Automating Secure Connectivity to AWS

A global leader in software solutions that span cloud, compute, network and digital workspace, the company also happens to be a long-time InterVision partner. They have datacenters throughout the US and strong hybrid capabilities.

Focused on streamlining operations and services, the software company needed a solution to speed up the creation of VPN connections to support their agile approach. They didn’t have the right framework to connect to AWS environments securely and needed a guarantee of compliance with security policies in place internally. Their current scenario risked ad hoc setups and shadow IT. In their current environment, a VPN connection between Palo Alto Networks and AWS VPN Gateway within a VPC took as much as four days to complete, due to internal governance processes and documentational work to ensure accuracy. Their goal was to reduce the time of setup from days to seconds.

InterVision had led a previous Palo Alto Networks (PAN) and F5 deployment with the company, which included scripting. As a result of this earlier engagement, the company knew of our expertise to execute with quality on a tight timeline and trusted us as challengers to the status quo. They viewed InterVision as a strategic partner when it came to security automation, so we were a good candidate for the project.

InterVision quickly assessed their need and designed an automation solution to match their goals. We committed to a “minimum viable product” within a 30-day delivery window to demonstrate the automated solution for VPN/direct connections to both public and private clouds. The client needed to ensure secure connectivity from their on-premises infrastructure to AWS, which emphasized a fair deal of complexity in streamlining hybrid aspects into a simplified solution.

Delivery of the minimal viable product demonstrated InterVision’s capabilities and made way for production deployment and extension to the client’s central management solution. In addition, InterVision’s team developed a user interface (UI), so that end users could self-provision and decommission VPN environments rapidly. The UI provided SSL security for the business, as well as access to active directory and code repositories for testing. Moreover, the client was able to ensure role-based access and email notifications after actions had been performed, which eliminated internal bottleneck.

InterVision completed the project in record time without impacting production engineering. The client was impressed with InterVision’s ability to deliver a hybrid cloud model that was both secured, automated and provided self-service to the operations team’s customers. As a result, the operations teams were no longer burdened with sizable help desk tickets for VPN connectivity, the compliance team was satisfied that the workflows adhered to their approved processes, and end users were excited that they could quickly and accurately execute a new VPN or update a VPN policy on their own, without needing to open a help desk ticket.

Future plans for the client’s automation solution include integration into DDI, CMDB and other compliance and security tools. The result will be an end-to-end automated solution where users can request a VPN through ServiceNow, automatically create the connection, and log all changes in Splunk.

 

To read about InterVision’s Remote Workforce Response, click here.