certified AWS partner companies excel in cloud technology, ensuring smooth transitions to AWS services. Leveraging their expertise, businesses migrate systems and applications seamlessly, minimizing disruptions. With their guidance, they navigate the complexities of cloud transformation, overcoming challenges, and seizing opportunities. This ensures swift transitions, enabling businesses to capitalize effectively on the numerous benefits of AWS services, including scalability, cost-efficiency, and accelerated innovation.

Optimal AWS Utilization: Partner companies utilize their extensive expertise to unleash the complete power of AWS services. Through collaboration, they comprehend the unique requirements of businesses, tailoring solutions to fully exploit AWS capabilities. This alignment ensures enhanced performance, scalability, and operational efficiency for businesses. Optimizing AWS utilization not only maximizes cloud investment value but also provides a competitive advantage in the ever-evolving digital realm. This strategic approach empowers organizations to thrive amidst dynamic technological landscapes.

Timely Issue Resolution: AWS partners offer dedicated support and proactive monitoring, swiftly identifying and resolving issues to minimize downtime and optimize cloud infrastructure and application performance. This proactive approach enhances business continuity and customer satisfaction. With the assistance of an AWS partner, businesses can promptly tackle issues, minimizing disruptions and maximizing productivity. This collaborative approach ensures the seamless operation of cloud environments, empowering businesses to confidently prioritize growth and innovation.

Cost-Effective Guidance: Partner companies play a crucial role in providing businesses with cost-effective guidance for informed cloud decisions. Through collaboration, they identify opportunities for cost savings and efficiency improvements, ensuring alignment with budgetary constraints. Leveraging the specialized expertise of AWS partners, businesses can achieve their goals without sacrificing quality or performance. This consultancy approach empowers businesses to optimize cloud adoption, architecture design, and optimization strategies, resulting in a strong return on investment. Moreover, it facilitates the maintenance of financial prudence and operational excellence through strategic and informed decisions regarding cloud infrastructure and resources.

Partner Proximity for Focus: Close collaboration with an AWS partner grants businesses access to a dedicated team, fostering smooth communication and swift issue resolution. This enables a focus on core competencies and strategic goals. Supported by the expertise of an AWS partner, businesses confidently delegate technical tasks, prioritizing innovation, growth, and customer value. This ensures seamless operation and optimization of their cloud infrastructure, driving sustained success in a rapidly evolving digital landscape.

In a nutshell, collaborating with an AWS partner company empowers businesses to efficiently transform their cloud infrastructure, optimize AWS utilization, resolve issues promptly, receive cost-effective guidance, and benefit from partner proximity for enhanced focus and collaboration. These benefits enable businesses to thrive in their cloud initiatives, driving long-term growth and success in an ever-evolving digital landscape.

CloudTern partnership with AWS

CloudTern, an AWS Partner, offers comprehensive AWS cloud services, including consulting, migration, deployment, database management, security, and managed services. Our seasoned experts collaborate with AWS to cater to diverse clients worldwide, expediting their transition to the cloud with innovation and enterprise infrastructure optimization. Committed to success, CloudTern leverages its profound AWS proficiency to assist organizations at any phase of their cloud data journey, ensuring the realization of  business goals and maximizing the benefits of AWS.

Read More
everything-you-need-to-know-about-private-5g-networks
March 29, 2022by adminBlog

Everything you need to know about Private 5G Networks

everything-you-need-to-know-about-private-5g-networksThe 5th Generation mobile network, popularly known as 5G, is the new global wireless standard that succeeds the 4G technology. The 5G technology offers high-speed network connectivity with low latency and accommodates a wide range of devices in the network. Today, businesses are aggressively embracing the 5G revolution. However, the majority of businesses are challenged to apply the 5G benefits to operations owing to the exponential growth of digital innovation that is augmented with data-heavy emerging technologies in the form of AI/ML platforms, AR/VR solutions and real-time analytics. The Covid-19 pandemic was a key driver of this digital innovation. This is where private 5G networks make a strong case.

 

An Overview of Private 5G Network

A private 5G network enables organizations to customize 5G technology to suit business-specific requirements, security and priority access to its wireless spectrum. It replaces the 4G LTE network technology. However, businesses can still use private 5G along with 4G LTE networks as both networks use different frequency bands.

Private 5G networks can be classified into two categories:
Full Private 5G Network: When the network spectrum and network base stations are owned by the organization, that network is called a full private 5G network.
Hybrid Private 5G Network: In this model, the organization share the network infrastructure wherein the network is sliced with different control plane and user plane functionalities.

While both public and private 5G networks replace 4G LTE networks and are similar in most ways, isolation and priority access are two important aspects that differentiate them. Using private 5G networks, operators can partially or fully isolate certain user devices from the mobile network operator’s public networks as a security policy to reduce exposure to public interfaces when sensitive data is involved. When security is not a concern, devices can seamlessly switch between public and private 5G networks. Similarly, operators can configure the private 5G network to categorize activities on the network into different priority levels such that business-critical tasks are served first. Other non-critical tasks can be offloaded from the network or moved to a different network.
Hybrid multi-access edge computing environments are gaining popularity in recent times. MEC environments comprise cloud, mobile and edge computing technologies installed closer to the usage environment allowing applications and their data to operate in close proximity to end-user locations. Private 5G networks support hybrid multi-access edge computing networks and public networks.

 

Why Private 5G Networks are gaining momentum?

As 5G networks are evolving, organizations have multiple options to leverage private 5G technology. They can acquire spectrum from the following sources:
Licensed wireless providers (Midband or Highband Spectrum)
C-band Auction (Licensed Midband Spectrum)
Citizen Broadband Radio Services (CBRS) Priority Access License (PAL) from 2020 FCC Auction (Licensed Spectrum)
Citizen Broadband Radio Services (CBRS) General Authorized Access (GAA) Tier (Unlicensed Spectrum)

Another driver of private 5G adoption is the software-defined implementation in the form of Network Function Virtualization (NFV) that allows organizations to operate on commodity components instead of expensive and specialized hardware. For instance, Radio Access Network (RAN) functions can run on a commodity server managed by software running on top of it.

 

Managed Private 5G Networks

With the ability to connect multiple devices and machines with any network across the globe, private 5G networks are creating enormous opportunities for businesses. Today, managed private 5G networks are available as turnkey telecom solutions to businesses of all sizes. For instance, ‘On Site 5G’ is a managed private 5G network combined with AWS Outposts that enables organizations to deliver AWS infrastructure, tools and APIs to any environment. Similarly, AWS Private 5G, Azure Private 5G Core and Cisco Private 5G are a few other examples of fully-managed services for private cellular networks.

 

The Bottomline

Be it warehouse logistics, manufacturing, education or Energy & Utilities, private 5G networks are already in operation, providing organizations with the required customization and control of their connectivity. Now is the right time to tap into this trend and create new business opportunities.

Don’t worry about the complexities involved in the private 5G networks. CloudTern is here to help. As an experienced telecom solutions company, we help you quickly provision and manage your private 5G network cost-effectively.

Call us right now to join the private 5G network revolution!

Read More
Top 10 Benefits of AWS in 2021
August 19, 2021by adminBlog

Top 10 Benefits of AWS in 2021

top-10-benefits-aws-2021Technology is changing rapidly every year. The year 2021 is no different. However, one thing that remains constant here is the position of AWS in the public cloud infrastructure segment. AWS has been a leader in this segment since its advent.

According to Statista, AWS accounted for a market share of 32% in Q1 2021 earning revenues of $39 billion which is a 37% increase from Q1 2020. Azure and Google Cloud Platform recorded a market share of 20% and 9% respectively.

Here are the top 10 benefits offered by AWS in 2021:

1) Access to a World-class Technology Stack

Not every business has the luxury of laying hands on a world-class technology stack, owing to budget constraints and the lack of expert staff. Thanks to the AWS cloud, today, even small and medium businesses have access to cutting-edge technologies. It brings all players onto the same platform creating equal opportunities for everyone. Now, small and medium businesses can compete with enterprise solutions.

2) Always Innovating

Innovation is a key component of AWS offerings. The AWS team is committed to constantly driving innovation into the cloud infrastructure offering. This is one of the main reasons why top brands use AWS. Though Azure and GCP can compete with AWS in the pricing structure, innovation is what keeps AWS two steps away from its competitors. Being an AWS customer, you’re assured of cutting-edge technologies at cost-effective prices.

3) Always Economic

While AWS offers cutting-edge technologies, it manages to maintain an affordable pricing structure. As you only pay for the resources consumed without making any upfront commitments or long-term contracts, costs are predictable and economic as well. You can visit the AWS Economics Center to know about how organizations are optimizing resources and saving costs. According to a Cloud Value Benchmarking study, on average, businesses have saved 27.4% reduction per user, 57.9% increase in VM managed per user, 37.1% decrease in time to market new features and 56.7% decrease in downtime. All these aspects add up to your savings. AWS offers a calculator to keep track of all your cloud expenses.

4) Highly Flexible

One of the biggest advantages of AWS is its flexibility which allows you to customize your technology stack. Be it a programming language, operating system, database or web application platform, you can pick and choose your stack and easily load them into the virtual environment offered by AWS. Similarly, you can choose an out-of-box platform or customize and configure the entire stack from scratch.

5) Easy to Use

AWS solutions are designed with ease of use in mind. Whether you are a novice user or a technology expert, AWS makes it easy to move your applications to the cloud. You can take advantage of the AWS console to access the web application platform. Alternatively, you can use the web services APIs to do so. AWS offers extensive documentation on how to use these web services APIs making your job easy and fast.

6) Security at its Best

Security and better control over the datacenter were the two important barriers to cloud adoption for a long time. However, AWS takes security pretty seriously. AWS security is based on a shared model wherein AWS controls the security on the cloud infrastructure while the customer handles security at the customer endpoint. Data is distributed across multiple datacenters making it resilient, faster to access and quick to recover from a disaster. All datacenters are secured with end-to-end protection. The company uses firewalls to ensure data is protected and encrypted while moving across endpoints. It offers the Identity and Access Management feature wherein users are provided with role-based access controls. Multi-factor authentication is available too.

7) Scale at your Pace

Taking advantage of the massive infrastructure and the pay-per-use model, you can start small and scale at your own pace. AWS offers Elastic Load Balancing and Auto Scaling features that enable you to automatically scale resources as per traffic surges. Automation of Horizontal scaling comes out of the box. For automating vertical scaling, you need to configure AWS Ops Automator V2.

8) Comprehensive Cloud Solutions

With AWS, you don’t have to look in other directions. AWS is a single-stop solution for all your cloud infrastructure needs. It offers a wide range of tools and services. With datacenters located in 190 countries, you can scale globally. In addition to its massive infrastructure, AWS has a wide partner network that helps you with required tools for every cloud need, right from migrating to the cloud and developing in the cloud to optimizing cloud operations and managing workloads.

9) Extensive Support

While AWS solutions are easy to use, the company offers extensive documentation and support when it comes to walking you through the installation or configuration of tools and services. AWS website contains documentation, user guides, videos, forums and blogs to help you with the stuff. You can take advantage of the vibrant community as well.

10) The Brand Matters

Along with all the above mentioned, the brand value matters too. AWS is the leader in the cloud infrastructure segment and delivers cutting-edge solutions. When you subscribe to AWS solutions, it means your business operations are powered by world-class technologies that are second to none. So, it gives a big boost to your operational efficiencies and increases trust among customers.

Read More
Why CloudTern Chose Kubernetes for Container Orchestration?
November 6, 2020by Ramu KambalapuramBlog

Why CloudTern Chose Kubernetes for Container Orchestration?

In the traditional software development environment, creating an application was a simple process of writing the code. However, the rapid innovation that has brought-in a myriad of technologies, tools, frameworks, architecture and interfaces adds enormous complexity to application development environments. The advent of smartphones has opened up another world of mobile computing environment which adds up to this challenge. Developers now have to consider all these aspects while creating an application. Containerization solves all these challenges enabling developers to focus on just the application and not worry about runtime environment differences.

An Overview of Containerization

A container is a standalone and portable software unit that is packaged with code and its entire runtime environment such as binaries, libraries, dependencies, configuration files etc. By abstracting away the underlying infrastructure, OS and platform differences, containers facilitate seamless movement of applications between different computing environments. Right from a large enterprise application to a small microservice, containerization can be applied to any type of application or service. The absence of the OS image makes containers lightweight and highly portable.

The Evolution of Containerization

Containerization is not a new concept and has been around for decades. Unix OS Chroot was the first system that implemented containerization, providing disk space for each process. Derrick T. Woolworth extended this feature in 2000 wherein he added a sandboxing feature for file system isolation in FreeBSD OS. While Linux implemented this feature in its VServer in 2001, Solaris released containers for x86 in 2004. Similarly, Google introduced Process Containers in 2006 to isolate resources. Linux introduced container manager, LXC in 2008. CloudFoundry introduced LXC in Warden which was able to run on any operating system. Google introduced Linux app containers in 2013 which was called lmctfy. However, containerization gained widespread adoption with the advent of Docker in 2013.

Virtual Machines Vs Containers

Containers are often confused with virtual machines. Containers and virtual machines share a lot of similarities in terms of resource isolation and allocation but differ in the functionality. A virtual machine is created by abstracting physical resources from a machine and deployed to run in an isolated computing environment to deliver the functionality of a computing device. Each virtual machine contains the copy of the operating system and all the dependencies of the application running on it. A hypervisor is used to run multiple VMs on a single machine. As it contains the full copy of OS, it is larger in size and takes more time to boot. 

While a VM virtualizes hardware resources, a container virtualizes the operating system. Multiple containers share the same OS kernel and run in isolation on the same machine. As there is no OS, containers are lightweight, portable, run more applications and take less time to boot. By combining both these technologies, organizations can gain more flexibility in managing and deploying a range of applications.

Benefits of Containerization

Containers bring amazing benefits to organisations. Here are a few of them:

Highly Portable

While the absence of a full OS copy in a container makes it light-weight, the abstraction of underlying infrastructure makes it highly portable. It means, containers can be easily deployed in an on-premise data center, public cloud or on any individual laptop. Containers run on Windows, MAC, Linux, virtual machines or even on bare metals, offering higher flexibility for development and deployment of applications. 

Improved Efficacies and Increased Productivity

Containers clearly define the role of developers and operations teams. With language runtimes, software libraries and dependencies, containers assure predictable and consistent environments, regardless of where the applications run. As such, operations and development teams can stop worrying about software differences across environments and focus more on improving performance of apps, resulting in more productivity and efficacies.

Faster and Better Application deployment

Containerization significantly improves the build, test and deployment of applications. Compared to virtual machines that take minutes to load, containers can be spinned up within seconds. They share a single OS kernel, boot much faster and consume less memory. By packaging an app along with its dependencies into isolated software units, containers facilitate easy replication of apps on multiple machines across the clusters, rapid deployment and scaling. 

Docker – A Synonym for a Container

Docker is an open-source tool that helps both development and operations teams in building, managing and deploying containers with ease. Docker was originally created for Linux but now supports MAC and Windows environments. Docker Engine is a runtime environment that lets you build and run containers and store these images in Docker Hub container registry.

As a leading cloud solutions company, CloudTern manages containerization needs for multiple companies. Docker offers the flexibility to integrate it with major infrastructure automation and configuration management solutions such as Puppet, Chef, Ansible, SaltStack etc. or independently manage software environments. In addition, Docker allows us to integrate it with the CI/CD pipeline and run multiple development environments that are similar to real-time production environments on a single machine or try different configurations, servers, and devices etc. for running test suites. As such, our clients were able to deploy software more frequently and recover faster while significantly reducing the change failure rate.

While there are other container management tools such as RKT, Canonical, Parallels etc., Docker is the most popular tool that has now become a synonym for a container. The fact that Docker can be used on any operating system or cloud makes it the first choice for many. At CloudTern, we proactively monitor technology changes and offer the best IT solutions for our clients. So, Docker is our first choice for all containerization needs.

Why Container Orchestration?

Looking at the significant benefits offered by containers, several organizations are now implementing container technology into their CI/CD environments. As containers are quick to spin up, lightweight and portable, thousands of containers are created and deployed across the infrastructure. A typical IT infrastructure runs hundreds of containers that come with a shorter lifespan which pose great complexity in infrastructure monitoring.  You need to closely monitor and manage them to know what’s running on each server. This is where cloud orchestration tools come to the rescue.

Kubernetes, Mesosphere and Docker are the most popular cloud orchestration tools. 

An Overview of Kubernetes

Kubernetes is the most widely used container orchestration tool in recent times. Kubernetes was developed by Google and released in 2014. It is now managed by Cloud Native Computing Foundation (CNCF). Kubernetes allows organizations to easily automate deployment, scaling and management of container applications across a cluster of nodes. It is a standalone software that can independently manage containers without Docker or work with Docker in tandem. 

A Quick Overview of Kubernetes Architecture

The kubernetes architecture consists of two core components:

  1. Nodes (bare metals or virtual machines): Nodes are again divided into two components: 
    1. Master: A master node is where the Kubernetes is installed. The Master node controls and manages scheduling of pods across worker nodes where the application runs while maintaining the state of the cluster at its predefined state. Multiple master nodes are implemented to maintain high availability. Here are the key components of a master node.
      1. Kube-contoller-manager: It is responsible to maintain the desired state of a cluster by listening to the kube-apiserver about the information of the current state. 
      2. Kube-scheduler: It is the service that schedules events and jobs across the cluster based on the availability of resources of predefined policies via the kube-apiserver.
      3. Kube-apiserver: It is the API server that enables UI dashboards and CLI tools to interact with Kubernetes clusters.
      4. Etcd: It is the master node storage stack that contains definitions, policies, state of the system. 
    2. Worker Node: This is where the actual application runs. It contains the following components:
      1. Docker: It contains the Docker engine to manage containers.
      2. Kubelet: It receives instructions from the master node and executes them while sending information about the state of the node to the master.
      3. Kube-proxy: This service facilitates communication between microservices and pods within the cluster as well as connect the application to the outside world.
  2. Pods: A pod is a Kubernetes basic unit of deployment. All containers required to co-exist will run in a single pod. 

Why CloudTern Chose Kubernetes?

As a leading cloud managed Services Company, CloudTern handles cloud networks of multiple organisations. A typical IT network comprises multiple nodes that can be anything from virtual machines to bare metals. Multiple nodes are implemented by IT administrators for two important reasons. Firstly, high availability is a key requirement for cloud-based services wherein the application should always be available to users even when a node is down. So, a robust infrastructure has to be set up. Secondly, scalability is a key concern. As the application traffic increases, more containers should be dynamically added or removed on-demand. Multiple containers of an application should talk to each other as well. 

Docker Swarm is a container orchestration tool offered by Docker. It uses Docker API and works in tight integration with Docker. However, CloudTern chose Kubernetes because Kubernetes efficiently co-ordinates a large cluster of nodes and scales better in production compared to Docker that runs only on a single node. It helps you manage and orchestrate container resources from a central dashboard.

Kubernetes securely manages networking, load-balancing and scales well. In addition, it allows you to group containers based on a criteria such as staging environments or implement access permissions. So, it eliminates the need to mock up the entire microservices architecture of an application for the development team. You can deploy software across pods in a scale-out manner and scale in deployments on-demand. It gives clear visibility into the deployment process wherein you can check the completed, in-process and failed deployments from a single pane. You can save time by pausing and resuming a deployment at your convenience. The version control feature allows you to update pods with latest images of the application and roll back to a previous one, if needed.

With support for 5000 nodes and 300,000 containers, Kubernetes works well for organizations of all sizes. Combined with Docker, Kubernetes offers a highly scalable cloud orchestration system delivering fast and reliable applications. Kubernetes enjoys a large and vibrant community which means you can always be up to date with what’s happening with the tool or get help to resolve any issues. 

The Bottom Line

Kubernetes is not just a personal choice. Today, Kubernetes is the market leader in container orchestration. According to StackRox, Kubernetes market adoption reached 86% by Spring 2019.  These market statistics once again affirm the fact that CloudTern always offers the right tools for the right IT tasks.

References

https://www.netapp.com/us/info/what-are-containers.aspx

https://www.docker.com/resources/what-container

Read More
How to import VM image to AWS
January 19, 2018by Ramu KambalapuramBlog

How to import VM image to AWS

One of the coolest features I like about AWS is it not only gives you the powerful images through AMI but also allows you to import your VM images running in your data center as well. In this, I would like to show you how simple it is to import the VM image into the AWS

The prerequisites for VM import are

For S3 Bucket I am assuming name “my-vm-imports”

Creating IAM Role

You cannot create using the AWS management console. You have to follow the aws- only

  1. create a trust policy trust-policy.json
{

   "Version": "2012-10-17",

   "Statement": [

      {

         "Effect": "Allow",

         "Principal": { "Service": "vmie.amazonaws.com" },

         "Action": "sts:AssumeRole",

         "Condition": {

            "StringEquals":{

               "sts:Externalid": "vmimport"

            }

         }

      }

   ]

}

2. Using aws command line create a role vmimport

aws iam create-role --role-name vmimport --assume-role-policy-document file://trust-policy.json

3. Create a file named role-policy.json with the following policy

{

   "Version": "2012-10-17",

   "Statement": [

      {

         "Effect": "Allow",

         "Action": [

            "s3:ListBucket",

            "s3:GetBucketLocation",

            "s3:FullAccess"

         ],

         "Resource": [

            "arn:aws:s3:::my-vm-imports"

         ]

      },

      {

         "Effect": "Allow",

         "Action": [

            "s3:GetObject"

         ],

         "Resource": [

            "arn:aws:s3:::my-vm-imports/*"

         ]

      },

      {

         "Effect": "Allow",

         "Action":[

            "ec2:ModifySnapshotAttribute",

            "ec2:CopySnapshot",

            "ec2:RegisterImage",

            "ec2:Describe*",

            "ec2:FullAccess"

         ],

         "Resource": "*"

      }

   ]

}

4. Use the following command “put-role-policy” to the role we created before.

aws iam put-role-policy --role-name vmimport --policy-name vmimport --policy-document file://role-policy.json

Next steps :

  1. Upload the VM image to S3
aws s3 cp file_path s3://my-vm-imports

2. Create a container file which contains the s3 bucket name, format, description and key name in the s3 bucket. Save this file as JSON

[

  {

    "Description": “My VM",

    "Format": "ova",

    "UserBucket": {

        "S3Bucket": “my-vm-imports",

        "S3Key": "my-vm-imports/myVm.ova"

    }

}]





Note: Only OVA,VMDK image formats are supported in AWS


4. Finally, import the image from S3 with import-image command. After that, your image(AMI) will be ready for use


aws ec2 import-image —description “Linux or Window VM” —-disk-containers file://container.json



Thanks for Reading.


Best Regards


CloudTern








Read More
									

									
			

				
				

					
    
						
    • 					

				

			

			
							

									

				

			

		

	

	

		

			

			
Hybrid Cloud Architecture with CISCO CSR 1000v
November 14, 2017by Ramu KambalapuramBlog
Hybrid Cloud Architecture with CISCO CSR 1000v
Cisco CSR 1000v series is a router software appliance from Cisco. It provides enterprise routing, VPN, Firewall, IP SLA, and more.CSR 1000v can be used to connect multiple VPC across all-region in AWS Cloud and on-premise networks. Thus it can be used avoid managed VPN service from AWS.


In AWS, you can find Cisco CSR 1000v in AWS marketplace which has 30 days free trial to test it out. AWS Marketplace for Cisco. Be aware this is not cheap, it will cost you EC2 Instance charges. All instance types are not supported for CSR 1000v. It supports only m3 and c3 instance family types.


Cisco CSR 1000v Can be used in various network models in cloud like Transit VPC, multi-cloud Network.


Following is the Architecture I have used to connect multiple VPC.




The two VPC’s are one in N.Virginia region and other is in Ohio Region. And Each VPC has Internet Gateway and were connected over VPN. On Ohio region, we used AWS managed VPN service to connect VPC in N.Virginia region VPC. And On-Premise Edge Router we used Cisco RV110W small business router. In this Post, I would like to mention the steps to follow to establish VPN over two VPC’s spread in two different regions in AWS.


Steps to create VPC’s in two regions:


    

  1. Create VPC in N.Virginia Region with CIDR 10.0.0.0/16 and attach Internet Gateway to it. you can do it from CLI or through the management console.

    aws ec2 create-vpc --cidr-block 10.0.0.0/16 --region us-east-1

Output:
{
            "Vpc": {
                "VpcId": "vpc-848344fd",
                "InstanceTenancy": "dedicated",
                "Tags": [],
                "CidrBlockAssociations": [
                    {
                        "AssociationId": "vpc-cidr-assoc-8c4fb8e7",
                        "CidrBlock": "10.0.0.0/16",
                        "CidrBlockState": {
                            "State": "associated"
                        }
                    }
                ],
                "Ipv6CidrBlockAssociationSet": [],
                "State": "pending",
                "DhcpOptionsId": "dopt-38f7a057",
                "CidrBlock": "10.0.0.0/16",
                "IsDefault": false
            }
          }


aws ec2 create-internet-gateway --region us-east-1

Output:

          {
              "InternetGateway": {
                  "Tags": [],
                  "InternetGatewayId": "igw-c0a643a9",
                  "Attachments": []
              }
          }



aws ec2 attach-internet-gateway --gateway-id <<IGW-ID>> --vpc-id <<VPC-ID>> --region us-east-1
    

    2. 

  2. Create two subnets in N.Virginia Region VPC, one for CSR 1000v with CIDR 10.0.0.0/24 and another subnet with CIDR 10.0.1.0/24.

    aws ec2 create-subnet --cidr-block 10.0.0.0/24 --vpc-id <<VPC-ID>> --region us-east-1

Output:
{
              "Subnet": {
                "VpcId": "vpc-a01106c2",
                "AvailableIpAddressCount": 251,
                "MapPublicIpOnLaunch": false,
                "DefaultForAz": false,
                "Ipv6CidrBlockAssociationSet": [],
                "State": "pending",
                "AvailabilityZone": "us-east-1a",
                "SubnetId": "subnet-2c2de375",
                "CidrBlock": "10.0.0.0/24",
                "AssignIpv6AddressOnCreation": false
              }
          }

aws ec2 create-subnet --cidr-block 10.0.1.0/24 --vpc-id <<VPC-ID>> --region us-east-1

Output:
{
              "Subnet": {
                "VpcId": "vpc-a01106c2",
                "AvailableIpAddressCount": 251,
                "MapPublicIpOnLaunch": false,
                "DefaultForAz": false,
                "Ipv6CidrBlockAssociationSet": [],
                "State": "pending",
                "AvailabilityZone": "us-east-1b",
                "SubnetId": "subnet-2c2de375",
                "CidrBlock": "10.0.1.0/24",
                "AssignIpv6AddressOnCreation": false
              }
          }
    

    3. 

  3. Create Route Table in N.Virginia VPC which will have the default route to Internet Gateway.And associate CSR subnet to it.
    4. 





4. Launch the CSR 1000v from AWS MarketPlace with the one-click launch. Link To AWS Marketplace, you can ssh into the CSR 1000v instance using ec2-user.Attach Elastic IP to the CSR instance which will act as Customer Gateway in N.Virginia Region VPC. In later steps, we will configure the router to add Static routes to other subnets in VPC and setting BGP to propagate routes over VPN Connection with other VPC.


5. In a similar fashion create VPC in AWS Ohio region with CIDR 10.1.0.0/16 And create two subnets with CIDR 10.1.0.0/24 and 10.1.1.0/24


Steps to Create VPN connection in AWS Ohio VPC


    

  1. Create Customer Gateway. Open VPC management console at console.aws.amazon.com. In navigation pane choose Customer Gateway and then create new Customer Gateway. Enter Name, Routing type as Dynamic and EIP of the CSR 1000v instance in N.Viriginia Region VPC. ASN number is 16-bit and must be in the range of 64512 to 65534.
    

    2. 

  2. Create VPG and attach to the VPC.In the Navigation Pane choose Virtual Private Gateway and create VPG.
    3. 

  3.  Now Create VPN connection. In Navigation Pane Choose VPN Connection, Create New VPN Connection. Enter the Name, VPG and Customer Gateway which we have created previously, select routing type as Dynamic and create VPN connection.
    4. 



It will take few minutes to create VPN connection. When it is ready to download the configuration for Cisco CSR from the drop-down menu.


Steps to establish VPN Connection on CSR 1000v


    

  1. Add static routes of other subnets in VPC(N.Virginia) to CSR 1000v. Every subnet in AWS has a virtual router with IP address of Subnet CIDR +1. As CSR router will be in Subnet 10.0.0.0/24  the virtual router IP address will be 10.0.0.1. The Virtual Router on each subnet has a route to other all subnets in the VPC.

    >Configure terminal
#ip route 10.0.1.0 255.255.255.0 10.0.0.1
    

    2. 

  2. Configure BGP. Choose the ASN number which you gave while creating Customer Gateway in Ohio VPC. Above we gave 64512

    > Configure terminal
(config)#router bgp 64512
(Config-router)# timers bgp keepalive holdtime
(Config-router)# bgp log-neighbor-changes
(Config-router)# end
    

    This step might not be necessary. But as good practice, I have applied the above configuration before copying the configuration file that is downloaded before.
    3. 

  3. Apply the Configurations that are downloaded previously when VPN Connections Created. After you have applied those setting on CSR you can see on the management console that both the tunnels of VPN as UP.
    4. 





Testing to check connectivity between two VPC’s


    

  1. Launch an instance in subnet1 in Ohio region VPC’s with Public IPv4. SSH into the instance and ping the CSR 1000v instance private IP.
    2. 

  2. Similarly, you can check connectivity with Ohio Region VPC by pinging the instance in subnet1 in Ohio region VPC with its Private IP.
    3. 



Troubleshooting :


> Route Propagation must be added to the route table in Ohio Region VPC.


> You must configure CSR 1000v as NAT, so the subnets in N.Virginia region can access the hosts in Ohio region VPC via CSR 1000v. You need to Update the route table with target fo CSR 1000v instance-id after making it as NAT.


> Allow ICMP in Security groups on all instances.


Thanks and Regards


Naveen


AWS Solution Architect @CloudTern


Read More
									

									
			

				
				

					
    
						
    • 					

				

			

			
							

									

				

			

		

	

	

		

			

			
VPC Design Principles
November 2, 2017by Ramu KambalapuramBlog
VPC Design Principles
Virtual Private Cloud(VPC) creation is the first step in building your infrastructure in AWS Cloud. AWS gave the flexibility to create VPC based on RFC4632 . Major Components of VPC : VPC CIDR, Subnets, Route Table, ACL and Security Groups. The VPC creation is a straightforward method just grab a CIDR based on RFC4632  but subnetting the VPC can consider the  following principles.


Creation of Subnets:


Primary reasons to create Subnets


    

  1. You need hosts to be routed successfully.(Private facing or Public facing)
    2. 

  2. Want to distribute Workload across multiple AZ’s( Availability Zones) for fault tolerance.
    3. 

  3. Create Subnets for hosts that require additional layer of  Security using ACL ( Access Control List)
    4. 



Subnet the network into smaller networks which can be considered as  Public Subnets, Private or VPN only subnets. These networks are supernets and not the actual subnets we create. Then subnet each supernet into smaller networks which you fit your hosts into it. 




Note* : AWS reserves 5 IPs when you create a subnets. So more subnets you create more ips you will lose. For example for subnet 10.0.0.0/27 following IP’s are resolved


    

  1. 10.0.0.0 network address
    2. 

  2. 10.0.0.1 Virtual Router address
    3. 

  3. 10.0.0.2 DNS address
    4. 

  4. 10.0.0.3 Reserved by AWS for future use.
    5. 

  5. 10.0.0.31 Broadcast address
    6. 



Route Tables


All the hosts within VPC can be routed to other hosts in the VPC using an implicit virtual router . A Default Virtual Router would be created when you create the subnet. For example a subnet with CIDR 10.0.0.0/27 will have Virtual Router with IP 10.0.0.1 ( Subnet CIDR + 1). This Router will utilize the route table entries of the subnet associated with.


Each Subnet should be associated with a Route Table for traffic to flow.If a subnet is not associated to any route table, it will use the default Main Route Table. Route Table can be associated with multiple subnets.


    

  1. Create Route Tables for Subnets that need different Routing requirements(Public facing or Private facing).
    2. 

  2. Create Route Table for subnets that require more specific routing. For example a subnet may be needed to allow traffic only from a pool of IP address.
    3. 



Access Control List(ACL)


ACL Provide security at Subnet Level. You can control what traffic to flow in and out of a subnet. ACL are stateful, i.e you have to define both ingress and outgress traffic in the rule list. 


You can find more at ACL Overview


Create ACL if you want restrict any traffic to flow to the hosts in the subnets. 


Network Address Translator (NAT)


A NAT is used to provide Outbound internet to the hosts inside Private Subnets. Route Tables for Private Subnets has to updated with logical id of NAT to provide Outbound Internet Connectivity to hosts inside private Subnet. 


Based on the above principles ,a Concrete Example for  Creating VPC in Practice is below


    

  1. Subnet the VPC CIDR to Public facing or Private facing Subnets. 
    2. 

  2. All Private facing subnets would be associated with a single Route Table, and  ACL. The same would be applied for VPN Subnets and Public Subnets with different Route Tables and ACL
    3. 

  3. Create a Subnet if more security is needed at subnet level using ACL and associate the subnet to Route Table.
    4. 



The following figure shows the summary of VPC Design in AWS




Read More
									

									
			

				
				

					
    
						
    • 					

				

			

			
							

									

				

			

		

	

	

		

			

			
Create AWS AMI with custom SSH username and password
September 3, 2017by Ramu KambalapuramBlog
Create AWS AMI with custom SSH username and password
		

						

						

					

			

						

				

									
Introduction


EC2 instance that is launched with Amazon Linux AMI will come up with ec2-user and you can only SSH into that instance with Private Key.


Need


We wanted an Amazon Linux AMI (Base Image) with default username (similar to ec2-user) and that should allow SSH login with a password.


SSH login with a password is also a requirement for authenticating user login with OpenLDAP Server. That way our IT Operations need not remember new login information.  They can use their existing logins.


Solution





    
 	
  1. Launch Amazon Linux AMI micro instance.
    2. 
 	
  2. Connect to instance with private key
    3. 
 	
  3. Create SSH User and give sudo permission  (similar to ec2-user)

      
 	
    1. sudo useradd -s /bin/bash -m -d /home/<ssh-user-home-directory> -g root <ssh-user-name>
      2. 
 	
    2. sudo passwd <ssh-user-name>
      3. 

    

    4. 
 	
  4. Enable Password login for SSH (add following snippet of code at the end of /etc/rc.local file)
    5. 


           if grep -Fxq “PasswordAuthentication no” /etc/ssh/sshd_config 

           then

                   #This instance launched for this first time, pleae enable SSH with password login

                    sed -i ‘s/^PasswordAuthentication.*/PasswordAuthentication yes/’ /etc/ssh/sshd_config

                    /etc/init.d/sshd restart

           fi

           This piece of code will change PasswordAuthentication to yes in sshd_config file. (If we don’t do       this every time we create Instance with AMI that will overwrite sshd_config file)



    
 	
  1. Stop the instance
    2. 
 	
  2. Select Instance and create Image
    3. 
 	
  3. Now launch Instance with above created AMI.
    4. 
 	
  4. After Instance is launched you can log in with ssh username you have created in step 3.
    5. 



								

				

					

		

					

		

				

		
Read More
									

									
			

				
				

					
    
						
    • 					

				

			

			
							

									

				

			

		

	

	

		

			

			
Path to the AWS Cloud
August 22, 2017by Ramu KambalapuramBlog
Path to the AWS Cloud
		

						

						

					

			

						

				

									
Introduction : Path to the AWS Cloud
Path to the AWS CloudYou’ve heard of software as a service (SaaS), Infrastructure as a Service, Platform as a Service, There is XaaS to describe Anything as a Service.  Now you can provide all of your company’s functions “as a Service” – Your Company as a Service (YCaaS).  You will be more scalable, more available, more connected to employees and customers, as well as suppliers.  Just hop on this cloud…
This blog is written to simplify your trip to the cloud.  It is written as a general-purpose document and specific details will vary with your needs.  This guide is written for migration to the AWS Cloud Platform. You will need an AWS account to begin this migration.  The result will be a very flexible and highly available platform that will host services for internal or external use.  Services may be turned up or discontinued, temporarily or permanently, very easily.  Services may be scaled up or down automatically to meet demands.  Because AWS services are billed as a service, computing services become operational rather than a capital expense (CAPEX).
The Framework
Exact needs will vary based on the services being migrated to the AWS Cloud.  The benefits of a structured, reliable framework will transform your organization’s approach to planning and be offering online services.  The AWS CAF (Cloud Adoption Framework) offers a structure for developing efficient and effective plans for cloud migration.  With guidance and best practices available within that framework, you will build a comprehensive approach to cloud computing across your organization.
Planning
Using the Framework (AWS CAF) to break down complicated plans into simple areas of focus, will speed the migration and improve success.  People, process, and technology are represented at the top level.  The components of the focus areas include:
  • Value (ROI)
  • People (Roles)
  • Priority and Control
  • Applications and Infrastructure
  • Risk and Compliance
  • Operations
Value, or Return on Investment, measure the monetary impact on your business.  For customer facing services, this could mean reaching more customers faster.  Customer engagement and meaningful transactions.  For internal services, ease of access and pertinence of content adds value.
People occupy many roles.  Organizationally, internal stakeholders will need to be involved in decision making and in ongoing support.  Business applications’ stakeholders have outcomes which they own in the planning stages and in the long term utilization. The content provider will have initial and ongoing responsibilities.  The end user is dependent on the platform and the other stakeholders.
Priority and control of the service are defined with the resources dedicated to the service migration and allowable disruption.  Priorities are affected by readiness.  New services are often easier to migrate due to the compatibility of platforms.  These may be migrated quickly ahead of more cumbersome services.  Mission critical services will require the resources and special attention that goes with critical status.
Risk and compliance are defined by the category of the usage of the service.  Commerce with external entities will demand PCI compliance.  Personal information of internal entities will demand HIPPA compliance.  CRM and general information will need copyright identification.
Operations are involved in the migration phase as the process of service migration affects business operations.   Because migration is not a day to day business process, it will require its own resources, planning, and priorities.  These priorities affect the resources available for the migration.  A fast migration may require more resources, people, bandwidth, communications.  Lower priority allows for fewer resources and, typically, less disruption.
Migration process
Migration is a process that will ride on top of the normal business process.  In order to successfully migrate to the cloud, all of these considerations will affect planning.  Given priorities that are decided upon, identify the people and roles that will be involved in the migration.  Communicate the specific outcomes the team will be responsible for.  Be specific, gain agreement and ownership.  Deliver the resources that the team identifies as needed to meet goals.  This includes time.  If the team has to be away from normal day to day responsibilities business process must be temporarily re-routed.  This will involve support teams one level removed from the migration.
Outsourced teams can provide temporary resources in highly specialized roles to reduce the impact on business operations.  Do the initial planning to determine your needs.  Choose an outsourced team based on experience in the specific roles you will need to fill.  Integrate the imported resources with appropriate internal team members.  Give ownership to the internal team and empower them to act when needs arise.
Construct the entire migration model before beginning the process.  Build the budget and prepare for the impact of resource dedication up front.  Measure progress against the model on weekly basis.  Communicate to the team that adjustments will be needed, and communication is the way these adjustments are dealt with.  Remember the butterfly effect: every change will result in cascading consequences.  With reliable communications, everyone will be more comfortable with the temporary effects of this over the top process.
When the team and their roles are communicated, the non-human resources can be quantified.  How much bandwidth will be required to meet identified goals?  Is the network capable of delivering on the required bandwidth, or will infrastructure need to be upgraded?  Consider the impact on infrastructure on critical business services that may occur during the migration.  Be prepared for contingencies and unexpected demands.
If network augmentation is required, how deep into your infrastructure will you need to adjust.  As data migration paths are identified and bandwidth is dedicated, will other segments of the network be affected?  These network augmentations have power and space impacts. Downstream, there will be additional people affected as configurations and replacement equipment are implemented.
Peak demand capacity is often a separate planning impact.  Peak busy hours will result in oversubscription of available bandwidth.  With oversubscription, will come service impact.  The impact is easily underestimated because saturation will lengthen the impact duration.  Along with the capacity planning, there needs to be service level consideration.  What tolerance to latency will the user base have?
Availability planning during migration will determine impact in the event of the disaster.  Business continuity plans may need to be modified during the migration period.  Existing failover functions will not include the migration paths.  If not addressed in advance, an unplanned outage will disrupt your migration and likely have a negative business impact.  Whatever availabilities are associated with your services which are migrating will need planning for the migration.
The cost of maintaining duplicate services during migration include licensing.  When two systems are running simultaneously, the license expense is double.  Depending on demand, and with planning, some efficiencies may keep this cost under the maximum.  While this may be an opportunity to eliminate some marginally needed or legacy expenses.
In the long run, you will reap the rewards.  Savings include the server maintenance, break-fix, and upgrades, backups, both local and off-site, environmental conditioning maintenance, power savings.  People time involved with the maintenance, break-fix, upgrades, and the bill paying for these services.  Importantly, scalability in the AWS cloud does not require as much advanced planning, over capacity implementation and over provisioning for future expansion.  Capacity can be reduced on the fly as well.
The total return on investment will include a cost increase during planning and migration and long-term savings due to increased efficiencies and cost reductions.   The total cost of ownership grows over time, but will not include associated direct and indirect costs.  Intangible return is in technology upgrades.  The obsoleting of capital investments will greatly decrease.  Technology will evolve and be implemented invisibly for immediate use in the cloud platform.   
Contributors
William
								

				

					

		

					

		

				

		
Read More
									

									
			

				
				

					
    
						
    • 					

				

			

			
							

									

				

			

		

	

                

            

                    


    


            



	

	

						

						

					

			

						

						

					

			

						

				

							

			

		

						

				

				

				

																														

				

				

				

									
CloudTern offers highly scalable software solutions that enable organizations to securely drive innovation into business processes
								

				

				

				

									aws select tier								

				

					

		

				

			

						

				

							

			

		

						

				

				

				

									
Contacts
								

				

				

				

									


  +1 (945) 216-6923


  info@cloudtern.com


8105 Rasor Blvd Ste 236

Plano, TX – 75024


								

				

				

				

							

			

		

						

				

				

				

							

							
					
						Linkedin-in
											
				
							
					
						Twitter
											
				
							
					
						Instagram
											
				
					

						

				

					

		

				

			

						

				

							

			

		

						

				

				

				

									
Services
								

				

				

				

							

			

				

			

		

		

			
		

						

				

					

		

				

			

						

				

							

			

		

						

				

				

				

									
Quick Links
								

				

				

				

							

			

				

			

		

		

			
		

						

				

					

		

					

		

				

				

									
© 2025 — CloudTern. All Rights Reserved.